Forgot your password?
typodupeerror

Comment: Re:not limiting attempts (Score 3, Insightful) 93

by nate_in_ME (#46612505) Attached to: Security Evaluation of the Tesla Model S
If the login delay is implemented based on the user ID and not the IP address, it wouldn't matter how many threads/machines you had attacking.

On a completely random note, I think the amount of time to do this attack, even with the current setup, would make it nonrealistic. Someone above listed the steps to break into a Tesla using this vulnerability (how accurate they were, I don't really know - or care for that matter). There's one big factor that is being overlooked, however. With relatively few Tesla cars on the road right now (I don't know the exact numbers at the moment, but compared to all other cars on the road, I think we can agree that "relatively few" is a safe estimate), this particular attack isn't one that could be done with the "normal" way that I imagine stealing a car goes:

"Hey that's a nice car...lets steal it!"

For this attack to work, it would have to be done one of two ways:

1. Break into "random" Tesla accounts until you found one in your area
2. Exploit this attack to steal the car

OR

1. Find a Tesla parked somewhere.
2. Somehow figure out that car's account
3. Break into that account
4. Use exploit to steal car

Basically, the time it takes to break into one Tesla account is irrelevant. The goal is to break into the RIGHT Tesla account, which I imagine, unless you already knew a lot about the owner of a particular car, would take a lot longer than this 69 year number being thrown around for breaking into a single Tesla account by brute force.

Comment: No Comparison (Score 3, Insightful) 101

by nate_in_ME (#44865083) Attached to: The Linux Foundation Releases Annual Linux Development Report
I have as much of a mixed environment as anyone (2 Android Tablets, 1 android phone, 1 win8 desktop, 1 win8 laptop, 1 win7 tablet, 1 linux desktop), so I really have no preference one way or the other. However, the "funny" moderation of your post aside, as a developer, I think it's a bit unfair to categorize MS developers this way. After all, they were only writing what management told them to.

Comment: Standard Procedure? (Score 3, Interesting) 191

by nate_in_ME (#44316933) Attached to: Blackberry 10 Sends Full Email Account Credentials To RIM
I haven't done all my reading on the new BB10 setup, but I know previous devices not only used RIM's servers to fetch email before passing it on to the device, but actually tunneled all internet traffic through their system. Now, from the article (or at least Google's translation of it), it sounds like BB10 says that setup is no longer used for the push email. However, are they still tunneling through RIM? The article also seems to make a jump in assuming that RIM is storing this data (who else may be listening in along the way is another discussion entirely). The only reference that I saw in the article was to the connection occurring immediately after setting up the account. This could just as easily point to a "test, then throw away" procedure as part of e-mail setup on BB10. Unless there is additional information showing a series of connections over a period of time after setting up the account, there doesn't appear to be any indication that RIM is actually keeping this data.

+ - Gmail down... again?-> 1

Submitted by Landy DeField
Landy DeField (2899899) writes "Tried accessing your Gmail today? You may be faced with "Temporary Error (500)" error message. Tried to get more detailed information by clicking on the "Show Detailed Technical Info" link which loads a single line... "Numeric Code: 5". Clicked on the App status dashboard link. All were green except for the Admin Control Panel / API. Took a glance 2 minutes ago and now, Google mail and Google Drive are orange and Admin Control Panel / API is red. Look forward to the actual ..."Detailed Technical Info" on what is going on."
Link to Original Source

Comment: Another Viewpoint... (Score 2) 256

by nate_in_ME (#43077651) Attached to: White House Urges Reversal of Ban On Cell-Phone Unlocking
OK, the early termination fee is meant to recoup the cost of the subsidy on the phone if you back out of the contract early. I don't necessarily like the practice, but I understand the reasoning behind it. However, the current wording of most(all?) cell phone contracts is that if you pay the ETF, you are released from the contract. By extension, would that then fall under the no longer bound by a service agreement or other obligation stipulation you quoted?

Comment: Re:That's Everyone (Score 1) 376

I think the catch is that it would be easy for Time Warner to automate checking for who has a particular IP address right now. However, depending on how frequently they change IP addresses(do they change every time the modem requests a DHCP renewal, or on some other interval?), the problem lies in figuring out who had that IP at a particular point in the past. The historical information as far as who had what IP might not even be logged. Also, with TW in particular(and probably other companies as well), because a large part of their growth has been acquisitions of other companies, not all the systems are fully tied together. Because of this, a request may take some time to get routed from whatever office it was sent to the actual office that has the information needed.

Comment: My (least) favorite old school DRM... (Score 2, Interesting) 563

by nate_in_ME (#32374008) Attached to: Blizzard Boss Says Restrictive DRM Is a Waste of Time
I had to once work on a computer for someone who had an app that installed off of a dozen or so floppies, and on the last one, it moved a file off the floppy to the hard drive, rather than copying it. If you told the program to uninstall itself, you were actually prompted to insert that last floppy, so the license file could be moved back. Unfortunately, the person who had the computer did not know enough to back up the computer, or even the floppy set, so when their computer crashed, we were unable to reinstall that program without jumping through a bunch of hoops with the company who sold it...

Comment: Re:They need to stop arresting the FINDERS (Score 2, Informative) 466

by nate_in_ME (#32183200) Attached to: Apple Loses Another 4th-Gen iPhone
In some cases, yes, it would... (Courtesy of http://www.mainelegislature.org/legis/bills/bills_123rd/chappdfs/PUBLIC150.pdf)

State that if the owner of the vehicle or lienholder has not properly retrieved it and paid all reasonable charges for its towing, storage and repair within 7 days from the publication, ownership of the vehicle passes to the owner of the premises where the vehicle is located

Contemptuous lights flashed flashed across the computer's console. -- Hitchhiker's Guide to the Galaxy

Working...