Forgot your password?

Comment: Re:just follow the rules people (Score 1) 228

by Smerta (#47487463) Attached to: Chicago Red Light Cameras Issue Thousands of Bogus Tickets

A few [states] don't even require you to stop when making a right turn, if the way is clear.

What states are those? I travel around the U.S. *a lot*, and I've never seen this... I'm guessing it's going to be something like Wyoming, North Dakota, etc. (I'm asking sincerely - I think at one time some of those states had no real "upper speed limit" - the law was written to the effect "can't travel faster than the conditions allow" or something like that..)

Comment: Re:Non-compete agreements are BS. (Score 1) 272

by Smerta (#47373677) Attached to: Amazon Sues After Ex-Worker Takes Google Job
OK something here doesn't make sense. The company "shut its doors". Maybe we define things differently, but to me that means filing for dissolution; not Chapter 13, not in hibernate mode - "shut the doors". I've personally been screwed over by a company that owed me a significant sum when they dissolved the company... at that point, you can go pound sand, the corporation is the equivalent of a dead body -- scream at it all you want, nothing's going to happen.

Comment: Re:Just hire the photographer. (Score 1) 64

We don't even use that. We order CDs full of pictures. I dunno where they come from, I don't care. We own the photos outright and they are good for generalized photos (i.e. some support person with a headset smiling, ready to take your order)

Ummmmm.... you might wanna be careful there. Especially the "dunno where they come from, I don't care." You should.

If some scammer from FooVille fills up a CD with images pulled from the internet, images he/she has no right to re-distribute (copyright assignment), you are exposed as well. Even if you can point to the CD, point to the scammer and say, "Here's the order, this person told me he owned all the rights, blah blah blah", I can assure you that the tenet "ignorance is no excuse" still holds. This would be considered mitigating factors, but you would still be on the hook. Particularly if the original source is Getty Images or the like, they'll go after you on principle alone.

Don't get me wrong, you're trying to do the right thing, and the whole flipping copyright law is buggered. I'm just telling you, you are still seriously exposed. Tread carefully!

Comment: Functionally correct, but insecure (Score 5, Insightful) 199

by Smerta (#47284617) Attached to: Overeager Compilers Can Open Security Holes In Your Code

The classic example of a compiler interfering with intention, opening security holes, is failure to wipe memory.

On a typical embedded system - if there is such a thing (no virtual memory, no paging, no L3 cache, no "secure memory" or vault or whatnot) - you might declare some local (stack-based) storage for plaintext, keys, etc. Then you do your business in the routine, and you return.

The problem is that even though the stack frame has been "destroyed" upon return, the contents of the stack frame are still in memory, they're just not easily accessible. But any college freshman studying computer architecture knows how to get to this memory.

So the routine is modified to wipe the local variables (e.g. array of uint8_t holding a key or whatever...) The problem is that the compiler is smart, and sees that no one reads back from the array after the wiping, so it decides that the observable behavior won't be affected if the wiping operation is elided.

My making these local variables volatile, the compiler will not optimize away the wiping operations.

The point is simply that there are plenty of ways code can be completely "correct" from a functional perspective, but nonetheless terribly insecure. And often the same source code, compiled with different optimization options, has different vulnerabilities.

+ - Even in digital photography age, high schoolers still flock to the darkroom->

Submitted by v3rgEz
v3rgEz (125380) writes "In the age of camera-equipped smart phones and inexpensive digital cameras, many high schoolers have never seen a roll of film or used an analog camera — much less developed film and paper prints in a darkroom. Among those that have, however,
old school development has developed a serious cult following, with a number of high schools still finding a dedicated audience for the dark(room) arts."

Link to Original Source

+ - Why Amazon Might Want a Big Piece of the Smartphone Market->

Submitted by Nerval's Lobster
Nerval's Lobster (2598977) writes "If rumors prove correct, Amazon will unveil a smartphone at a high-profile June 18 event in Seattle. According to a new article in The New York Times, Amazon’s willing to take such enormous risks because a smartphone will help it sell more products via its gargantuan online store. In theory, a mobile device would allow customers in the midst of their daily routines to order products with a few finger-taps, allowing Amazon to push back against Google and other tech companies exploring similar instant-gratification territory. But a smartphone also plays into Amazon’s plans for the digital world. Over the past several years, the company has become a popular vendor of cloud services and used that base to expand into everything from tablets to a growing mobile-app ecosystem. A smartphone could prove a crucial portal for all those services. If an Amazon smartphone proves a hit, however, it could become a game-changer for mobile developers, opening up a whole new market for apps and services. Amazon CEO Jeff Bezos has succeeded in the digital space largely by opening up various platforms—whether Kindle self-publishing or the Amazon app store—to third-party wares. It’ll be interesting to see whether he does something similar with the smartphone."
Link to Original Source

+ - Dyreza Banker Trojan Can Bypass SSL, Two-Factor Authentication 1

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the ability to bypass SSL protection for banking sessions by redirecting traffic through the attackers’ own domains.

The Trojan, which is being called either Dyre or Dyreza by researchers, uses a technique known as browser hooking to intercept traffic flowing between the victim’s machine and the target Web site. The malware arrives in users’ inboxes through spam messages, many of which will look like messages from a financial institution. The list of targeted banks includes Bank of America, Natwest, Citibank, RBS and Ulsterbank. Researchers say that much of the activity from the Trojan so far is in the U.K.

“The traffic, when you browse the Internet, is being controlled by the attackers. They use a MiTM (Man in The Middle) approach and thus are able to read anything, even SSL traffic in clear text. This way they will also try to circumvent 2FA,” an analysis by Peter Kruse at CSIS says."

+ - Banker Trojan Bypasses SSL Mechanism->

Submitted by criticalmass24
criticalmass24 (759213) writes "Security researchers appear to have bumped into a new remote access Trojan that manages to view encrypted traffic in plain text by routing the connection through the attacker’s domains.

Naming it Dyre or Dyreza, security researchers point out that the Trojan relies on browser hooking to intercept traffic and direct it to a command and control center owned by the attackers.

By using this technique, the victim is unaware that information is siphoned out to the cybercriminals and the session continues to appear as run through HTTPS."

Link to Original Source

+ - Cable TV boxes are the 2nd biggest energy users in many homes->

Submitted by SpzToid
SpzToid (869795) writes "224 million U.S. cable TV set-top boxes combined consume as much electricity as produced by four giant nuclear reactors, running around the clock. They have become the biggest single energy user in many homes, apart from air conditioning.

Cheryl Williamsen, a Los Alamitos architect, has three of the boxes leased from her cable provider in her home, but she had no idea how much power they consumed until recently, when she saw a rating on the back for as much as 500 watts — about the same as a washing machine.

A typical set-top cable box with a digital recorder can consume as much as 35 watts of power, costing about $8 a month for a typical Southern California consumer. And the devices use nearly as much power turned off as they do when they are turned on."

Link to Original Source

"Help Mr. Wizard!" -- Tennessee Tuxedo