I upgraded to 1.10.7 2 weeks ago. Pulling the trigger on 1.10.8.

@DustinB3403 said in Starwood/Marriott Reservations Database Breached ... for FOUR YEARS:

@srsmith said in Starwood/Marriott Reservations Database Breached ... for FOUR YEARS:

On today's episode of "Another day, another data breach"... :crying_face:

Mind boggling how someone could have 4 years of unauthorized access and not get caught. Doesn't their "IT" staff check security logs periodically?!

What? We have logs? Do they float down the river?

Wrong logs..
They float down the sewer...

Do they even have a website at this point?

Reminds me of watching earlier versions of ASIMO.

@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@JaredBusch said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@Dashrender said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

@nadnerB said in Why aren’t chip credit cards stopping “card present” fraud in the US?:

A significant majority of cards here in Au have a "tap 'n' go" feature. There are idiots the put a nail punch into the chip several times to "disable" the "tap 'n' go" feature to make their card "more secure"... which send them right back to magnetic strip swiping... #MeatwareMayhem

Even when it's important to them, the end user refuses to educate themselves.

While I'm not surprised to hear about hole punching - I've never heard about it - what, do they just not want to be more secure? Why kill the chip?

Because part of the chip is RFID capabilities. Stupid humans still.

I guess when I read his comment I thought the hole punch people were only trying to disable the chip, and not TAP, but their overzealous punching also caused damage to the TAP chip..

The RFID is not a separate chip. It still uses the same chip. The antenna may be on the other side, but the brains are all in the one chip.

OK I'd like to think this is right - as it would totally make sense.

the problem I have with it is that tapping takes a fraction of the time to authenticate a transaction compared to plugging the card into a reader - is the wireless read just that much faster? or is TAP really not doing an challenge response situation like chip is?

Note: We need more threads using the "poo lettuce" tag...

Boeing might be screwed these days 😉

We are starting to use this now.

@nadnerB said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

@scottalanmiller said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

@nadnerB said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

@scottalanmiller said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

@tonyshowoff said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

@black3dynamite said in BlackBerry to Acquire Cylance for $1.4 Billion in Cash:

Damn, where are they making their profits from?

My guess is likely some sort of drug trafficking empire.

I imagine cartels using things like pagers and Blackberries for some reason.

They do here. Even fly to Mexico to get them apparently.

They have tunnels for those things 😉

Rather long tunnel from here.

They are prepared to go around the wall.

@DustinB3403 said in Some New Macs Risk Bricking from Third Party Repairs:

@dafyre said in Some New Macs Risk Bricking from Third Party Repairs:

@Dashrender said in Some New Macs Risk Bricking from Third Party Repairs:

@DustinB3403 said in Some New Macs Risk Bricking from Third Party Repairs:

Yeah I kind of have an issue with this. . .

It's my device, if I want Joe from the mall kiosk to replace whatever in my device, that is my right to do, and I'd be the responsible person who risk the device being broken further or compromised with non-oem parts.

On the other side of the conversation I understand Apple's reasoning for this and it's sounds like they simply want users to use OEM only parts, but they use this guise of "for security".

Which also kind of irks me. . .

Why do you call it a guise? If Apple doesn't make the interconnect APIs available, who knows what those knockoff people are making.

I'm back to the point where the device should likely just hit you with a warning every 24 hours that you might have compromised shit installed - but I'm guessing that Scott and others will be against that level of frequency.

I'm against a one time notice of there being a perceived security issue in the device.

I'm not against a notification -- but every 24 hours seems excessive. Maybe a 30 second notification every reboot -- something that doesn't require any action other than waiting the 30 seconds.

But this is just an "you may have been" there is no proof that something has been compromised. Just the possibility because a non approved person or company has worked on property you own.

I think any notification that would force you to wait, period would be overly intrusive.

Right, you MAY have been compromised with Apple's own stuff, too. But they would "conveniently" not show a warning. Therefore the warning would have nothing to do with risk, and everything to do with FUD.

@PhlipElder said in Windows Server 2019 is back on:

Downloaded both the 1809 server and desktop clients from Volume Licensing Service Centre yesterday so the .ISO files are up on that side.

Note that once the .ISO files are down, they are .107 so they will need the latest Servicing Stack Update (SSU) and Cumulative Update (CU) slipstreamed in to be current.

Thanks - I looked in VLSC when this was posted here yesterday and it still wasn't posted. It is now posted and I'm downloading.

I'm curious as to how they'll deal with depletion of their 256 bit UUIDs and/or spoofing or anything else. We can know is that Google (and others) will have a way that works across IP addresses that will provide a fairly unique way of identifying you no matter what. Presumably some browsers will let you change it or have it different in privacy mode or whatever, but like with Don't Track we'll can almost guarentee that even if there is a standard some other company like Microsoft will implement it just differently enough to make a lot of it pointless... other than the connection speed I guess.

People are already gungho about this, some thinking that it's a total replacement for the TCP stack which is utterly stupid. I first read about this in mid 2017 and noticed it seemed to be sort of a spin on MinimaLT which was specified to deal with mobile IP (as in protocol, not address) issues.

😕