Comment Re:Not "Bricked" (Score 2) 64
Because it is dangerous to normalize taking away functionality of hardware through software limitation after the point of sale. There should be outrage every time some company is called out on it.
Comment Re:Right to repair (Score 1) 64
The limitation didn't exist when I bought my TV. It's a bait and switch at the software level.
Comment Re: Right to repair (Score 2) 64
I bought a "smart tv" that ran whatever apps I cared to load, then they broke it because "security". If your car manufacturer sent a software update to your car and say disabled the ability to drive faster than 25mph or only on approved roads because "security", but hey it still "drives", right? They aren't stopping you from driving.
Submission + - Flaws in John Deere's Website Provides a Map to Customers, Equipment (securityledger.com)
chicksdaddy writes: Web sites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company’s customers including their names, physical addresses and information on the Deere equipment they own and operate, The Security Ledger reported. (https://securityledger.com/2021/04/deere-john-researcher-warns-ag-giants-site-provides-a-map-to-customers-equipment/)
The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.
Sick Codes disclosed both flaws to John Deere and also to the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. (https://www.cisa.gov/food-and-agriculture-sector) The information obtained from the John Deere websites, including customer names and addresses, could put the company afoul of data security laws like California’s CCPA or the Personal Information Protection Act in Deere’s home state of Illinois. However, the national security consequences of the company’s leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.
The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain, researchers warn.
The Agriculture sector and firms that supply it, like Deere, lag other industries in cyber security preparedness and resilience. A 2019 report released by Department of Homeland Security (https://www.dhs.gov/sites/default/files/publications/2018%20AEP_Threats_to_Precision_Agriculture.pdf) concluded that the “adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities” (and that) “potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers.”
The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.
Sick Codes disclosed both flaws to John Deere and also to the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. (https://www.cisa.gov/food-and-agriculture-sector) The information obtained from the John Deere websites, including customer names and addresses, could put the company afoul of data security laws like California’s CCPA or the Personal Information Protection Act in Deere’s home state of Illinois. However, the national security consequences of the company’s leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.
The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain, researchers warn.
The Agriculture sector and firms that supply it, like Deere, lag other industries in cyber security preparedness and resilience. A 2019 report released by Department of Homeland Security (https://www.dhs.gov/sites/default/files/publications/2018%20AEP_Threats_to_Precision_Agriculture.pdf) concluded that the “adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities” (and that) “potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers.”
Comment Re:Great advance (Score 1) 65
It is like they are learning to write code based on hello world examples. They are learning how to program by trial and error in high-level source code, without learning how to write their own compiler.
Comment Re:Charge per usage? (Score 1) 275
As for "1gbs 24/7/365", that sounds like the speed, not the amount. Maybe that's what you're referring to?
I was only able to hit that data cap twice in the past 10 years that I had it.
1gbs 24/7/365 is an amount (almost).
With a little correction, just multiply:
1gb x 60secs x 60mins x 24hrs x 365 days = 31,536,000gb/year
or 328.5TB/month
Comment Re:Why is this here? (Score 1) 380
His first list of picks were way to the right, stock full of anti-abortion, anti-gay marriage zealots; and worse, politicians.
His new list seems like it was meant to appeal more to the center, this time including minorities. However, I wouldn't be surprised to later find he had no intention of really choosing any of these.
Comment Re:Why is this here? (Score 2) 380
As opposed to who Trump would name to the Supreme Court. Sorry, that is one of the things that worries me the most about Trump being elected, that the court will swing too far to the right. At least I believe Hillary would pick moderates and maintain the status quo in most respects.
Comment Make it more expensive (Score 1) 472
DOL already knows what the median salary is for a given position, require that the H1B hired be paid 150% of the median for that position. How bad do they want them, better be pretty bad.
Submission + - Juniper OS flaw exposed allowing forged certificates (arstechnica.com)
disccomp writes: See the link.
Submission + - What Bell Labs was like c.1967 1
niittyniemi writes: There's a rather interesting photo-gallery over at The Guardian
which gives an indication of what life was like at Bell Labs c.1967.
This was the year that Dennis Ritchie joined Bell Labs and went on to produce a body of work which has been pretty much unrivalled in its influence on the modern computing landscape, even some 50 years later.
What's noticeable about the pictures, is that they are of woman. I don't think this is a result of the photographer just photographing "eye candy". I think it's because he was surrounded by women, whom from his comments he very much respected and hence photographed.
In those times, wrangling with a computer was very much seen as "clerical work" and therefore the domain of woman. This can be seen as far back as Bletchley Park and before that Ada Lovelace.
Yet 50 years later, the IT industry has turned full-circle. Look at any IT company and the percentage of women doing software development or similar is woeful. Why and how has this happened? Discuss.
This was the year that Dennis Ritchie joined Bell Labs and went on to produce a body of work which has been pretty much unrivalled in its influence on the modern computing landscape, even some 50 years later.
What's noticeable about the pictures, is that they are of woman. I don't think this is a result of the photographer just photographing "eye candy". I think it's because he was surrounded by women, whom from his comments he very much respected and hence photographed.
In those times, wrangling with a computer was very much seen as "clerical work" and therefore the domain of woman. This can be seen as far back as Bletchley Park and before that Ada Lovelace.
Yet 50 years later, the IT industry has turned full-circle. Look at any IT company and the percentage of women doing software development or similar is woeful. Why and how has this happened? Discuss.
Comment Re:HTTPS support (Score 1) 1839
You could use a separate subdomain: secure.slashdot.org, just make that host default to https.
But a looming problem is that browser vendors may start making non-https look bad: http://thevarguy.com/secure-cl...
I suppose the inverse could be done too, default to https on the regular address and have a subdomain dedicate to non-https.
Comment Re:How can there be? (Score 1) 622
I expect to get what I pay for. If I pay for 65Mbps of bandwidth, just as I pay for Netflix to stream to 4 devices simulaneously. If I have 4 devices (2 adults + 2 kids) in my house, and each is streaming 15Mbps video, there should be enough bandwidth to satisfy all with 5Mbps left over for web browsing, email, etc. ISPs are just upset that we are relagating them to the status of a utility and envious of the profits enjoyed by the video services who CAN actually deliver what we each want, on demand.
These services are built around the idea of a normalized distribution of usage.
And they realize that as that distribution drifts over time, their lucrative business of broadcasting packages of channels, turns into managing the plumbing for their partners/competitors.
Comment Re:Related to the Hacking Team hack? (Score 1) 190
I wondered if they were related; their respective Anti-virus vendors notify them that they are vulnerable to some bad-nasty that was discovered and the patches hadn't been through QA yet.
Comment Netflix Icon, unlearning is harder than you think. (Score 1) 516
Netflix changed the its Icon from having a red background to a white background. While this seems like a minor change, when I scan the screen on my tablet or phone I don't see it right away. It is like having muscle memory that suddenly fails you.
Slashdot Top Deals
Never call a man a fool. Borrow from him.
