If a browser crashes because of a site, it's the browser's developers fault.
Actually it does produce the button2 events natively. I had to use no additional software to use it. It's my everyday mouse.
Bluetooth, comfortable mouse with a wheel, but a split 3rd button. Instead of a 3rd button integrated with the will, it's a smaller button closer to the palm.
Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers. Notably, Verizon appears to inject the X-UIDH header even for customers of Straight Talk, a mobile network reseller (known as a MVNO) that uses Verizon's network. Customers of Straight Talk don't necessarily have a relationship with Verizon.
I was honored to know Glenn Seaborg while working at Lawrence Berkeley Labs in the 1980's. By then, Manhattan Project was long behind him, as was his Nobel prize, the Atomic Energy Commission work, and his chancellorship of the University of California. Yet he was still a kind and supportive scientist who was deeply interested in any research - whether in physics, astronomy, chemistry, or biology. He recognized the need to teach music and art alongside science and math, and would visit local high schools to encourage students.
I once met him at the Lawrence Hall of Science, walking around the old cyclotron. When I asked him about it, he said that he'd been wondering how the field magnets had been mounted (it was perhaps 40 years after the Manhattan Project). After a short chat he invited a few 12 year old kids over, and told stories about using the beast to create new elements. Amazing guy.
"We turned your thermostat up to 85 degrees and you can't change it. We want $5000 worth of Bitcoins in 72 hours--or we find out if your furnace perpetually on full-blast will burn your house down. Think we're kidding? We also know that you have an [some brand name] WebOS-based TV (it was easy--the IP address was the same as your thermostat) and an [some brand name] Android-based refrigerator that we also pwned. In 24 hours fridge will be set to 50 degrees spoiling your food, and in 48 hours your TV will be permanently stuck showing random videos from Xtube. So, your only options are to pay us or cut off power to your house--but when it comes back on, we still own your pwned devices! Good luck replacing the devices we pwned but didn't mention here... TIMER: 71:59:59...71:59:58...71:59:57......."
Seriously, I'm not for government regulation in a competitive landscape, but such devices, especially given their manufacturers will abandon writing security updates for them--6 months after the new model comes out, are ticking time bombs... I'm not about to replace my oven, furnace, dryer, refrigerator, thermostat, dishwasher, home security system, TV, toaster, and toilets every 3-5 years because someone thinks such devices should be IoT and wants to gather even more "big data" about me...
But what about e-mail? IM? Interwebs? Facebooking? Really??? Buy a 2nd, low end PC, wirelessly connect it to the corporate network, and volia! Hell, you could even use a KVM for this purpose, if you'd rather not spring for the expensive $400 laptops. Don't take the easy approach of connecting the networks in a way that only allows for RDP sessions--a determined hacker with unlimited funds (e.g. state sponsors) would figure that one out.
But what about Adobe Cloud or whatever program needs to connect to the Internet? Most such programs have alternative options for air-gapped networks (e.g. a license server), and a company like Adobe could be brow-beat by a company like Sony into disabling phone home. For high-risk applications where you can't talk your vendor out of phone-home, it's time to look for a new vendor...
Demand Letter: http://krebsonsecurity.com/wp-...
I can hear Barbara Streisand's voice now... (Well, what I hear is "her" voice from the Mecha-Streisand "South Park" episode...)
I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation.
False-flag operation or not, that's a crime. If someone within Sony (or hired by Sony--e.g. their cybersecurity contractor) sent such an e-mail, that person is doing the equivalent of "screaming 'fire' in a crowded theater, when there is no fire". Not protected by free-speech and that person should be criminally charged with a felony.
As has been proven by Stuxnet and this breach, unlimited state-sponsored funds ALWAYS beats "networks with layered protection". Big-name companies that spend shitloads of money on security still get breached. 15+ years of "breeding a culture of corporate security" also hasn't worked. But if you require the network to have a physical presence, then you've eliminated your primary attack vector.
I have to assume that data breaches are much worse cost... This one has lost sales, lost goodwill, lawsuits, potential government fines (e.g. HR data), network design changes, etc. Even a $10 million air-gapped network would have been a bargain compared to this mess...
I'm still waiting for a massive Salesforce data breach... That'll be interesting when it happens.