Forgot your password?

Comment: passive scan isn't perfect (Score 1) 107

by dutchwhizzman (#47563747) Attached to: Old Apache Code At Root of Android FakeID Mess

This doesn't fix the underlying vulnerability; it merely scans for known ways to exploit it. I'm sure some clever people will find a way to thwart these scans and exploit the vulnerability, unless it gets fixed.

The only way this sort of thing can be taken care of is if Google or some governments in countries with a large market share will mandate vendors of phones or their manufacturers to provide security updates for devices for at least the duration of the contract, but preferably for the expected life of the device. Devices tend to keep working for three or four years, so that way Android users would get a similar security experience as iOS users.

Comment: Two computers is too expensive and cumbersome (Score 1) 113

Most managers wouldn't want people to have two computers on their desk, since hey, they can save 50% on desk top systems by merging them. As long as system admins do their work, nothing could go wrong, right? I'm a penetration tester by trade and no matter where I go, even thin clients and virtual machine setups aren't properly separated.

People trust way too much in technical capabilities of devices and underestimate the ingenuity and perseverance of intruders to circumvent or penetrate those devices. Sneakernet to transfer data from and to the internal network(s) and not using VLANs for separating them isn't too bad if implemented properly. Computers are way cheaper than people. They are way cheaper than technical solutions to keep networks separated including their maintenance. They are way cheaper than having an incident where your internal IT is compromised. It just looks more expensive on the desktop, which is the only place non-security people tend to look.

Comment: ICANN is not the police, prosecutor, judge or jury (Score 3, Insightful) 113

by dutchwhizzman (#47498369) Attached to: Domain Registry of America Suspended By ICANN
You'd have to wait for the government to declare Brandon Gray an illegal organization or punish them some other way if you want to rely on the criminal part of the law to deal with this. That is why you want obvious criminal actions to be named in your contract as a reason to suspend/stop delivering services or payments.

Comment: But they can (Score 1) 749

by dutchwhizzman (#47453925) Attached to: Obama Administration Says the World's Servers Are Ours

They have done so in the past and succeeded.

If a company does business in the USA, they can force them to comply or they will lose their business in the USA. If a company has even a single USA employee, they will force the employee or the employee will lose citizenship and/or risk detainment when entering USA territory. They will even arrest and detain foreign employees of companies not complying if they set foot on USA territory for this.

There are actual companies in the EU that will take great care to not have any USA customers or employees or be dependent on USA vendors for their IT infrastructure just because of this. Plenty of EU organizations and companies have chosen or are legally mandated not to use USA vendors for products and services and to not employ USA citizens because of this. If anything the USA is biting themselves in the ankles with this sort of legislation.

Comment: power usage (Score 2) 145

If you can buy a new computer that will consume less power to do the same, chances are that within a few years you'd be cheaper off using the new hardware, even if that means that the old machine is written off completely. Scrap value, land fill or whatever happens to it doesn't matter then. I have plenty of old machines that have sentimental or "collector" value standing about my home. I don't power them on and actually buy new hardware (NAS boxes and raspberry pi) or run VMs to do things that the old hardware is more than capable of doing. My power bill has gone down since I started doing that, easily paying back the new hardware in a short amount of time.

Comment: They failed (Score 2) 132

by dutchwhizzman (#47429453) Attached to: How Google Map Hackers Can Destroy a Business
Try searching for *anything* on Google search. Over half of the results are commercial, even if you're not looking for a commercial thing. Either they failed, or they are in it for the advertisements after all. If google had balls, they'd blacklist any company that pops up with a commercial result (that they didn't get paid for) for non commercial searches. I suppose it would backlash so hard they don't want to put in the effort, or they actually failed at it.

Comment: That doesn't work (Score 1) 231

by dutchwhizzman (#47413045) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

"resetting" your phone to manufacturer settings doesn't wipe any data. Even manually "deleting" it and then "resetting" the phone doesn't do that. It merely marks the flash memory in the phone to be "reusable".

The only way to make sure the data is gone is to fill the phone up with garbage data after you've done a factory reset so there is something else written to the flash memory. After you've filled it up to the last bit, do another factory reset and you will be as close as you can get without destroying the physical device to wiping your data properly.

Comment: Nothing New, not relevant (Score 2) 122

There are plenty of development boards that come as a base board with several CPU/RAM options on a daughter card. Just the fact that it fits in a raspberry pi case may make it a bit more interesting for some people. However, if you're truly into developing, you're either going to stick with the pi or get the board with the hardware specs you need and not worry about the form factor. If you're into the Pi as a consumer, it's most likely because of it's media playing capabilities. Unless this board will support XBMC with proper hardware acceleration, it's not going to be relevant for those folks either.

Comment: The companies are merely hindring themselves (Score 1) 370

by dutchwhizzman (#47292261) Attached to: Age Discrimination In the Tech Industry
By severely limiting the type of candidate they are willing to consider, the companies are limiting themselves to a very strict model that will not allow for "star performers" to do well in that company. They will be limited to quickly going through new hires and only keeping the mediocre ones. The bad ones get fired and the good ones move on to greener pastures. This will make the whole group perform below average and recruiting costs will remain high. I don't see a need to regulate this, since the job market tends to regulate itself quite well because of this. By the way, this isn't limited to age, but also applies to gender, education, nationality and ethnicity.

The way to make a small fortune in the commodities market is to start with a large fortune.