Forgot your password?
typodupeerror

Comment: Re:It Depends (Score 1) 155

Until someone install something else on the network segment. Like a wireless access point. Or until malware takes over one of the trusted hosts.

Security vulnerabilities always involve violations of some assumptions you make, e.g. that anything coming from a certain set of hosts is benign, or that if a process on a server opens up an IP port it's *supposed* to do that. You want the security of a system to depend on as few assumptions as possible. If it does no harm in day to day operations and offers protection when your assumptions fail, why *not* run a software firewall?

Comment: Re:I must be the outlier (Score 4, Insightful) 168

by fuzzyfuzzyfungus (#47564923) Attached to: Comcast Confessions
Not really an outlier, its a difference between cancellation on the phone and cancellation in person. The phone drones (or "the lost and the damned") are extraordinarily closely scrutinized and their paychecks and/or not getting shitcanned are directly dependent on 'retention'. The in-store people, apparently, are paid to be in store but not directly induced to hassle you.

I'm not quite sure why Comcast hasn't emiserated the in-store situation yet; but apparently they haven't, and it's not as though the front-line peons are fucking with you for their pleasure, so if they aren't forced to they generally won't.

Comment: Re:Little Appliance Parts (Score 1) 58

by fuzzyfuzzyfungus (#47564441) Attached to: 3-D Printing Comes To Amazon
I suspect that, at very least, 3d printing servics will be harassed (like youtube vs. the music labels) about this possibility, and some users will definitely try it.

The one thing that(as much as it surprises me) makes me a trifle skeptical of the lethality is that doing resin(or wood's metal or similar alloys if you want some extra weight and don't mind a little cadmium) castings from figurines isn't rocket surgery, especially for people with enough interest and fine motor skills to paint the things, and I've not heard anything about major disruption from that.

3d printing will lower the bar, since you don't actually need the master to create a mold from; but even if you exclude clandestine trade in cloned figurines, people could easily buy enough parts to copy an acceptably varied army for much less than they could buy the entire army.

+ - Airbnb Partners With Cities For Disaster Preparedness->

Submitted by Anonymous Coward
An anonymous reader writes "Every time a city- or state-wide disaster strikes, services to help the victims slowly crop up over the following days and weeks. Sometimes they work well, sometimes they don't. Today, city officials in San Francisco and Portland announced a partnership with peer-to-peer lodging service Airbnb to work out some disaster-preparedness plans ahead of time. Airbnb will locate hosts in these cities who will commit to providing a place to stay for people who are displaced in a disaster, and then set up alerts and notifications to help people find these hosts during a crisis. The idea is that if, say, an earthquake or wildfires for thousands of people to evacuate their homes, they can easily be absorbed into an organized group of willing hosts, rather than being shunted to one area and forced to live in a school gymnasium or similar."
Link to Original Source

Comment: Re:You're probably not one of them - CA FTB. (Score 1) 441

by billstewart (#47562313) Attached to: 35% of American Adults Have Debt 'In Collections'

Unless they identify themselves as the State of California Franchise Tax Board, they're not.

At least for Federal taxes, you and they can only go back 3 years, unless they're alleging significant underreporting of income (which $200 isn't), in which case they can go back 6 years, or fraud, in which case you're on the hook forever. I don't know the FTB's time limits, but I'd be surprised if they're more than that (or at most one year more.)

Also, their name is pronounced "fran-chi-zi", because they're a branch of La Cosa Nostra, and yo, they don't mess around. If they wanted to take $200 from you, they'd have taken it by now. But if this really is the Franchises, you do have a way to get help in working with them, which is to contact the office of your state assembly representative. And if it's really not them, they'll probably also appreciate having you reporting the fraud (though unfortunately, you doing them a favor doesn't mean they'll do you a favor later.)

Comment: Somewhat the opposite (Score 2) 441

by billstewart (#47562193) Attached to: 35% of American Adults Have Debt 'In Collections'

Yes, it's going to cut down on the number of people who are in collection for medium-large debts because they got medical services they couldn't afford at the time and haven't been able to pay off (either yet, or ever.)

But it's going to significantly increase the number of people who are in collection for small debts because doctors or insurers paid the wrong amount. I've got one doctor's office that usually doesn't charge me a copay, but after the insurance gets around to paying them, there's an amount of money left over that's within a dollar or so of the amount the copay would have been, so their medical group gets around to sending me a bill, and it's extremely difficult to keep track of which of those bills are actually correct and final or which ones are rolling totals of insurance confusion in progress. Usually those get straightened out after a while, but sometimes they've called me and there's $20 that's going to go to collection if I don't pay right away. There's an X-ray lab that has a negotiated rate with my insurance company that's a lot lower than their rack rate; I went to them one January, and insurance didn't pay them anything because I hadn't reached my deductible for the year yet, and the lab billed me the rack rate, not the negotiated rate (I paid them the correct amount, and explained why, and the rest eventually ended up in collection because they couldn't figure out how to deal with it.)

Comment: Re:What makes this a gigafactory? (Score 1) 87

by rtb61 (#47562157) Attached to: Tesla and Panasonic Have Reached an Agreement On the Gigafactory

Still a hugely high risk proposition in the continually updating battery field. A major battery break through of substantially different technology will cripple that investment. Global research on battery technology has never been higher, a bit of Government focus via forced patent sharing and fiscal contribution could push it along even faster.

Comment: Erlang's used for Cloud Stuff, so Trendy (Score 1) 285

by billstewart (#47562013) Attached to: Programming Languages You'll Need Next Year (and Beyond)

Erlang's becoming at least slightly trendy because it's used in several sets of Cloud Stuff, and Cloud Stuff is heavily enough management-buzzwordy that HR departments have figured out they need to hire some Erlang programmers.

It's especially useful for some of the orchestration tools out there, and it's useful if your management likes Cloud Stuff Buzzwords that don't start with "v" or "V".

Android

Old Apache Code At Root of Android FakeID Mess 121

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

+ - Old Apache Code at Root of Android FakeID Mess->

Submitted by chicksdaddy
chicksdaddy (814965) writes "The Security Ledger reports that a four year-old vulnerability in an open source component that is a critical part of Android mobile OS leaves hundreds of millions of mobile devices susceptible silent malware infections. (https://securityledger.com/2014/07/old-apache-code-at-root-of-android-fakeid-mess/)

The vulnerability was disclosed on Tuesday (http://bluebox.com/news/). It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes “an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim.”

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual ‘sandbox’ environments that keep malicious programs from accessing sensitive data and other applications running on the Android device.

In a scenario that is becoming all too common: the flaw appears to have been introduced to Android through an open source component — this time from Apache Harmony (http://harmony.apache.org/), an open source alternative to Oracle’s Java. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged."

Link to Original Source

+ - Chinese government probes Microsoft over anti-monopoly issues

Submitted by DroidJason1
DroidJason1 (3589319) writes "The Chinese government is investigating Microsoft for possible breaches of anti-monopoly laws, following a series of surprise visits to Redmond's offices in cities across China on Monday. These surprise visits were part of China's ongoing investigation, and were based on security complaints about Microsoft’s Windows operating system and Office productivity suite. Results from an earlier inspection apparently were not enough to clear Microsoft of suspicion of anti-competitive behavior. Microsoft's alleged anti-monopoly behavior is a criminal matter, so if found guilty, the software giant could face steep fines as well as other sanctions."

Surprise your boss. Get to work on time.

Working...