Forgot your password?

Comment: Picking a seat is easy (Score 2) 144

by ugen (#46660235) Attached to: Hacker Holds Key To Free Flights

Seat maps are now available online realtime for most major airlines. So there is no need to guess - you can pick a right flight and an empty seat, do it right before the departure and it will likely remain empty.

On the other hand, my impression of gate check was that it checks boarding pass against database record of name/reservation/seat assignment. Certainly any other information maintained by gate agents is in the same remote database (such that any changes they perform at the gate become instantly visible online, for example standby and upgrade list status). So, no matter what the "local hack" is, it would only work if either:
- He can also hack remote passenger database (unlikely)
- Specific airline does not check passengers against the database and trusts properly constructed boarding pass (also unlikely, at least in US, as there needs to be positive match between passenger and loaded luggage that has to be performed based on that darn remote record).

There is also pesky passenger manifest with names, which again comes not from your boarding pass but from the remote system (though they need to reconcile with with reality).

Let's wait and see. Perhaps some of these conditions don't hold in Europe for whatever reason?

Comment: I'll invoke Godwin's law (Score 0) 824

by ugen (#46597043) Attached to: Some Mozilla Employees Demand New CEO Step Down

What if that CEO just "gave some money years ago" to Nazis? Now as CEO he is promising to promote "inclusive policies" . Would Jewish people working for this company be justified in asking him to step down?

See, it *is* about the kind of belief that is being dealt with.

In any case, CEO has a right to his opinion and employees have a right to theirs. They are *asking* for him to step down. That's what free speech is for. They can ask, and he can do as he sees fit.

Comment: Not just US (Score 1) 347

by ugen (#46334173) Attached to: NSA and GHCQ Employing Shills To Poison Web Forum Discourse

Russia is doing this sort of thing pretty extensively. On one of the national forums I happen to frequent we know who these people are - in fact, they are not really in hiding (though they never officially confirm or deny their identity). Human psychology works in curious ways, though - even though the perpetrators are well known, the rest of the community still gets into extensive discourse that includes these people and even allows them to steer discussion in whatever direction they need to. I have to give it to these guys - they are well prepared and master mass psychology quite well.

Comment: Lucrative deal (Score 1) 359

by ugen (#46326915) Attached to: Ghostwriter Reveals the Secret Life of WikiLeaks Founder Julian Assange

What are the chances that next step for mr O'Hagan would be writing a "tell-all" article series, followed by a book "revealing to the public the intimate details about one of modern day most controversial characters". I bet that would pay a heck of a lot better than a ghostwriting job for a fugitive stuck at a 3rd world country embassy.

Seems like Assange isn't particularly savvy about choosing his friends.

Comment: Re:Lets see how far back... (Score 2) 140

by ugen (#46313367) Attached to: Apple SSL Bug In iOS Also Affects OS X

It is correct and, if you have 10.6 handy - you can verify that under that system Safari is using OpenSSL. To do so, simply move /usr/lib/libssl.*.dylib elsewhere and try to run Safari. It will fail due to missing libraries.
On 10.9 Safari will happily run with OpenSSL libraries removed.

You are welcome to dig through otool -L output to find how it's linked up, but the fact remains - Safari was switched over from OpenSSL to homegrown crypto sometime after 10.6.

Comment: Re:Lets see how far back... (Score 4, Insightful) 140

by ugen (#46312955) Attached to: Apple SSL Bug In iOS Also Affects OS X

Snow Leopard (10.6) is not vulnerable to this bug, since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet. Just verified on my 10.6 box (to verify visit )

On the other hand, iOS 6.1.5 is - and now I have a choice of using insecure iPhone or upgrading to 7.x. For now I've switched from Safari to a 3rd party browser that does not have this bug - but email is still vulnerable and so can be other components. That said, I have little trust in SSL even when it works as designed, so I won't lose much sleep over this.

Comment: Re: goto fail (Score 2) 101

by ugen (#46310365) Attached to: Apple Fixes Dangerous SSL Authentication Flaw In iOS

Curious. This would seem to result in a failure every time. Without reading the code further - how could auth ever succeed? Or did it ignore the failure return code and relied on hash update results anyway?

Switching away from OpenSSL that is widely used and audited for generations of releases to homegrown crypto is a mistake on Apples part. This is most certainly not the last security flaw in their code we will see.

Comment: Science fiction to reality (Score 1) 111

by ugen (#46303861) Attached to: Fishing Line As Artificial "Muscle"

Funny, if you happen to be Russian and of that generation - this is pretty much how "bioplastic" drive was described in a sort-of-science-fiction book about "Neznaika in a sunny town" :) Here is the relevant page:

I've been waiting for this one for a while.

Comment: Man, they are smart... (Score 1) 62

by ugen (#46261291) Attached to: Apple's Hiring Spree of Biosensor Experts Continues As iWatch Team Grows

Disclaimer: I am an Apple product user. I like my iPhone 5. However, I tried and could not like iOS 7 (my primary iPhone is still on 6, and I'll stick with it for as long as possible), and admittedly for a few years I felt about my iDevices about the same as anything else - they serve the purpose, annoy me sometimes, whatever. Mildly ambivalent.

At the same time, I wasn't too excited about wearable computing. Watch-like devices that came out so far seemed to be trying the form factor without actually having figured out their purpose. They were poor answers to questions no one asked.

Then Apple does this. I have no idea what specifically "this" is but admittedly a "bio-metric" angle is intriguing. I am now somewhat curious and even a little excited to see what they will develop. This may be in part because as I got older, I've got a lot more careful about maintaining my health (whatever is left of it anyway). As part of that quest, I've been through a number of dedicated health-metric devices - and virtually all of them so far came up extremely short in both functionality, usability and integration. In fact, ironically, the most used "health" device is my iPhone which I consistently use for nutrition and fitness tracking.

So - great angle from Apple. Wish I could work on that project :)

Your fault -- core dumped