Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

dahat dahat inanity makes my head hurt
  • 5 million Gmail passwords leaked

    , cbae wrote

    There's really little that can be done with a hacked email account alone.

    On the contrary, ones inbox is a very rich place to mine for data and exploit... if one has access.

    Obligatory XKCD:

     

  • Meanwhile, at Microsoft

    Odd, normally frivolous purchases are made by Softies in September... not August.

  • wiping a Windows Phone

    Ahh The Register... so sensationalist to burry the key point.

    The actual Avast blog post is more specific: https://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/

    In their test they purchased 20 Android phones.

    Not being an Android expert I can't say when/if full disk encryption landed (or if it is mandatory) on Android... but WP8 uses the same BitLocker technology as the desktop & Server versions of Windows... so if you do a factory reset on your phone (or successful remote wipe), all of the data on it is gone.

    One caveat is that if you were saving photos or other data to an micro sd card and forgot to remove that before selling it... then that data may still be readable (except on Windows Phone 7).

  • Italian spyware on all phones but Windows?

    , evildictait​or wrote

    *snip*

    Than iPhone? No. Windows Phone is easier to root than iPhone by some considerable distance. Android is a total security nightmare though.

    Citation?

    Note I said rootkit, not jailbreak or unlock for side loaded apps.

    I won't go into the methods used here, but they tend to be more complex than running an app on the phone.

    , cheong wrote

    @evildictaitor:Agreed.

    Although side-loading is different from rooting, I think the ability to sideload software by OEMs makes it more feasible to preinstall software to sniff your activity.

    Which is why I'd mentioned that it's a lot harder to exploit by someone who is not a phone manufacturer... who are the ones writing actually kernel drivers (and so can do anything on the phone).

    As for why WinPhone is not mentioned... I think it's probably related to the fact that no WP8 API can provide access to call history or so. The APIs begin available only in WP8.1, and that's just 2 months ago, maybe they've got budget allocated for WP cancelled because they thought it's not possible. (It'd be great if that is the case)


    Have you tried using those APIs? Have they worked for you? They aren't exactly usable by many.

    , GoddersUK wrote

    *snip*

    FTFY. Seriously, having a rootable phone isn't the risk; running nude-britney-spears.app is.

    Depends on how many permissions you need to be evil... and just being an app that remains in the sandbox which doesn't normally let you do things like silent SMS sending & interception (as one example) doesn't get you very far as it's not something most apps are capable of, not because they don't request the permission, but because they are not granted the permission... so you would need to exploit to a lower level and greater permission level to go your evil.

  • U.S. Supreme Court no warrant-less cell phone searches

    , evildictait​or wrote

    3) This doesn't relate in any way, shape or form to the NSA metadata program, because the NSA metadata program is about "data voluntarily given to a third party organisation to which you have no reasonable expectation of privacy" (Smith v. Maryland), whereas the Supreme Court has held that "Fourth Amendment protection afforded to closed computer files and hard drives is similar to the protection afforded to a person's closed containers and closed personal effects" (United States v. Peden), which is covered by the fourth Amendment.

    4) SCOTUS went out of their way to make clear that they are not doing an assessment of the constitutionality of metadata: "Because the United States and California agree that these cases involve searches incident to arrest, these cases do not implicate the question whether the collection or inspection of aggregated digital information amounts to a search under other circumstances."

    The question in this case has nothing whatsoever to do with the NSA, or hacking. It is whether a police officer can search your phone as part of "search incident to a lawful arrest"."

    Today it doesn't, just as the Lawrence v. Texas majority didn't directly address same-sex marriage, but was used as a basis for Perry v. Brown and others.

    Why not? Because that wasn't the issue brought before the court. Courts tend to confine their rulings to the scope of the issue at hand... which is what we saw today in National Labor Relations Board v. Noel Canning where they largely shot down recess appointments but did not vacate previous NLRB rulings since the unlawful recess appointments... rulings that will be subjects of separate cases whose eventual rulings will be based on todays ruling.

  • Italian spyware on all phones but Windows?

    @JohnAskew: What about the unmentioned option: Windows Phone is a lot harder to exploit via rootkit or app by someone who is not a phone manufacturer?

  • U.S. Supreme Court no warrant-less cell phone searches

    From the ruling, note this part of a paragraph (emphasis mine):

    Alternatively, the Government proposes that law enforcement agencies "develop protocols to address" concerns raised by cloud computing. Reply Brief in No. 13–212, pp. 14–15. Probably a good idea, but the Founders did not fight a revolution to gain the right to government agency protocols. The possibility that a search might extend well beyond papers and effects in the physical proximity of an arrestee is yet another reason that the privacy interests here dwarf those in Robinson.

    That could have implications if/when SCOTUS does eventually hear an 'NSA metadata' case.

    , JohnAskew wrote

    Police cannot hack your phone just because they have a gun and a badge. 

    No, but getting a warrant can be pretty easy... especially in a case like the one that was ruled on.

  • Should APIs be copyrighted?

    , Bass wrote

    You have a perfect example of when patents work, they are totally awesome. But lets say I "invent" something that is chances are, someone else would have come up with independently because it's much the most obvious way to solve a problem. IE. The disclosure of the patent isn't really all that beneficial to society. It's worth noting that the less useful or obvious a patent is to society, the more useful it is for suing people with and profiting handsomely from. The patent system actually ENCOURAGES crappy patents by the virtue of how it fundamentally works.

    Have we forgotten what the P in IP stands for? Property.

    Some property you have a paper title or deed to prove your ownership, other things a claim is established through simple possession and trade.

    You and I can both claim ownership of a given plot of land... but whoever can demonstrate a more substantive claim is likely to win the case through some kind of arbitration, granted even if you have a piece of paper that says you own it, if there is a pre-existing substantive claim... you can still lose... so goes for the patent system.

    I still don't get your point other than that no system is perfect... which I don't think anyone is going to argue with... but that it is better than the alternatives of not having a system that protects IP.

  • Should APIs be copyrighted?

    , ScanIAm wrote

    Why, then, should society be in the business of encouraging the advancement in technology, Mr. Galt?  Perhaps we should just drop all IP protections and let the invisible hands proceed with their thumb wresting over secret.

    Have you even read Adam Smith?

    If so... did you understand his writings on division of labor... or stop to consider their implications on the importance of IP protections?

  • Brandan Eich Steps Down as CEO of Mozilla

    , cbae wrote

    Nice dodge.This is the second time you dismissed a hypothetical as "implausible" or "irrelevant".

    You have no leg to stand on when repeatedly you've simply dismissed counter arguments with even less of a response... but then this is typical behavior from a proven hypocrite who is on the record advocating for the removal of rights from some, but outraged about the attempted removal of rights from others.

    As I said before (notice how I keep citing things despite your refusals to do likewise?):

    , dahat wrote

    Unlike you though, I think through different aspects of hypotheticals to determine it's likelihood and quality of application to a given situation... this like others of yours here keep on failing for the same reason... poor planning.

    Understand yet? Or should I repeat myself even more about my supporting of free speech, including that which I disagree with?

    Yet you boasted several times about how you'd defend the KKK or NAMBLA's right to speak at some imaginary event you'd actually give a rat's * about.

    You forgot the Democrat party... and on my street no less:

    , dahat wrote

    I've long said that if the KKK, Democrat Party or NAMBLA want to march down my street... they are welcome to it, despite the fact I am vehemently against most of what they say.

    And boasted 'several times'? I'd referenced the first post later as you kept trying to justify your irrelevant hypotheticals which were along the lines of "Well if in another situation, if so and so had said something waaaay worse... then would it be ok to fire him?" sort.

    It's pretty damn easy to brag about how principled you are when you get to pick and choose when you apply your principles.

    You keep trying to find fault with my principals and their application (based on your limited understanding of both) and keep failing so miserably.

    Have I sought to deny someone the opportunity to speak or punish someone for something they said which I may have disagreed with or even found offensive?

    No?

    Next!

    Of course, much of this is moot as you continue to pick & choose which points to address and so ignore the rest, somehow pretending that if you can nit-pick one thing enough, the entire argument fails... as you just did here.