Shared posts

01 Sep 04:22

Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks

by Bruce Schneier

This is interesting research::

Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display.

So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.

The notable exception to the rule above is when the terminal connects to the update server -- we were able to isolate the URL which is the same used by TVs, etc. We generated a set of certificates with the exact same contents as those on the real website (fake server cert + fake CA signing cert) in the hope that the validation was weak but it failed.

The terminal must have a copy of the CA and is making sure that the server's cert is signed against that one. We can't hack this without access to the file system where we could replace the CA it is validating against. Long story short we couldn't intercept communications between the fridge terminal and the update server.

When I think about the security implications of the Internet of things, this is one of my primary worries. As we connect things to each other, vulnerabilities on one of them affect the security of another. And because so many of the things we connect to the Internet will be poorly designed, and low cost, there will be lots of vulnerabilities in them. Expect a lot more of this kind of thing as we move forward.

01 Sep 04:22

Microsoft accused of adding spy features to Windows 7, 8

by Peter Bright

Windows' network activity continues to be scrutinized amid privacy concerns. Windows 10 was first put under the microscope with both new and old features causing concern. With its Cortana digital personal assistant, Windows 10 represents a new breed of operating system that incorporates extensive online services as an integral part of the platform. But its older predecessors haven't escaped attention, and questions are now being asked of Windows 7 and 8's online connectivity.

Windows 8 included many of the same online features as are now raising hackles around the Internet. While it had no Cortana, it nonetheless integrated Web and local search, supported logging in and syncing settings with Microsoft Account, included online storage of encryption keys, and so on and so forth. While a few privacy advocates expressed concern at these features when the operating system was first released, the response was far more muted than the one we see today about Windows 10. But a new addition has led to accusations that Windows 8 now mimics one of Windows 10's more problematic features: it reports information to Microsoft even when told not to.

Back in April, Microsoft released a non-security update for both Windows 7 and 8. This update, 3022345, created a new Windows service called the Diagnostics Tracking service. Microsoft describes this service as doing two things. First, it increases the amount of diagnostic data that the Customer Experience Improvement Program (CEIP) can collect in order to better diagnose problems. Second, it collects data for third-party applications that use the Application Insights service. Application Insights is a preview that allows app developers to track performance issues, crashes, and other problems of their applications. The Diagnostics Tracking service collects this data and sends it to Microsoft.

Read 7 remaining paragraphs | Comments

01 Sep 04:22

Marvel Studios, Feige No Longer Under Perlmutter's Purview

A Marvel Studios reorganization leads to president Kevin Feige now reporting to Disney chief Alan Horn instead of Marvel CEO Ike Perlmutter.
01 Sep 04:21

It's Not A Drone Anymore If Someone's Inside It

They already have a word for that, and it's "airplane."
01 Sep 04:18

© Max Wittert, 2015

by skinnygirlscomic

© Max Wittert, 2015

01 Sep 04:17

"Coffee is a lot more than just a drink; it’s something happening. Not as in hip, but like an event,..."

“Coffee is a lot more than just a drink; it’s something happening. Not as in hip, but like an event, a place to be, but not like a location, but like somewhere within yourself. It gives you time, but not actual hours or minutes, but a chance to be, like be yourself, and have a second cup.”

- Gertrude Stein, from Selected Writings (via violentwavesofemotion)
01 Sep 04:17



01 Sep 04:13

MassRoots applies to be first cannabis company listed on Nasdaq

Marijuana social networking app MassRoots announced Monday that it has applied to be listed on the Nasdaq Capital Market. If accepted, the company would be the first cannabis technology firm on the exchange.

The Denver-based company MSRT, +13.68%  , founded in April 2013, has been listed on the OTC Markets Group’s OTCQB marketplace, usually reserved for developmental stage companies, since April of this year. MassRoots connects marijuana users to other enthusiasts and area dispensaries via mobile app.

01 Sep 01:44

The Portland Thorns' Farewell to Remember Trumps a Season to Forget

by Abe Asher

sorry, saucie: "this Thorns team—the Yankees of the NWSL"

With the Portland Thorns officially eliminated from NWSL playoff contention before their last home game of the year against the Washington Spirit, attention at Providence Park turned to the final matches in the careers of goalkeeper Nadine Angerer and defender Rachel Van Hollebeke.

And that final match was a wild one, with six goals bookended by celebrations of those two players and their teammates. It finished 3-3, with the Thorns' 2015 struggles, potential, talent, and frustration all folded into one.

After going down 2-0 in the first half, Portland fought all the way back to take a 3-2 lead late in the second half on the playoff-bound Spirit, only to see Washington equalize just seconds after the Thorns' go-ahead goal. Portland had several chances to win the game 4-3 in stoppage time, but familiarly, failed to convert.

Angerer, the German World Cup and Ballon d'Or winner, was in turns tortured, elated, exasperated, and always gracious. Her body language alone provided all the fuel the Thorns needed in their second half comeback. Angerer's final game didn't go the way she planned, but hers was a career that hardly had room for a perfect sendoff match to add to a massive list of achievements and awards.

Angerer wasn't just a terrific goalkeeper in Portland, she was a terrific Portlander: genuine, interesting, warm, and almost universally beloved. This was a player who only enhanced her legend every time she opened her mouth. Keeping her around, if at all possible, is a must.

Van Hollebeke's final match—and final season as a whole—didn't go as planned either. She was one of the four players cut from Jill Ellis' final World Cup roster, and watched as her teammates went on to claim a glory and trophy that she missed out on in her time in the national team.

On this night, she was at fault for the opening goal after dawdling on the ball and seeing an open cross blocked, and had she continued, questions about her pace and fit in Paul Riley's system would have been loud this offseason.

But Van Hollebeke rebounded by setting up what was Jodie Taylor's go-ahead goal, and through everything, her positivity and appreciation of the good things in her soccer career and life were admirable. Now is as good a time as any for Van Hollebeke to bow out and start anew in medical school in San Diego. She has absolutely nothing left to prove.

The fans delivered too, with a full sellout of over 20,000 at Providence Park for only the second time in team history. Angerer was saluted in the first minute, Van Hollebeke in the 16th—corresponding with their respective jersey numbers—and the atmosphere for a nationally televised match on Fox Sports 1 was terrific throughout.

The fans were treated to a hell of a game too, with Portland's stirring comeback and some sensational skill from Washington's Crystal Dunn. It was almost good enough to forget about the fact that this Thorns team—the Yankees of the NWSL—were out of the playoffs with two games to go in the season. This campaign has, without a doubt, been a failure.

Whether you give Riley—whose job seems safe—and this team a pass because of their numerous injuries, World Cup absences, and problems integrating new players, or don't because of their budget, level of talent, support, and Riley's tactical struggles, one thing is for sure: Next year is do or die.

This year, the Thorns team never got right, World Cup absences or not. That's unforgivable, and it's what this organization will ponder for the next six months.

For this night though, and there is one more game at Western New York next week, the occasion was joyous. Thorns fans watched a frustrating team this year, but they were also watched an extremely likable group of players led by a likable coach who always tried to please.

As those players joined the Rose City Riveters in song on the capo stand after the match, that bond was at its strongest. Winning or not, Portland still has something that is the envy of the league—the same league that will host its championship game at Providence Park next month.

There's no telling how many of these players will be back in Portland next season. The Thorns have had a well-documented history of major offseason roster turnover. Hopefully the core of this team remains intact, if only so we can see what the 2015 season should have been in 2016.

This night, though, was about two terrific individuals, reminding us again that this sport is and always will be about the people who live it first and foremost. So as the Thorns get ready for their first fall without playoff soccer, nothing seems as important as wishing Angerer and Van Hollebeke the best. And that's just the way it should be.

01 Sep 01:25

attackonpepe: dulect: cuntinued: justbrosthings: retorn: sal...











The rot just looks at the pit like “you gunna say me right?” 

And then looks so happy that the pit did.

01 Sep 00:56


01 Sep 00:30

Wait. Who ate your homework?

Wait. Who ate your homework?

01 Sep 00:30

attackonpepe: fuckyahumor: penismanlyguy69:thanks netflix

01 Sep 00:30

rbertdowneyjr: when someone you hate mentions your name


when someone you hate mentions your name

01 Sep 00:29


01 Sep 00:29

saturnpolice: human beings in a mobwhats a mob to a kingwhats a king to a god


human beings in a mob

whats a mob to a king

whats a king to a god

01 Sep 00:29

tolaughterandbeyond: SLOW THE FUCK DOWN.




01 Sep 00:29

gold: rain-force: fruitcrocs: fuckyahumor: cumberbitchen221b:...







We have no idea what he’s doing…

drinking water but in a punk rock way

01 Sep 00:27

Supreme Court Rules Against Kentucky Judge in Gay Marriage Case -

Supreme Court Rules Against Kentucky Judge in Gay Marriage Case
The U.S. Supreme Court on Monday rejected a Kentucky county clerk's request to deny gay marriage licenses on the basis of religious objections. Kim Davis, the clerk in Rowan County, Kentucky, "holds an undisputed sincerely held religious belief that ...

and more »
01 Sep 00:24

→ Google’s OnHub Router Gets Rough Treatment in Early Reviews


'Even though it’s designed as a smarthome hub — supporting Google’s Weave, and industry standards Thread and ZigBee (via 802.15.4), as well as Bluetooth Smart Ready — there’s no way to use those standards or radios in the devices that reviewers received.

The USB 3.0 port is used only for a hardware-based restore. It can’t yet be used for hard drive or printer sharing.

A touted interference-avoiding feature designed to reduce congestion didn’t work for some reviewers and performed inconsistently for others. This feature also has a key flaw that no reviewers mentioned but I’ll explain below.

While the OnHub is a simultaneous dual-band router, there’s no provision to set the 2.4 GHz and 5 GHz network names distinctly, as on gear from Apple and other makers. This can be useful for segregating high-throughput devices for video streaming (in 5 GHz) from other gear that just needs consistent and long-range access (in 2.4 GHz).

The OnHub can’t access some features — like seeing which devices are connected and changing its name — via the local network if there’s trouble with its Internet connection. Google loves its cloud, and functionality is compromised when the Internet goes down.

The way in which cables are plugged in bothered many reviewers because there’s not much space inside the outer sleeve. The OnHub comes with low-profile cables, but regular cables may not work.'

The reviewers who seemingly tested coverage and features the least had the best things to say about the OnHub; those who performed more complete tests were the least impressed.

How does anyone not love Glenn Fleishman?

∞ Permalink

01 Sep 00:23

Apple is reportedly planning to make its own movies and TV shows

by Rich McCormick

Apple is in talks as part of a possible move into producing its own original programming, Variety reports. According to the publication, the company is looking to start hiring for a new development and production division in the next few months that would go into operation next year, producing content to rival streaming services such as Netflix and Amazon Prime. It's not clear whether this new division would produce TV shows, movies, or both, but a unit within the Apple has reportedly already entered discussions with Hollywood executives, reporting back to Eddy Cue.

Variety says that Apple's plans are in the early stages, but that the company has increased its interest in producing its own TV shows or movies in recent months, making an offer to ex-Top Gear hosts Jeremy Clarkson, James May and Richard Hammond in July, before the trio were eventually snapped up by Amazon.

The company may already have the relationships in place to produce its own content — it's understood that Apple is currently in negotiations with networks and production companies to feature on its own internet TV service. Original programming would be a feather in the cap of any such service, working as shows such as Orange Is The New Black and House of Cards have for Netflix as differentiators in an increasingly crowded market. For now though, Apple has declined to comment on "rumor and speculation."

01 Sep 00:22

The Super Mario Maker Manual Offers Helpful Life Advice, Too

The Super Mario Maker Manual Offers Helpful Life Advice, Too

The Super Mario Maker Manual Offers Helpful Life Advice, Too

01 Sep 00:18

Mad Max Ubers Are Driving Around Seattle

Seattle’s gaming convention PAX Prime will play host to the Mad Max Ubers, so if you’re looking to catch a Warboy, head to the Seattle Convention Center. According to the press release from Uber:


  • Open the Uber app in downtown Seattle and request MAD MAX.
  • Demand will be high and availability is limited, but if your timing is right, a Warboy will swoop you up in a car ripped from the world of the Mad Max video game and brought to life on the streets of our fair city!
  • Cars vary in size. Your Warboy will let you know how many riders (1, 3, or 4) he can keep safe from marauders.
  • Trips must begin and stay within downtown Seattle. The Wasteland is vast and gas is precious—the Warboys must remain near their Stronghold.
  • Your dollars are worthless in the Wasteland. Payment shall not be required.

31 Aug 23:56

Stop Preordering Video Games

This isn’t the first time I’ve said this. It won’t be the last. More than anything else—the advertising, the budgets, the DLC—it’s the culture surrounding preorders that is most responsible for the trail of broken and unfinished games that clutter the sales charts, and for the anger and angst that follow in its wake.


There once was a time, 10-15 years ago, when the concept of pre-ordering made sense. Every video game on the market was pressed onto a disc, and those discs had to be manufactured, shipped and sold in a store. Often, due to demand, popular games would sell out, leading to frustrated customers (and lost profits for businesses).

Soon enough, though, companies like Gamestop and Amazon figured out that if you could pay for a game before it shipped, then you could avoid missing out. Publishers would have a better idea of how many boxes they’d actually need to ship, and customers could guarantee they’d get hold of the latest game as soon as it was released, avoiding the small but genuine heartache of a sold-out sign.

It was a good arrangement! At least, it was for a time. It didn’t take long for publishers and retailers to realise, though, that once a customer put their money down for a game that wasn’t finished, that customer was on the hook.

Usually, preordering the game only costs a percentage of the final price. You pay a small sum up front, and the full price when you pick up the game. You may think that by putting $10 (or more!) down on a game you’re interested in, you’re reserving yourself a copy. Maybe getting some sweet Collector’s Edition swag. But in the eyes of publishers, you’re a guaranteed sale, regardless of what kind of state the game actually ships in once it’s deemed finished.

This is a serious problem. There once was a time when, even moreso than advertising, video game reviews and word of mouth played the most important part in determining the success of a new game. A commercial can tell you anything, but if someone you know or at least trust has played a game you’re interested in and has an opinion on it, that information is far more useful.

“This game is awesome!” is what an advertisement will tell you. “This game is kinda ok but also broken in parts and runs badly!” is what a friend or a review might say. One of those things is a lot more useful than the other.

If you’re in the business of making or selling video games, opinions can be bad for business. Same goes for facts, like the fact that a game doesn’t run well on PC, or the fact that the credits roll after just a few boring hours. Preordering removes both of those things from the equation. By getting your commitment to purchase a game in advance, when all you’ve got to go on is a marketing campaign, you’re signaling that you’re totally cool spending $40-$60 on a game simply on the strength of how it’s been marketed.

“This game is awesome!” is what an advertisement will tell you. “This game is kinda ok but also broken in parts and runs badly!” is what a friend or a review might say.

Time was, you could download a demo of a game and try it out at home. Why have demos more or less ceased to exist? Preorders are why. Want to know why exclusive missions and items are withheld from everyone’s game and are instead sprinkled across various competing retailers? Preorders are why. Want to know why it’s now accepted that you can sometimes pay more for a multiplayer game and start with a competitive advantage? Preorders are why.

Last fall’s Assassin’s Creed Unity launched with noticeable technical issues on consoles and PC. What incentive does Ubisoft have to improve the next game in the series if people are already preordering it? What incentive does Microsoft have for learning from its disastrous Halo: The Master Chief Collection if tons of fans have gone ahead and put down money for Halo 5? Little to none.

Warner Bros.’s move to take Arkham Knight off Steam is almost unprecedented, and I’m guessing there’s a reason for that: Steam’s new refund policy. As Arkham Knight’s PC version fell on its face, Steam users were for the first time exercising their rights en masse to get their money back. Publishers have been taking abuse and criticism for years and simply rolling with it. They’ll promise fixes and sometimes they’ll deliver; sometimes they won’t. While I don’t know how many people actually got Steam refunds for Arkham Knight, I’d guess that Warner was taking enough of a financial hit that they pulled the game—again, almost unprecedented for a AAA game like this one—and promised to come back when it was fixed.

31 Aug 23:45

Ashley Madison Code Shows More Women, and More Bots


'Mr. Falcon pointed out that there’s actually a special bot service, called “RunChatBotXmppGuarentee.service.php,” apparently designed just for interactions with customers who paid the premium $250 for a “guaranteed affair.” When I checked the code, I found Mr. Falcon was right. It appears that this bot would chat up the man, urge him to pay credits, and then pass him along to what’s called an “affiliate.” Likely the affiliate is a third party that provides a real person for the man to chat with. It might also be connecting him to an escort service.'

Several women specifically urged me to investigate how “women seeking women” were handled in the database and code. Many had met other women for threesomes with men, or just for a lesbian romp outside their heterosexual marriages. I decided to take their advice, because now it was clear that a lot more women were active in the membership than I initially believed.

What I found was that there are over 770,000 women seeking women in the database, out of 5.5 million women overall, and none of them are hosts. That’s 14 percent, much higher than the estimated 1.5 percent of lesbians (and .9 percent of bisexuals) in the U.S. population. These may not be active accounts, but they don’t appear to be Ashley Madison engagers either. If there are real women behind these accounts, we know they aren’t getting bombarded with bot messages. Bots avoid women. And comments in the code reveal that “woman seeking woman” profiles aren’t shown to straight men. It would seem that the only members of Ashley Madison who aren’t inundated by spam and randos are women who seek trysts with other women or couples.

There are also about 345,000 men seeking men in the database, and we know from the patch I mentioned earlier that developers were working hard to prevent the engagers from harassing these guys too. It’s possible, as one person put it to me in email, that Ashley Madison was actually a pretty decent hookup site for gay people—but that was mostly because the system was designed to ignore them.

31 Aug 23:12

Newswire: Dan Harmon, Will Ferrell, more to appear on season three of Drunk History

by Sam Barsanti

'Drunk History veteran Jason Momoa as the pirate Jean Lafitte' whoa, uh, shit. OK

Comedy Central’s Drunk History probably isn’t the most effective way to learn anything, but it’s one of the more entertaining ways. With the show returning for another year tomorrow night, host Derek Waters has announced some of the famous faces we’ll be seeing. In an interview with Entertainment Weekly, Waters revealed that one upcoming episode will feature Will Ferrell and Octavia Spencer as Roald Dahl and Harriet Tubman (respectively), and Alia Shawkat will show up as a one-legged spy named Virginia Hall. Other episodes will see Josh Hartnett playing Clark Gable, Drunk History veteran Jason Momoa as the pirate Jean Lafitte, Sam Rockwell as Bugsy Seigel, and Dennis Quaid as Lucky Luciano.

As for the narrators who actually tell the historical stories, Entertainment Weekly says Waters “met his match” in Community creator Dan Harmon. Waters says he usually tries to get to the same “level” as ...

31 Aug 23:10

Newswire: President Obama to hack it in the wild with Bear Grylls

by Danette Chavez

President Barack Obama’s eight-year tenure is drawing to a close, leaving us to wonder if he’ll follow up his historic time in office by hosting a podcast or becoming the next James Lipton. But Deadline reports that before he returns the keys to the White House, the President will head to Alaska to rename a mountain and brave the wilderness with Bear Grylls.

President Obama recently announced that he would travel to Alaska to talk about global warming, in part because the state is home to some of the most visible effects of climate change. While there, the President will also grant the request of native Alaskans who want the name of the country’s tallest mountain, Mount McKinley, to be formally changed to Denali.

President Obama will then receive “a crash course in survival techniques” from the titular host of Running Wild With Bear Grylls. The President ...

31 Aug 23:10

Lenny BruceThe FBI Vault

Lenny Bruce

The FBI Vault

31 Aug 23:05

Mixology and the Maker Movement

by Kelly


hey Russian, multitask, Overbey, y'all are makers now. congrats

'Mixologists, many of whom were found in port cities like New York, New Orleans, and San Francisco, had access to fresh produce, spices, and sugar and made their own ingredients like gomme syrup, raspberry syrup, and pineapple syrup. This was the Golden Age of drinking and it was due to the American spirit (what we would call DIY now) combined with technology that made it happen. Sounds like the 19th century version of Maker culture to me.

Flash forward to Prohibition. All of that innovation was thrown out and the only thing that became important to the drinking public was that they could get any alcohol at all. The quality dropped dramatically and no one cared anymore if the drink was a good one.

When Prohibition was repealed, the cocktail culture didn’t return. All of the practitioners of cocktail making fled around the world and hung up their hats and retired.'
'With the rise of DIY culture around the turn of the 21st century, so too did the American Bar become a place of making things for themselves. ... Fake flavored vodka saw its first erosion of market share. A revolution was forming. One where craft was celebrated. The DIY movement had met the cocktail bar and it was glorious. Now, everyone is making their own bitters.'


'I have concerns about robot bartenders. The danger that the Maker Movement has yet to address is the erosion of interpersonal relationships. Technology has the power to connect us deeply with society, but all too often it is isolating us. As we build more and more devices to assist us with our daily lives it removes the human interaction that used to be necessary to complete the same chores.

So too with robot bartenders. Amazing machines, often filled with whimsy and awe. Right now the appeal is of a wow factor. But as it becomes commonplace it will erode that novelty. The ability to perfectly execute a complicated cocktail time and again with speed is something any bar owner covets. With no hourly wage to pay, workman’s comp to pay into, or annoying interpersonal dynamics to sort out, they seem like a panacea.

But we risk losing the very thing that holds us together. Us. A well crafted cocktail has soul. It has heart. It comes from passion. Watching a person carefully create a cocktail in front of you is a spectacle of the human kind. Any machine can do it if you program it correctly, but a human is something unique unto itself. Human interaction challenges the brain in ways that no repeatable function can. It teaches us about our own humanity. Who we are in the world.'


Interesting interview by Emily Coker in MAKE with Jared Preston on the history of mixology’s relationship with the maker movement:

Recently, I’ve been fascinated with the various crossovers within the Maker Movement and different areas of everyday life. Can you be a “Maker” if you are an artist, a chef, or designer?

I wanted to learn more, especially in the bartending and culinary world. I decided to ask a mixologist and good friend of mine, Jared Hirsch, to answer some of the questions swirling in my head. Hirsch has made a name for himself in the world of cocktails and mixology. He just started his own business off of an inventive idea for a cocktail syrup called “Caged Heat.” As of late, I’ve been fascinated with mixology and the modern twists to bartending, noticing that many old practices are being revived. This got me thinking about how the Maker Movement may play a bigger role in the world of food and beverages. I mean, why not? People are becoming increasingly more and more creative in all aspects of making.

Read more.

31 Aug 23:03

bibulb: rnightiest: every-kiss-begins-with-potassium: a)...


via Toaster Strudel




a) perfect example of people discrediting clever idea & intelligence of a female due to her appearance, and
b) all these people wouldn’t have noticed her kit, which was her goal in the first place

Lol “she also wears sexy clothing to distract people from the bulky shoes” She’s a genius, really

What’s extra-wonderful is how much she calls attention to that in her notes on her Imgur for this project

So I got to thinking- if I had to do penetration testing on a corporate facility, how would I do it? Social engineering for one- I’m a natural honeypot. I think there’s a reasonable chance that a guy might invite me back to their office after a few drinks in the neighborhood? :-P But a handbag would be suspicious and leaving cell phones at the gate would be standard practice in any reasonably secure facility. My typical clothing does not leave room to hide anything- but that’s all the more reason they would not be suspicious of me. 

And then at the end : 

Edit: Normally I have to sort though about 50% identical replies to my posts on Reddit. For those flexing their fingers and getting ready to give me a hard time: Yes, they are fake. Yes, I feature them prominently and deliberately in everything I do. No, most of my projects do not have all that much technical merit- they are 90% silicone and 10% silicon ;-) No, if you point out the absolutely obvious no one will think you are insightful, edgy or cool. They will think you are 12. 

And that very last part deserves repeating with a call-out : 

No, if you point out the absolutely obvious no one will think you are insightful, edgy or cool. They will think you are 12.

I’m not 100% on board with her aesthetic in general, but meh - she doesn’t need me to be so. IT AIN’T FOR ME, IT’S FOR HER. 

And in the meantime, DAMN those are some awesome shoes. Go back to her general Imgur page for some of her other projects - I wanna see someone do her Hikaru skirt sometime soon.