|
Hi Rick,
Not sure why you felt the need to downplay this security issue. I refrained from replying initially... and decided to wait until this thread left the front page.
If you have a recent Intel processor[^]... there is a second ARC SoC[^] on the chip running the ThreadX operating system[^].
As it turns out... all you need to do is pass a NULL hash in the HTTP authentication header[^] to gain complete control of any machine on the network managed via AMT.
Let me put this into perspective... Microsoft[^], Google and thousands of other companies are utilizing Intel AMT[^] on some employee devices... including R&D software engineers. Someone could walk into the guest lobby... connect to the guest WiFi and potentially connect to any AMT enabled device on the network and clone the hard drives. AMT enabled devices listen on port 16992 and this port is generally whitelisted to allow system administrators access to employee machines on all networks.
Best Wishes,
-David Delaune
modified 6-May-17 2:33am.
|
|
|
|
|
What are tech workers' heart's desires? Consider how many of them you could implement in your shop, and make the staff's dreams come true. "I hope I die before I get old"
Yeah, too late.
|
|
|
|
|
Microsoft announced a new code-builder addition to Minecraft: Education Edition, meant to help students learn coding skills through the popular game. I'd make a 'code block' joke, but that would be lame
|
|
|
|
|
“Everything that runs on Windows 10 S is downloaded from the Windows Store,” says Microsoft’s Windows chief Terry Myerson. Just don't call it Windows RT 2.0
|
|
|
|
|
Windows 10 Store?
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
Afzaal Ahmad Zeeshan wrote: Windows 10 Store? It's actually called the windows store, but there are only 10 apps worth downloading from it -- which no-one can find, anyway, because they're buried under the millions and millions of worthless apps.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Fixed that for you...
Sudden Sun Death Syndrome (SSDS) is a very real concern which we should be raising awareness of. 156 billion suns die every year before they're just 1 billion years old.
While the military are doing their part, it simply isn't enough to make the amount of nukes needed to save those poor stars. - TWI2T3D (Reddit)
|
|
|
|
|
Y'know, I can't help but wonder how many people are wandering the halls of Redmond, fingering their prayer-beads, and muttering the mantra "Please let us call it windows 11. Please let us call it windows 11..."
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Sounds like a poor attempt to get people to write UWP apps.
i cri evry tiem
|
|
|
|
|
|
Coinbase sees a lot of motivated attackers, it’s one of the things that makes working in security at Coinbase so interesting. Addendum to the 'Microsoft is replacing the password' article
modified 1-May-17 21:35pm.
|
|
|
|
|
Why does the link go to an InfoWorld article about YAJSF (yet another JS framework) ?
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Prolly because I need a nap. Fixing. (And thank you)
TTFN - Kent
|
|
|
|
|
"Invisible Manipulators of Your Mind" by Tamsin Shah, New York Review, 04/27/17 [^] Quote: In 2007, and again in 2008, Kahneman gave a masterclass in “Thinking About Thinking” to, among others, Jeff Bezos (the founder of Amazon), Larry Page (Google), Sergey Brin (Google), Nathan Myhrvold (Microsoft), Sean Parker (Facebook), Elon Musk (SpaceX, Tesla), Evan Williams (Twitter), and Jimmy Wales (Wikipedia).3 At the 2008 meeting, Richard Thaler also spoke about nudges, and in the clips we can view online he describes choice architectures that guide people toward specific behaviors but that can be reversed with one click if the subject doesn’t like the outcome. In Kahneman’s talk, however, he tells his assembled audience of Silicon Valley entrepreneurs that “priming”—picking a suitable atmosphere—is one of the most important areas of psychological research, a technique that involves offering people cues unconsciously (for instance flashing smiley faces on a screen at a speed that makes them undetectable) in order to influence their mood and behavior. He insists that there are predictable and coherent associations that can be exploited by this sort of priming. If subjects are unaware of this unconscious influence, the freedom to resist it begins to look more theoretical than real. Even though Mark Z. wasn't there, you can bet he and the social-teratoma-posing-as-playground-for-screen-addicts he created are no slouch in the manipulation synapse-race as suggested by this very recent story: [^].
They are after us ... all of u$.
p.s. "Thinking, Fast and Slow" by Kahneman (2002 Nobel Prize in Economics) is a humbling read: if you are feeling suicidal, I don't recommend it.
«When I consider my brief span of life, swallowed up in an eternity before and after, the little space I fill, and even can see, engulfed in the infinite immensity of spaces of which I am ignorant, and which know me not, I am frightened, and am astonished at being here rather than there; for there is no reason why here rather than there, now rather than then.» Blaise Pascal
|
|
|
|
|
This was the only biggish problem I found with the Person of Interest show (apart from the fact that it devolved into endless A-Team shoot-fests).
In the Real World, it will happen like it's happening; which was incredibly predictable.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
A study comparing acceptance rates of contributions from men and women in an open-source software community finds that, overall, women's contributions tend to be accepted more often than men's - but when a woman's gender is identifiable, they are rejected more often. No comment
|
|
|
|
|
I'm sure if they used their best Tinder photo as a gravatar the results would be different.
|
|
|
|
|
So when the men don't know that you're a woman your commit will be accepted, when the men know you're a woman the same commit will not be committed, but when you're a sexy woman your commit will be accepted again.
Results will be different, but it's still biased
|
|
|
|
|
A response from Dalek Dave, when finding a female member of CP, sticks in my mind like a dagger that I'd like to jab in his eyes.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
A remember one or two of those and the same thought crosses my mind.
|
|
|
|
|
"Biased study ignores margin of error and finds bias! Footage at eleven."
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Nathan Minier wrote: Biased study ignores margin of error
[citation required]
|
|
|
|
|
Okiedokie, let's get it from the horse's mouth: Gender differences and bias in open source: pull request acceptance of women versus men [PeerJ]
The study doesn't even define a margin of error, yet somehow I knew that by looking at the provided information. Strange, right?
Oh, and look at that comparative pull requests as sliced by gender. You want to see a bias skew in action, this is it.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
|
No, I went straight to the methodology and early result portions and read those, and got all the information that I needed, which is plain for you to see as well.
We hypothesized that pull requests made by women are less likely to be accepted than those made by men.
This is a biased hypothesis, because it starts with an assumed result rather than, say, "We hypothesized that pull request acceptance is influenced by gender."
Then there's the first table.
Gender Open Closed Merged Merge Rate 95% Confidence interval
Women 8,216 21,890 111,011 78.7% [78.45%,78.88%]
Men 150,248 591,785 2,181,517 74.6% [74.57%,74.67%]
This acceptance rate difference is noted as "statistically significant" despite the gross disparity in sample sets. This is what cherry-picking looks like.
And every following data set does exactly the same thing; which leads to the derived averages that are compared between two data sets where one is literally 30x larger than the other, with no technique to normalize the difference between the two. And yes, I went back through and actually read this drivel to make sure that was the case.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|