Doesn't NEED Javascript!

For everyone getting het up about the existence of Java in this exploit, that is just an example of how it could be released into the wild. (If you can decrypt SSL, then you can probably add extra text into the connection to include your java)

BUT I don't think you need it.

I suspect you just need a packet sniffer and the code and away you go.

So, for example, sit in a public place with a dodgy wifi AP and everyone surfs through you thinking "haha, I'm safe, I've got a green padlock". In the meantime you've captured all their login/password information etc. Presumably you can decrypt it all at your leisure and then login to their paypal/bank account a few days or weeks later and pay yourself a little bonus.

If it takes java 10 minutes to decrypt, then a bit of nicely written OpenCL with a pile of GPUs will probably crack it realtime. That's something I'd like to see! (not on my connection)

@ Danny 5

The scary thing about reading "Danny 5" is that he seems to believe that himself.

I am less surprised about the riots, if people like Danny, who have at least got enough brains to spell most words, think that they would have joined in the rioters.

I think we need an urgent dose of "community" lessons in school.

I like the book of "Starship Troopers" and the concept that only people who put something into society were able to get anything out of it. It did at least seem to recognise that some people were less able to contribute than others.

What's wrong with IR?

So, why do we have to use visible light and disturb people with the light. What is wrong with IR at various frequencies, in the same way as they are using visible at various frequencies?

I know my TV has a much lower bandwidth but it seems to work reasonably well at receiving signal from the remote even when there is stuff in the way. OK, if you block the tx/rx close to the device then it does fail, but "shadows" from objects in mid distance aren't a problem. A couple of tx/rx pairs per room, well spaced should be able to cover most of the room.

Fiction?

About 2/3rds of this is completely true.

The number of times I hear people recommending sub optimal solutions because they know the customer won't pay for anything more.

You've got to hit them with the gold plated option and when they decline it's their decision.

If you take the decision from them, they sue you for saying that taking a USB disk with all the company's data home every night was a secure off site solution.

Pushing people down a lift shaft for not taking holiday is probably not something I'd immediately link with that policy. Particularly as it's normally me who ends the year with 90% of my holiday allocation.

Highers???

Unless they've changed things recently, kids with highers at scottish unis were expected to do an extra year before the course really got going. So a 3 year course would be a 4 year course.

I went from the England with a-levels to Scotland for a degree and found the first year was about half n half "easy" and "new".

I think degrees are too narrow focussed myself. I found after 2 years of studying electronics to what seemed to be pointless levels of detail, I just wanted to do something different.

I don't work in electronics now, but I can't imagine being able to work out the impedance of a cable from first principles AND how electrons flow through a transistor junction is going to be useful to most people. You might need to know the nitty gritty of some of the areas, where your work is focussed, but not all of it.

I'd suggest more vocational A-levels followed by something like an apprenticeship program in whatever the company want you to do, nationally recognised etc... so you could move jobs and keep your course going. AND continue that through life.

Unlike most companies I work for where you keep getting thrown new technologies and expected to figure it out because it's sort of similar to the old one you were working on. Actually have some sensible budget allocated for training. (One UK wide banking institution allocated about £500 per employee per year and then threw VMware at the Windows admin team. No surprise it was a bit of mess)

My god, this is like iPhone vs Android...

This argument is almost as good as an iPhone vs Android argument, except here there are 3 sides, PC, PS, Xbox.

Won't someone think of the trees?

Consider the cost of making real books and what happens if it doesn't sell well. You print a few million copies anticipating some demand and only sell a few thousand. You've got a few trees worth of paper to recycle.

If you print a few thousand and it's popular, then you get told off for restricting supply etc...

I bet a large proportion of the initial cost of a physical book covers the risk. Compare new books costing >£10 with 6 months later when you can pick them up for under 5. I expect 5 is nearer the "real cost". So to inflate the eBook price to match the initial cost of a paper book is effectively susidising the publisher's risk on the paper book.

If they took the plunge and went all E, the prices should fall.

Price vs performance

Comparing aerogel with K17 you said it's twice the performance and then said with a big discount you did the room for £1500 as opposed to £170 with K17.

I'm all in favour of saving energy but comparing the £1500 with the cost of energy to heat the room, how long before it's cost is offset by the fuel saving?

Or you could loose another 4cm per wall and spend almost a tenth of the money... I think most people would find alternatives to aerogel when the bill came in.

UAC : waste of space

As far as I can tell UAC is completely useless.

"A program would like to make changes to your computer, do you want to allow it?"

What changes, where, why, etc....

There is a lot of apps that are borked by UAC and need to be "run as administrator" to work properly (like inability to create files even in areas you can create files in without being administrator)

And a lot of apps that require UAC confirmation when really they shouldn't need it.

So you get in the habit of pressing "Yes" because if you don't, you don't get to run 90% of what you want.

Next question, why does the MBR actually affect Windows? Surely you can replace the MBR with something else like lilo or grub and I wouldn't expect that to affect Windows' policy on deciding whether to allow unsigned drivers FFS.

Sounds like an easy fix/preventative would be to install lilo/grub and make sure that you see their boot screen before you get into Windows. If the MBR is changed then you wouldn't see them unless it's really f-ing clever.

After previous performance....

After the performance of the PARIS chase team, I'd reckon LOHAN could be:

Lost On Highway And Needing beer/tea/cigarette ?

Unless the Reg is just messing with us?

Doesn't happen in Sainsburys

I once leant on the partition by the till behind me's scales and was asked to move. Even though I wasn't touching the scales they seemed to get very upset if there was anything within a couple of feet.

Maybe my arse is more of a threat to accurate weight measurements than this lady's breasts were....

UPDATED NEWS : Do they care?

Microsoft issued the following statement: "Kinect for Xbox 360 has not been hacked -in any way - as the software and hardware that are part of Kinect for Xbox 360 have not been modified. What has happened is someone has created drivers that allow other devices to interface with the Kinect for Xbox 360. The creation of these drivers, and the use of Kinect for Xbox 360 with other devices, is unsupported. We strongly encourage customers to use Kinect for Xbox 360 with their Xbox 360 to get the best experience possible."

So what they are saying is that to hack something you have to change it's hardware or software. This distinction may come back to bite them/their peers.

"I didn't change your code to play that game without a serial, I wrote my own and put it in a wrapper around yours, therefore it's not a hack"

"I didn't hack my iPhone, I'm just running my own code on it instead of yours"

etc...

Obviously whoever made that quote has no clue what "hacking" entails.

Has anyone watched the video???

ROTFLMAO. The video looks like it was shot on a mobile phone and edited by someone with their eyes closed!

Wobbly shooting and clips that only appear for a fraction of a second. I'm watching in the office so have no sound, I'm guessing it's just as bad.

What a great advert...

Battery life

"Folio will deliver up to seven hours' battery life, on the basis of a lot of web browsing, a little movie viewing and a quarter of the time in standby mode."

Does that mean that it will only standby for a quarter of 7 hours?

Or that they quote the battery life including some time as effectively switched off?

Why don't they claim a life of 5 hours of real usage?

Otherwise I can see this going like "unlimited" broadband <small print> with a cap</small print>

"My tablet has 12 days battery life <small print> with 4 hours use</small print>"

I don't get it

How does making people drive more slowly by imposing variable speed limits make traffic flow more freely.

Simple physics shows that if you put a restriction on a flow, the flow needs to speed up or pressure will increase until ... someone has an accident.

Serves you right for upgrading

I'm still on 4.0 and my phone can't be frigged like this. "Upgrade", Pah!

Lack of information

For more information check out Stonesoft's site "antievasion.com".

The only bit of real "example" of what they mean is :

"A: Technical: Consider the well known method of packet fragmentation, this alone would be caught. However, if this is combined with random IP options and a manipulation of how data is interpreted on the target, the attacker can successfully deliver a payload containing any attack."

Which means absolutely naff all to me. If a firewall is going to block a fragment, then it doesn't matter what options you put on it, it'll be blocked. If we're talking about a remote exploit, then how can you manipulate how the data is interpreted on the target? If you can affect your target remotely, then you've already hacked in far enough that the target is fubar.

They've fudged the whole issue of explaining these AETs to the community at large :

"Stonesoft is announcing the concept discovery, but it is not providing any details or tools that would arm criminals with the information needed to use these techniques. AETs are complex, and require the resources and funding that average hackers do not typically have"

Those "details" would not only arm the criminals with the attacks but also the world's security people with the defences.

Sounds like the biggest FUD scam for years!

Why is important to outsource DNS?

It's important to outsource DNS because it seems some sysadmins are not capable of understanding the difference between traffic routing a certain way because of BGP routing failures and traffic routing the right way by BGP but being told to go to the wrong IP address by DNS.

And as for some random DNS provider claiming it is fixing DNS's security problems by introducing it's own systems to combat cache poisoning etc...

What ? Why ?

Joining in with DNSSEC would be a more sensible solution than trying to shore up the existing technology. OpenDNSSEC is a open source package, so anyone can join in.

Then you just need a decent network/security administrator to put a security wrap around your systems and most of your "security" problems are solved.

No robot required?

Your suggestion that no robot is required is based on current usage patterns.

"You won't need a robot because every device in the drive will be connected."

But, with more "slots" available it probably makes sense to have a pile of cartridges ready to use, in a hopper, and an output hopper.

Then the robot can swap new RDX cartridge into drive and when it's written dump it in the hopper. Maybe even allow it to push daily rewritable carts back in the input hopper.

I can't see anyone producing a library that I can afford that allows me to connect my entire cartridge stock for the next year's worth of backups at the same time.

Given a choice?

OK, so you've got a choice between police and firemen today or no police/firemen today and a wonderful new anti crime/fire robot thingy next year, maybe.

I'd rather have the safety today thanks.

Of course, you could probably make some cuts somewhere else, but that's what the gov will propose as the only other option. Something you need vs something you'd like.

At the end of the day, they'll do whatever they want anyway.

Can you remember 50 characters for 6 months?

Can you remember 50 characters for 6 months?

I have enough trouble remembering a handful of 9 character passwords after a couple of weeks on holiday, let alone 6 months spent, presumably mainly at her majesty's pleasure or undergoing stressful complicated legal wrangling...

I don't believe it...

I can't believe this crap is patentable.

Spelling checkers work now by finding words that have a few similar characters in, generally somewhere near in the alphabet or phonetically.

Finding a replacement character that is nearby on the keyboard doesn't seem to be too big a leap intellectually and something I've been cursing about the lack of ever since I started using a "soft" keyboard.

Surely it needs nothing to do with a "pattern of dots". Simply take the 8 characters surrounding each typed character and search each of them through the valid word database. I'm guessing there would only be a couple of matches, (bearing in mind the design of qwerty was that normal English would have minimal striker collisions on an old mechanical typewriter running at speed.)

I expect indexing could be clever enough to narrow down most words after only a few characters.

Phones while driving are a bad thing

I drive to/from work along a motorway and most days there is some idiot in the middle lane getting slower and slower (down to about 40-50) and as you pass them you can quite clearly see that they are on the phone. Either talking or texting.

(Alternatively, someone in front slams on the anchors and veers wildly through traffic to the "slow" lane without looking in mirrors, to answer their phone. Because of course braking and veering on the M-way are much safer than continuing on your course at the same speed...)

I always find it amusing that American road safety people suggest that phones aren't as dangerous as :

"adjusting the radio, to eating and drinking, to tending a child in the rear seat, to reading, shaving, and applying makeup, to swatting bees"

Most of which are actually illegal in the UK, even while stationary.

I suspect even swatting bees would come under a generic "being distracted" category!

It'll end up like speed cameras

Just like speed cameras, there will end up being a database online somewhere linked in to google maps or GPS systems etc....

Maybe like the #uksnow tag in twitter someone could make something that uses geolocation on photos of ANPRs posted to twitter to build the database. (don't use the geo info from twitter, by the time someone tweets, they'll have left the area of the camera)

Maybe it strangled?

Looking at the picture, it's got cord around it's neck. Maybe the people who found it haven't got the message about death by strangulation...

Hotel / Prison ?

My guess is that the hotel was a prison or something similar with lots of equal sized rooms and has been repurposed.

Your room was one cell and the bathroom was the one next door.

(or maybe an office block with lots of equal sized offices)