Forgot your password?
typodupeerror

Comment: To be used as a justification... (Score 1) 258

by QuietLagoon (#48027369) Attached to: Microsoft's Asimov System To Monitor Users' Machines In Real Time
Asimov is going to be used by Microsoft to justify what Microsoft wants to do, no more, no less.

.
Microsoft will be the sole collector and interpreter of the data.

Microsoft will release information about the data collected only when such information justifies what Microsoft had wanted to do anyway.

Comment: To summarize: (Score 3, Informative) 301

by QuietLagoon (#48010103) Attached to: Consumer Reports: New iPhones Not As Bendy As Believed
The iPhone 6 Plus, the iPhone 6, and the HTC one (M8) have abnormally low resistance for bending forces (less than 90 pounds).

.
While the iPhone 5, the LG G3, and the Samsung Galaxy Note 3 are much better in this regard (all >= 130 pounds), with the Samsung Galaxy Note 3 at the top of the tests with 150 pounds.

Comment: Re:C# using xamarin (Score 2) 310

If you plan to develop for more than one platform, keep in mind that the greatest amount of effort will be expended as you port the single-platform app to the second platform.

.
So, as the parent suggests, start from the beginning targeting multi-platform in your design stages. A small amount of extra effort in the beginning will save you a large amount of work down the road. And your apps will be less buggy.

+ - Protecting America's Processors

Submitted by aarondubrow
aarondubrow (1866212) writes "The National Science Foundation and the Semiconductor Research Corporation announced nine research awards to 10 universities totaling nearly $4 million under a joint program focused on Secure, Trustworthy, Assured and Resilient Semiconductors and Systems. The awards support the development of new strategies, methods and tools at the circuit, architecture and system levels, to decrease the likelihood of unintended behavior or access; increase resistance and resilience to tampering; and improve the ability to provide authentication throughout the supply chain and in the field.

"The processes and tools used to design and manufacture semiconductors ensure that the resulting product does what it is supposed to do. However, a key question that must also be addressed is whether the product does anything else, such as behaving in ways that are unintended or malicious," said Keith Marzullo, division director of NSF's Computer and Network Systems Division."

Comment: Following the law... (Score 1) 353

by QuietLagoon (#47999781) Attached to: FBI Chief: Apple, Google Phone Encryption Perilous

... "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. ...

Unfortunately his statement is not reflective of the government's behavior over the past few years.

.
If the government had obtained warrants when they wanted to browse through peoples' emails and conversations (on the phone, on the network, or in the datacenter), then I doubt if google and apple would have seen the need to take this step.

Comment: Re:"could be worse than Heartbleed" (Score 5, Informative) 317

by QuietLagoon (#47996055) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

This blog post mentions php, c++, python, et alia, as another attack vector.

This means that web apps written in languages such as PHP, Python, C++, or Java, are likely to be vulnerable if they ever use libcalls such as popen() or system(), all of which are backed by calls to /bin/sh -c '...'. There is also some added web-level exposure through #!/bin/sh CGI scripts, calls in SSI, and possibly more exotic vectors such as mod_ext_filter.

Comment: Not just bash... (Score 1) 2

by QuietLagoon (#47994941) Attached to: Significant BASH vulnerability found
There appear to other aspects of this vulnerability.

.
For example, if /bin/sh is symlinked to /bin/bash...

Another good overview is here.

Reports on the latest Bash bug have gone from bad to worse, as damage from the bug spreads and many early patches are proving ineffective. Unlike Heartbleed, Bash attacks allow for remote code execution, allowing an attacker to exploit the vulnerability for malware distribution. Most attacks from the bug will target web servers and network devices, with experts saying that PHP-based web applications will be particularly vulnerable. Connected devices like smart appliances are also expected to be vulnerable in the long-term, since the devices are often slow to be patched, but early reports indicate an alarming number of systems may be at risk. As Kaspersky Lab's David Jacoby put it, "the real scale of the problem is not yet clear."...

+ - Significant BASH vulnerability found-> 2

Submitted by SpuriousLogic
SpuriousLogic (1183411) writes "US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT recommends users and administrators review the Redhat Security Blog (link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Operating systems with updates include:
CentOS
Debian
Redhat (link is external)
Ubuntu"

Link to Original Source

A holding company is a thing where you hand an accomplice the goods while the policeman searches you.

Working...