Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:Stuff Happens (Score 1) 332

Indeed... it's amazing how many people confuse bad grammar for bad typos and vice-versa....

Here I was hoping someone would come up with some sort of explanation, instead of finding a typo and going after my "operatives" term when I clearly stated "not saying this is what happened, but it's just as much a possibility as the official story."

Comment: Re:Seems to not understand how it works (Score 1) 129

The entire point behind gatekeeper is that it prevents (most) of the most common attack vectors: web downloads and email-borne malware. Using the XProtect engine, it does a really good job of this. So much so that most of the malware authors that were targeting these attack vectors have since moved on to the greener pasture that is Android. However, until the common torrent clients start setting the download flag on files, cracked commercial software and "videos" downloaded via torrents will still be a really easy way to take over a victim's Mac.

Of course, if someone's downloading cracked software, they're going to expect the checksum to fail anyway, and use the right-click-"open" method to evade GateKeeper even if the torrent clients start setting the metadata appropriately.

Comment: Re:Seems to not understand how it works (Score 4, Informative) 129

The clueless meter went off the charts for me at "by the addition of new security features such as Gatekeeper and XProtect to OS X recently" -- XProtect has been around since mid-10.6, and Gatekeeper is just a wrapper around XProtect.

The actual Synack presentation is better (I saw the precursor at CSW): "Gatekeeper doesn't verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," is the real security flaw here. CSW had a good presentation on how to do this leveraging dylibs. With a simple exploit dropping a crafted dylib, you can run any code you can force the user to download via drive-by as root. And it's persistent, without adding a bunch of extra junk to the target system.

That said, this method still relies on working exploits (or more often, patched torrents of popular software). The skill level to pull off the entire attack chain is fairly high too -- you're going to see governments and organized crime using these techniques, not your average bot herder.

Comment: Re:Apple may outlive Acer - But will they make PCs (Score 1) 415

by Em Adespoton (#49541519) Attached to: We'll Be the Last PC Company Standing, Acer CEO Says

...which is itself myopic. OpenStep can run on top of Windows OR Linux OR BSD, and would be a perfectly fine environment in which do to iOS dev work.

However, I don't see the Mac market vanishing any time soon; it might shrink a bit, get a bit more expensive/specialized, but there are still a number of markets that lean heavily on Macs and would be loathe to give them up for whitebox + POSIX OS.

Comment: Re:Stuff Happens (Score 2) 332

by Em Adespoton (#49540243) Attached to: Drone Killed Hostages From U.S. and Italy, Drawing Obama Apology

I am not an Obama fan but I cannot place blame on anyone here except Al Qaeda. Intelligence isn't perfect, it appears due diligence was done, but unfortunately hostages were killed. Perhaps the blame should go to the group that took perfectly innocent people hostage and held them near military commanders who they knew were being targeted.

What's with the blame-adverse atmosphere that seems to be going around these days? In this case, I place the blame all over the place, to be shared unequally by many involved.

First off, an operative was compromised and taken captive. Someone fell down on their job for this to happen. Secondly, Obama issued the executive order that caused him (and many others) to be killed. Somewhere in between those two events, other operatives and military intelligence lost track of where their missing operative was being held. Also, they misidentified what was actually taking place at that AQ hideout. Finally, we've got the Pakistani government involved in all this, giving a foreign power carte blanche to send a drone in to kill other foreigners on its soil.

After all that, we get back to blaming the AQ strategists who messed up using foreigners as a human wall to protect their commanders -- because someone forgot to let the enemy know that this was happening. Unless, of course, they didn't, and both people killed were actually government operatives that were considered expendable for the cause -- but their cover can't be blown without implicating others (hence the delay) -- even though it looks like AQ already blew their cover long ago. Not saying this is what happened, but it's just as much a possibility as the official story. Ant everyone on all sides of the conflict made lots of mistakes here, many of which could be learned from and avoided in the future. Kudos to Obama for at least admitting this and aiming to do something towards these ends.

Comment: Re:Acid is not a power source. (Score 2) 118

by Em Adespoton (#49532957) Attached to: Swallowing Your Password

on the other hand, your stomach could be a good power source -- kinetic energy, electrolyte source, AND it keeps a steady temperature. I think your colon would be even better though :)

YES! The colon produces methane which is a fuel and could be used in some kind of fuel cell, perhaps. It's a win-win: you'd fart less and not have to remember passwords!

...and any time you needed a password for something, you could go with your gut!

Comment: Re:They should be doing the opposite (Score 1) 298

Creation is usually influenced or built off earlier creations. Very little music is created in a vacuum, and the line between 'inspiration' and 'derived work' can be fuzzy and subjective.

Well... I took THAT out of context. I forgot what window I had open and thought this was a discussion on Creationism vs Evolution.

I think I may re-post your comment to one of those threads sometime :D

Comment: Re:They should be doing the opposite (Score 2) 298

Canada is one of the outliers because the US pushed the 70 year term as a condition on a number of treaties. But you're right about the "not totally senseless" side -- I thought this change was old news: it's a requirement of the latest round of trade treaties with the US. Doing it got Canada some other trade "concessions" with the US.

Comment: Re:Silly (Score 1) 118

by Em Adespoton (#49532825) Attached to: Swallowing Your Password

meaning it has to be activated by your particular stomach in order for the challenge to be accepted in the first place

As with DRM, if the thing that decides if you are valid can be in your hands (so to speak), you may as well assume it will be compromised.

There's no way I can think of to pass on a piece of information describing yourself to another party without that party having to know that information already to validate it, and if they do, it can be stolen and replayed.


Comment: Re:Biometric honesty (Score 3, Insightful) 118

by Em Adespoton (#49532477) Attached to: Swallowing Your Password

Biometrics are only good so long as the device that reads your pattern is "honest." If you have to inject a device to read your biometric patterns, you could just as easily inject a device that pretends to read your biometrics, but actually copies someone else's.

Or vice versa: you could ingest a device that pretends to use your biometrics for security validation, but actually copies your biometrics and broadcasts for someone else to spoof or collect for various purposes not approved by you.

"biometrics" are only metric at the point they're being read -- the resulting hashes etc. are by no means biometric, and are instead a static constant to be used/abused by whomever.

Real Programmers don't write in FORTRAN. FORTRAN is for pipe stress freaks and crystallography weenies. FORTRAN is for wimp engineers who wear white socks.