I don't think the transfer occurs explicitly via LAN as other commenters point out, seems more likely Apple acts as a tunnel between the device requesting the keychain and the device authorising (sending) it.
A bot doesn't necessarily only scan port 22 in a range - nothing stops the bot herder making it scan 1-1024 instead.
The current vulnerability affects environments where untrusted code already executes. Since applets can be used to upload arbitrary code, it makes sense to block it. This isn't a political move I don't think, just a…
The only means I know of for one to reliably detect the image on the screen would be TEMPEST style attacks [1]. I doubt that Capita can afford to buy the necessary equipment, or even views it as economically viable…
It still seems to contain an unpatched code execution vulnerability from 2010, fixed in CS5 and up [1], I'd say that's "bad enough" to warrant not using it. [1] :…
At a guess: eventually, yes. I don't think this actually writes over the heap at all - it writes to the .bss section instead. In theory, if left to execute (without the INT3s) it'd probably segfault as soon as it hit…
Re: the second question, the problem with NX is that it only protects you from overflows where the attacker jumps into the buffer. Overflows are still exploitable with NX. The attacker instead jumps to a series of…
To add to grecy's comment: Your login Keychain is usually unlocked - it's encrypted with a key derived from your password that's held in memory from when you log in. You can lock your login Keychain (or any other) from…
These two 28C3 talks[0,1] discuss the precursor to such an apocalypse. [0]: http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.h... [1]: http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.h...
I don't think the article's intention is to convince people it's a con or crush the enthusiasm. Their points aren't illegitimate and their arguments are fair - isn't it prudent to criticise them and see how they respond…
The argument isn't totally correct. The Police can't just make allegations and force you to surrender keys - they have to convince a judge that the allegations are true, and that getting the keys to your random noise…
It's using sha256, which is far too fast. Key stretching is essential, especially when something as fast as a digest function like the SHA family is used. PBKDF2, as the article points out, can be used to increase the…
I don't think the majority of the feature exclusivity is hardware, it's about differentiating the devices. iOS hardware seems to have hit a convergence point. Although the specs are different, the perceived difference…
I hope it will raise awareness, but my cynical expectation is that the "Accept" button will become one people press habitually to get rid of an annoying banner. Sites abusing the Facebook Like button as a gateway to…
It'll be interesting to see if it achieves that goal. In my experience of watching my parents interact with a computer too many buttons translates to "complicated and scary". I think a more reserved approach might have…
Take a look at his comment history (turn showdead on first)[1]. He's a somewhat eccentric character. [1]:http://news.ycombinator.com/threads?id=losethos
They were, but my most recent experience has been that Windows will offer to make one for you on the first boot of a new machine.
I think the major downside is the world is immutable. For the search algorithm to run in short enough times to render in real time the point cloud needs to be organised very carefully. Part of the point cloud needs to…
The most significant part (I think, probably wrong) is on page 5[0] where he details the invalid instructions that do more than a NOP and why they're useful. [0] :…
The writing style does seem different, sentences in this release aren't terminated in some cases, whereas those from officially corroborated releases always are.
I don't think the transfer occurs explicitly via LAN as other commenters point out, seems more likely Apple acts as a tunnel between the device requesting the keychain and the device authorising (sending) it.
A bot doesn't necessarily only scan port 22 in a range - nothing stops the bot herder making it scan 1-1024 instead.
The current vulnerability affects environments where untrusted code already executes. Since applets can be used to upload arbitrary code, it makes sense to block it. This isn't a political move I don't think, just a…
The only means I know of for one to reliably detect the image on the screen would be TEMPEST style attacks [1]. I doubt that Capita can afford to buy the necessary equipment, or even views it as economically viable…
It still seems to contain an unpatched code execution vulnerability from 2010, fixed in CS5 and up [1], I'd say that's "bad enough" to warrant not using it. [1] :…
At a guess: eventually, yes. I don't think this actually writes over the heap at all - it writes to the .bss section instead. In theory, if left to execute (without the INT3s) it'd probably segfault as soon as it hit…
Re: the second question, the problem with NX is that it only protects you from overflows where the attacker jumps into the buffer. Overflows are still exploitable with NX. The attacker instead jumps to a series of…
To add to grecy's comment: Your login Keychain is usually unlocked - it's encrypted with a key derived from your password that's held in memory from when you log in. You can lock your login Keychain (or any other) from…
These two 28C3 talks[0,1] discuss the precursor to such an apocalypse. [0]: http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.h... [1]: http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.h...
I don't think the article's intention is to convince people it's a con or crush the enthusiasm. Their points aren't illegitimate and their arguments are fair - isn't it prudent to criticise them and see how they respond…
The argument isn't totally correct. The Police can't just make allegations and force you to surrender keys - they have to convince a judge that the allegations are true, and that getting the keys to your random noise…
It's using sha256, which is far too fast. Key stretching is essential, especially when something as fast as a digest function like the SHA family is used. PBKDF2, as the article points out, can be used to increase the…
I don't think the majority of the feature exclusivity is hardware, it's about differentiating the devices. iOS hardware seems to have hit a convergence point. Although the specs are different, the perceived difference…
I hope it will raise awareness, but my cynical expectation is that the "Accept" button will become one people press habitually to get rid of an annoying banner. Sites abusing the Facebook Like button as a gateway to…
It'll be interesting to see if it achieves that goal. In my experience of watching my parents interact with a computer too many buttons translates to "complicated and scary". I think a more reserved approach might have…
Take a look at his comment history (turn showdead on first)[1]. He's a somewhat eccentric character. [1]:http://news.ycombinator.com/threads?id=losethos
They were, but my most recent experience has been that Windows will offer to make one for you on the first boot of a new machine.
I think the major downside is the world is immutable. For the search algorithm to run in short enough times to render in real time the point cloud needs to be organised very carefully. Part of the point cloud needs to…
The most significant part (I think, probably wrong) is on page 5[0] where he details the invalid instructions that do more than a NOP and why they're useful. [0] :…
The writing style does seem different, sentences in this release aren't terminated in some cases, whereas those from officially corroborated releases always are.