Part of my job is to review security footage for reported incidents.
If there is a long-lasting visual cue that the event has or has not happened yet (e.g. a window is either broken or not), then a binary search is very useful.
If the event lasts only a moment and leaves no visual cue (e.g. an assault), then binary search is practically useless.
Remember Valentine’s day 2004, when San Francisco county started issuing marriage licenses to same-sex couples?
Thousands of couples showed up. Some from the other side of the planet, some from the other side of town. The County Clerk was overwhelmed and there weren’t nearly enough wedding officiants to keep up. So they put out a call for volunteers to be deputized by the Clerk as county marriage commissioners. I volunteered and officiated at dozens of ceremonies at city hall.
Still have my official commission hanging on my wall.
SSL/TLS, the “S” in HTTPS, and other network encryption protocols such as SSH, use a technique called a Diffie-Hellman key exchange. This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).
You and Youtube only ever exchange the public halves of your respective key pairs. If someone snoops on the key exchange all they can do is insert spoofed messages, not decrypt real ones.
Moreover, the keypairs are generated on the fly for each new session rather than reused. This means that even a future compromise of youtube won’t unlock old sessions. This is a concept called forward secrecy.
Message spoofing is prevented by digital signatures. These also use the Diffie-Hellman principle of pairs of public/private keys, but use separate longer-term key pairs than those used with encryption. The public half of youtube’s signing key, as presented by the server when you connect to it, has to be digitally signed by a well-known public authority whose public signing key was shipped with your web browser.
Even the researcher who reported this doesn’t go as far as this headline.
“I am an admin, should I drop everything and fix this?”
Probably not.
The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection’s traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection’s encryption mode.
[…]
“So how practical is the attack?”
The Terrapin attack requires an active Man-in-the-Middle attacker, that means some way for an attacker to intercept and modify the data sent from the client or server to the remote peer. This is difficult on the Internet, but can be a plausible attacker model on the local network.
I have a friend who’s an artist and has sometimes taken a view which I don’t agree with very well. He’ll hold up a flower and say “look how beautiful it is,” and I’ll agree.
Then he says “I as an artist can see how beautiful this is but you as a scientist take this all apart and it becomes a dull thing,” and I think that he’s kind of nutty. First of all, the beauty that he sees is available to other people and to me too, I believe. Although I may not be quite as refined aesthetically as he is … I can appreciate the beauty of a flower.
At the same time, I see much more about the flower than he sees. I could imagine the cells in there, the complicated actions inside, which also have a beauty. I mean it’s not just beauty at this dimension, at one centimeter; there’s also beauty at smaller dimensions, the inner structure, also the processes.
The fact that the colors in the flower evolved in order to attract insects to pollinate it is interesting; it means that insects can see the color. It adds a question: does this aesthetic sense also exist in the lower forms? Why is it aesthetic? All kinds of interesting questions which the science knowledge only adds to the excitement, the mystery and the awe of a flower. It only adds. I don’t understand how it subtracts.
As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.
So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?
Which is a real thing in canon. Bajor’s application was put in jeopardy when they briefly reinstated a caste system, which violated Federation equality rules.
I refuse to use the Brave browser, and I was prepared to abandon Firefox, over then-CEO Brendan Eich’s $1000 donation in support of California’s proposition 8 (banning same-sex marriage). I will never forgive the supporters of that proposition. I will not knowingly support their businesses.
I’ve lost all respect for Scott Adams (of the Dilbert comic strip) and Kelsey Grammar (Frasier actor). Their continued support for Donald Trump is damning.