Aryeh Goretsky - Slashdot User

Twitter Exploit Let Two Pranksters Post 30,000-Character Tweet (engadget.com) 65

Posted by BeauHD on Monday November 06, 2017 @07:20PM from the blown-away dept.

sqorbit writes: Two German twitter users were able to post a 30,000-character tweet, blowing way past the 280-character limit it is testing for select users. The accounts were banned for a brief period of time but are now back online after they apologized. The original 30,396-character tweet has been archived and can be viewed here. The two pranksters exploited "a rule Twitter made in 2016 that links would no longer count in the 140-character limit," reports The Daily Dot. "Yes, this is just one big web address with a URL code hidden deep in the large block of text."

Comment How to re-enable Windows Media Player (Score 1) 255

by Aryeh Goretsky on Tuesday October 10, 2017 @04:55PM (#55345347) Attached to: Windows 10 Update Removes Windows Media Player

Hello,

Here are a couple of methods for scripting re-installation of Windows Media Player after applying KB4046355.

via Command Prompt: dism.exe /online /enable-feature /featurename:WindowsMediaPlayer

via PowerShell: enable-windowsoptionalfeature -online -featureName WindowsMediaPlayer

Hopefully that will be of use to people who still need to use (or prefer) Windows Media Player.

Regards,

Aryeh Goretsky

Comment Doesn't explain Windows Store, though... (Score 1) 152

by Aryeh Goretsky on Saturday September 30, 2017 @12:33PM (#55283859) Attached to: Microsoft Explains Why Edge Has So Few Extensions

Hello,

It is interesting how concerned Microsoft is about "building a thoughtfully curated ecosystem" with browser extensions that are "high-quality and trustworthy" for Microsoft Edge, while at the same time, its Windows Store offers many poor-quality mobile apps bordering on the scammy (fake browsers meant to look like Google Chrome, pirated copies of books, etc.) for years.

Of course, Microsoft collects a percentage of sales from Store apps, so maybe it was more to their incentive to have it filled with these in order to inflate the number of apps back when the "app gap" was a concern before they abandoned Windows Phone/Windows 10 Mobile.

I have to wonder, though, if Chrome and Firefox versus Edge is the new version of iOS and Android versus Windows Phone.

Regards,

Aryeh Goretsky

Military Tech Could Be Amazon's Secret To Cheap, Non-Refrigerated Food (cnbc.com) 80

Posted by BeauHD on Friday August 11, 2017 @07:20PM from the tastes-like-chicken dept.

According to CNBC, Amazon is exploring a technology first developed for the U.S. military to produce tasty prepared meals that do not need refrigeration, as it looks for new ways to muscle into the $700 billion U.S. grocery business. From the report: The world's biggest online retailer has discussed selling ready-to-eat dishes such as beef stew and a vegetable frittata as soon as next year, officials at the startup firm marketing the technology told Reuters. The dishes would be easy to stockpile and ship because they do not require refrigeration and could be offered quite cheaply compared with take-out from a restaurant. Delivering meals would build on the company's AmazonFresh service, which has been delivering groceries to customers' homes for a decade. It could also complement Amazon's planned $13.7 billion purchase of Whole Foods Market and Amazon's checkout-free convenience store, which is in the test stage.

The pioneering food-prep tech, known as microwave assisted thermal sterilization, or MATS, was developed by researchers at Washington State University, and is being brought to market by a venture-backed startup called 915 Labs, based in Denver. The method involves placing sealed packages of food in pressurized water and heating them with microwaves for several minutes, according to 915 Labs. Unlike traditional processing methods, where packages are in pressure cookers for up to an hour until both bacteria and nutrients are largely gone, the dishes retain their natural flavor and texture, the company said. They also can sit on a shelf for a year, which would make them suitable for Amazon's storage and delivery business model.

Comment What about exploitable 3rd-party bugs + targeting? (Score 1) 52

by Aryeh Goretsky on Sunday August 06, 2017 @09:00AM (#54949999) Attached to: The NSA Intercepted Microsoft's Windows Bug Reports

Hello,

I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.

Regards,

Aryeh Goretsky

Submission + - Intel Puma6 modems highly vulnerable to DOS attack (dslreports.com)

Submitted by Idisagree on Thursday April 27, 2017 @06:45AM

Idisagree writes: It's being reported by users from the dslreports forum that the Puma6 Intel cable modem variants are highly susceptible to a very low bandwidth DOS attack.

To add to this there are class actions lawsuits already going forward for performance issues with the Puma6. (https://www.classactionlawyers.com/puma6/)

It would appear the atom chip was never going to live up to the task it was designed for and these issues may have been known within Intel for quite some time.

Comment quality of research vs. patents? (Score 2, Interesting) 38

by Aryeh Goretsky on Thursday March 23, 2017 @06:55PM (#54099133) Attached to: The Compulsive Patent Hoarding Disorder

Hello,

I am wondering if this has more to do with the quality of the research being done, as opposed to the patent process itself. While India's CSIR-Tech may have failed, Australia's equivalent entity, CSIRO, seems to have done quite well for Australian taxpayers, such as generating income on from Wi-Fi (some essential component of 802.11n, as I recall).

Regards,

Aryeh Goretsky

Comment This is not a big deal and is easily turned off. (Score 1, Informative) 498

by Aryeh Goretsky on Sunday January 29, 2017 @07:31AM (#53758617) Attached to: CNET Editor Rails Against Non-Consensual Windows Updates

Hello,

I guess it was a slow day at CBS Interactive's CNet web site, or perhaps they are not very familiar with using Windows. This behavior can easily be disabled by a simple registry tweak. Here's a .REG file which does exactly that:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

If you would rather script it using a .CMD file, that's easy enough, too. You can even do it in one line:

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1

Or, for the PowerShell-inclined, here's a three-line version:

New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name "NoAutoRebootWithLoggedOnUsers" -Value 1 -Type DWord

As always, you are responsible for your computer and should make a backup before making any changes to it.

Yes, Windows can be difficult to use at times, and the learning curve can be quite high. But these days that's pretty true of any operating system if you're coming to it for the first time. You can find the answers to a lot of questions by searching the web, and in case you can't (or you still have questions), you can go to a web site with an active Windows user forum like BleepingComputer. GeeksToGo, Neowin, Scot's Newsletter,Sysnative, WindowsForums or even Microsoft's own Microsoft Answers forum and someone will help you. Those are just a few off the top of my head, there are plenty of others, although you should probably avoid CBS Interactive's own CNet forums.

Regards

Aryeh Goretsky

Comment Incorrect. KB3201845 contains a fix/workaround (Score 2, Interesting) 191

by Aryeh Goretsky on Saturday December 10, 2016 @11:56AM (#53459127) Attached to: New Bug In Windows 10 Anniversary Update Brings Wi-Fi Disconnects

Hello,

This issue has been going on for more than two days. Reports of it date almost a month:

https://www.reddit.com/r/sysad...

https://community.spiceworks.c...

Although reports of it in Microsoft's support forum are more recent:

https://answers.microsoft.com/...

The December 9th patch - https://support.microsoft.com/... - might contain some kind of fix or workaround, although I don't see anything mentioned on the page which maps to the issue.

Microsoft is keeping customers up to date with a page on its support forum. Here's Microsoft's short link to the page: https://aka.ms/netcom

Regards,

Aryeh Goretsky

Comment A precedent has been set... (Score 1) 736

by Aryeh Goretsky on Friday November 25, 2016 @12:28AM (#53357613) Attached to: Right-Wing and Fake News Writers Are Now Going After Elon Musk

Hello,

News sites (fake or otherwise) should be extremely cautious of running salacious news stories about Elon Musk, given that fellow tech mogul Peter Thiel helped sue a media outlet into oblivion. Presumably, Elon Musk has the same capability.

Regards,

Aryeh Goretsky

Comment Uhm... no, it doesn't work that way (Score 3, Insightful) 30

by Aryeh Goretsky on Wednesday September 07, 2016 @10:09PM (#52844989) Attached to: Intel Selling Majority Stake In Intel Security, 'New' Company To Be Called McAfee

Hello,

Intel had been investigating selling Intel Security (nee McAfee) for well over a year, so this is hardly a recent development on their part. And regardless of what the Slashdot crowd things of the products' quality, they do have massive amounts of brand recognition in both the consumer and enterprise spaces.

Mr. McAfee had given up the rights to his name when preparing McAfee Associates' IPO and did quite well in terms of how he was compensated. Even back in 1995 he was already trying to get his name back from Bill Larson (then President, CEO and Chairman of McAfee Associates) and having no luck. As much as Bill hated the McAfee name, he realized there was so much money to be made in it, and took the company from $20-30M in revenue to billions of dollars in valuation .

Mr. McAfee's one of the smartest business people I know, and his ability to rapidly absorb data, synthesize it and come up with all sorts of ideas for products is pretty darn amazing, and frankly, with all of the time and effort he's put into being in front of the media, trying to get his name back at this point is a waste of time and shareholder's money spent on lawyers: Due to his recent high-profile activities, there's enough interest in Mr. McAfee that he doesn't need to capitalize on his name, anymore. He could name a company "Spicy Lemon" and still generate media attention because of his involvement with it, just as he's done with all the products he's taken on since returning to the U.S. after fleeing Belize.

Regards,

Aryeh Goretsky

Comment But satellite phone are easy to target (Score 1) 197

by Aryeh Goretsky on Wednesday August 31, 2016 @07:01AM (#52801711) Attached to: Revived Lawsuit Says Twitter DMs Are Like Handing ISIS a Satellite Phone

Hello

The funny thing is that equipping a target with a satellite phone improves the ability to identify them. In the case of a journalist and photographer team operating in Syria a few years ago, it was their satellite phone that allowed their location to be triangulated and subsequently attacked.

I would think it would not be too difficult to come up with some interesting usage patterns of DMs (sending messages in languages commonly used by ISIS, using certain phrases common to ISIS, geoIP location, access only from Tor nodes, proxies, VPN connections and so forth as selection criteria for further intelligence collection. Frankly, using DMs sounds like a great way to be targeted by state security services.

Regards,

Aryeh Goretsky

Comment Bug bounty program? (Score 1) 61

by Aryeh Goretsky on Tuesday August 09, 2016 @02:02AM (#52669385) Attached to: White House Releases Federal Source Code Policy To Help Government Agencies Go Open Source

Hello,

I did not see any mention of a bug bounty program. Is there one? If the federal government would like to not just have its open sourced software reviewed but actually receive reports of bugs, they should consider adding a bug bounty program to encourage programmers to report any errors they find to the federal government, instead of selling it to an adversary.

Regards,

Aryeh Goretsky

Comment here is the Lenovo Solution Center download (Score 4, Informative) 43

by Aryeh Goretsky on Saturday June 25, 2016 @08:22PM (#52390561) Attached to: Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes

Hello,

Since neither the original poster or the article provided it, here's a link to the page where the latest version of the Lenovo Solution Center can be downloaded from:

https://support.lenovo.com/us/...

Note that the downloads are listed at the bottom of the page.

Regards,

Aryeh Goretsky

Comment three questions (Score 1) 133

by Aryeh Goretsky on Sunday June 19, 2016 @02:09AM (#52345863) Attached to: Interviews: Ask Security Expert Mikko Hypponen A Question

Hello Col. Hypponen,

I have three questions for you:

1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?

2. If there was one thing you could every average computer user to do to improve their security, what would it be?

3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name?

Thank you for taking the time to read this. I look forward to your answers.

Regards,

Aryeh Goretsky

Slashdot Top Deals