Fix the way Android threats CA's first, then speak.*

*subject to whims of operator, out-of-date root CA's, sets of devices support one CA, sets - somebody else (and I'm talking here about the support of first name operators).

What does it matter if 70% of android phones sold doesn't include even current root CAs of the recognised authorities. Not even touching on the subject of what makes them 'trusted'

With android a common problem is which CAs are recognised, which versions of their root certs and which operators have decided to fuck up the cert chain due to political reasons.

Also - whether webview in applications support the same cert chains that browsers do or subset at mercy of 3 year old out of date build.

So yeah, as far as I'm concerned the SSL on android is generally useless. Due to SSL being unusable in real world more so than due to 'lazy devs'.

Apart from the PSU requirement* (really, WTF? The rest describes a 500W system at peak load max) it's not a high end system - a mainstream system within 18 months max.

* Then again, cheap 1000W PSU's are only reliably capable of 500W or so anyway. Which actually translates to approx. 150W for the system + 200-250W to the GPU at the peak load + margin.

As far as anybody should care this does not matter much - it says fairly little with regards to whether he actually did or did not kill his wife and unless there's a body and physical evidence (and as far as I know there is only circumstantial - his wife has been in his car, yeah, surprise), this will remain a not quite shut and sealed matter.

If the filesystem is any good the issue above is moot regardless. Just stop with the cheap puns. Guilty or not, being convicted is a very shady metric to determine it reliably.

First they changed the rules to not look stupid (and managed to look very stupid). Any change of tactics is (hopefully) still classified.

Oh, tell more?

I think the standard these days is the passive underwater sonars - the likes that were deployed on crucial choke points during cold war. Cant's seem to recall the name of the currently declassified system though :/

Give it 6 months, Microsoft might just get desperate enough...

Ain't going to happen. The only viable energy source (nuclear) is being opposed by everybody it seems.

Because SMS is a store and forward system. There is no way to authenticate origin, only destination (well, implicitly, by it being reachable).

And it's been already decompiled and it takes a local, available only on a target system, parameter as a key input. It's elegant, I grant them that.

And it wouldn't be likely the target computers would be running it.

Someone who runs Windows. In an environment where upgrading to SP1 is unlikely (runs on at least Windows 7 vanilla, exits on SP1 - can also be explained by assuming more sophisticated detection on SP1 boxes), yet both x86 and x64 versions are in use (two versions of binaries - so perhaps previous versions with variants?), someone who is running a particular software package the name of which is known and which follows the normal windows software installation procedures (key hash generation and the fact it's looked up from under the program files - can be a distraction though!).

I actually think that the program files path is a distraction. The actual key is a hash of a particular known file in a system, the non-ascii entry in the program files is ether a null result to be matched against or an extra test.

Which, for me, is the scariest bit. Having such a precise knowledge of a target system, yet still bothering to target it with a release-in-the-wild trojan does imply a few things...