Worst case it's no worse then http. There have been a few http headers that help with pinning so a compromised CA will be detected sooner.

cacert.org is not trusted by Windows, OS X, Mozilla, and others where Let's Encrypt will be thanks to a crossed sign cert. cacert.org's root certificate is also using md5 still so it's unlikely that it's current root cert ever will or should be trusted. lets encrypt will do all of the work of creating and renewing certificates with the use of their command line tool.

If you had read the article you would have seen the quote below.

You could use a proxy auto-config file on your iphone to block at least some of the junk. it won't be as good as adblock(+) and no script but it would be better then nothing. https://code.google.com/p/adbl...

There's two types of attacks. One is a fake tower the other is just listening in/relay of signal to a real tower with out any funny business. The change T-mobile is making will help prevent the later but the downgrade attack will still work. As long as the device supports the insecure standards the fake towers will work for downgrade attacks (assuming they prevent you from connecting to a better tower).

The public hotspot has a different public ip address from the subscriber's public ip address.

I should have done a bit more looking around before I posted my other comment. If you want to drop a crazy amount of money you can get a Oracle tape drive. The T10000 T2 tapes hold 8.5TB uncompressed however it's unclear if you can buy one drive or how much one costs. http://www.oracle.com/us/produ... http://www.oracle.com/us/produ...

Unless it's something other then LTO 2.5TB is the best there is right now http://en.wikipedia.org/wiki/L...

It was a upgrade to the botnet that switched it from normal networking to going over tor for command and control.

Slashdot and threatpost both have it wrong. The original article(linked threatpost) from says "his arrest on suspicion of wire fraud, access device fraud and unauthorized access to a computer" http://www.utsandiego.com/news/2013/feb/07/Former-student-arrested-after-probe/

That only works if the ad requires javascipt a lot of them are just nested iframes. I've been very happy with the noscript iframe setting! most sites only use iframes now for ads and if I need it I can still enable it for just the domain that I need it for.

right because there's never forensic evidence unlike ballet box stuffing.

Credit card processing has fees attached to it. Many smaller shops tend to have a large flat transaction fee and some percent. if you charge $.50 on your credit card it might cost $.11 in fees meaning the merchant only gets $.39 for the $.50 worth of goods from a $.10 transaction fee + 3%. There are some processors out there that only charge a percent as far as I can tell like square.

I got it a gun with Micky Mouse(r) ears for iron sights!