Are the days of the C programming language (finally) ending?

Some would argue that the C language is the biggest cause of data security problems, I disagree, since we all know it's people who are the problem.

That said, the fast and loose nature of C is definitely a big contributer to the vulnerabilities, and  I do think that modern programming environments can fix more of that than they do.

In this Slashdot article, open source guru Eric S Raymond posits that C and specifically C++ are way more trouble than they're worth, and being replaced by languages with Garbage collection, like Java sorta, but more like Go, since it scales way better, and not Rust since it's not complete yet.

Really good read, he has a good style and you don't need to be a foll time developer to understand it

Krebs explains how to block leaking of your salary and employment data

Brian Krebs, consumer privacy and cyber security warrior, writes a series of blog posts exposing more privacy-violating practices of the credit reporting agencies, including Experian and Equifax here: https://krebsonsecurity.com/2017/11/how-to-opt-out-of-equifax-revealing-your-salary-history/#more-41495

Word macroless attack? Well, DDE instead.

According to Ars Technica: https://arstechnica.com/information-technology/2017/11/russia-linked-fancy-bear-attacks-abuse-macro-less-ms-word-to-infect-pcs/

The Russians are sending phishing attacks that use DDE to download malware.

So if you see this - DON'T CLICK THE BOX!

 

You already knew not to click this, so same thing:

 

 

 

So if you're Logitech, the end of the warranty period is the expiration date...

From Bleepingcomputer.com

Logitech Will Intentionally Brick All Harmony Link Devices Next Year 

Updated 11/13/2017 - Free updated hardware for all customers!

By Catalin Cimpanu

Logitech will intentionally brick all Harmony Link universal hubs next year, on March 16, 2018. The company has emailed all Harmony Link customers with the bad news.
There is nothing wrong with Harmony Link devices.

The company says a "technology certificate license" will expire next year, which they don't intend to extend.

The supposed license is crucial for Harmony Link devices, which means the company will have to shut down all products or face a legal battle with the unnamed certificate license owner.
In simpler words, Logitech has decided to give up on a product it advertised for the past few years just to cut some costs and will ship a firmware update on March 16, 2018, that will render all Harmony Link devices unusable.

https://www.bleepingcomputer.com/news/hardware/logitech-will-intentionally-brick-all-harmony-link-devices-next-year/

I guess I dodged a bullet on that one - it's more than $100 for the hub and controller.  

I guess there's a reason that Logitech is known as the place "good technology goes to die"

So Logitech just figured out how to get me to pay monthly for one of their products.  Either make it disposable like a $15 mouse, or divide the product by its life in months. The $180 hub should last 5 years, so I'll pay $3 per month.  Plus, they'll have to update its software to get me to keep paying after 5 years anyway.

Sony did the opposite on my Blu-ray player.  They added Pandora for free after I already owned it, but a couple of years later I bought a $1700 camera.

I'll just leave this here...

Jason Scott‏ @textfiles  23h23 hours ago

AND FOR OUR NEXT TRICK: An Apple II Emulator Running in a Mac Emulator Running In Your Browser https://archive.org/details/2InaMac 

18 replies177 retweets461 likes

 

 

 

Ethereum! The continuous train wreck!

https://motherboard.vice.com/en_us/article/ywbqmg/parity-multi-signature-wallet-vulnerability-300-million-hard-fork

Someone ‘Accidentally’ Locked Away $300M Worth of Other People's Ethereum Funds

And a hard fork is on the table.

Jordan Pearson

Nov 7 2017, 11:24am

Image: Shutterstock

On Tuesday, a single user permanently locked down dozens of digital wallets containing nearly $300 million dollars worth of ether, the unit of exchange on the Ethereum platform, allegedly by accident.

Now, some in the Ethereum community are considering the possibility of a risky network split, known as a "hard fork," to fix it.

The affected wallets—known as "multisignature" wallets because they require multiple people to sign off before funds are moved, making them popular with companies—were all created with Parity, a popular program for digital wallets. Parity multisignature wallets experienced a bug in July that allowed a hacker to steal $32 million in funds before the Ethereum community scrambled to band together to hack back and secure the rest of the vulnerable ether.

According to a blog post released by Parity on Tuesday, the code that fixed the July bug contained another vulnerability. That vulnerability allowed a user known as "devops199" on GitHub, a site for developers to collaborate on open source code, to allegedly accidentally trigger a function that turned the contract governing Parity multisignature wallets into a regular wallet address and made him or her the owner. Devops199 then killed this wallet contract, or, as Parity put it, "suicided" it. This made all multisignature wallets tied to that contract instantly useless, their funds locked away with no way to access them.

Facebook Australia's solution to revenge porn? Send all your nude selfies to us!

No kidding.  If you send your potentially embarrassing photos to them, they'll create a special "hash signature", and throw the picture away.  That way, if a miscreant, malcontent, or any other all around bad person tries to upload it, they'll tell in a flash, delete the picture, and see that the varlet gets their justice!

http://www.abc.net.au/news/2017-11-02/facebook-offers-revenge-porn-solution/9112420

Update:  Well, I do stand corrected.  This isn't the dumbest thing in the world, although it does seem that way.  They have worked with actual experts in law enforcement and mental health, and have spent some serious thought on the problem, and it looks like if it's not a solution of part of the problem, it's a genuine Good Try. 

The files to send to Facebook are actual ones that have either escaped to the web, or are expected to go, and Facebook will match them using fuzzy hashes, which can survive past some image manipulation like cropping,  resizing, and re-rezzing ( I think ).

To Facebook, you have my actual respect for actually trying something bold against a really hard problem.

Responses to Comcast's "We're friends with net neutrality - Honest!"

Do you keep seeing this from Comcast?

Comcast Supports net neutrality...

There are plenty more here:
https://twitter.com/comcast/status/885165857810386946?lang=en

Really?

Not so much

Verizon isn't spamming my twitter feed, but still...( From Techdirt who's following this well)
Verizon Lobbies FCC To Block States From Protecting Broadband Privacy, Net Neutrality

Since the FCC is trying to kill Net Neutrality, many (30 atp)  states are passing their own net neutrality and privacy laws and the ISP's are freaking out, and the lies are coming at broadband speed.  And you guessed it, Comcast was right there, although hiding behind the name "Internet Association"



This set of pop up lies was played on TV in California, and And EFF's blog is a good place to find the shenanigan here,  or here - the pop-ups they're talking about are the ones the ISP's are saying they'll have to put in themselves every time they want to sell your data, unless you opt-out.  They will, however, have to notify you every time they change their terms of service, which they don't want.



We can act now by supporting the EFF

Update (11/6/2017) :  And they just keep on giving - and crying to the FCC to make the states stop hurting their feelings: Comcast Urges FCC To Ban States From Protecting Broadband Privacy, Net 

Just remember - Nobody Cares!  and These are not the droids you're looking for...

According to G Clueley, Mailchimp has jumped the shark

https://www.grahamcluley.com/can-no-longer-recommend-mailchimp/

Apparently until recently they were defaulting to double-opt-in, asking the recipients of newsletters  whether they had really signed up for a service, and were, well, kinda preachy about it. (Good!)

Inexplicably, they have moved to single opt-in where anyone can sign up anyone else for services provided by Mailchimp.

Also inexplicably, they are going against the GDPR for mailing to europeans, and have no clue about it.