Oh don’t worry, malicious .exe files were all over the forums back then.
Oh don’t worry, malicious .exe files were all over the forums back then.
not meant to be consistent with the human eye.
Even then, postprocessing is inevitable.
As the white/gold versus blue/black dress debate showed, our perception of color is heavily influenced by context, and is more than just a simple algorithm of which rods and cone cells were activated while viewing an image.
The typical default configuration has the ISP providing DNS services (and even if you use an external DNS provider, the default configuration there is that the DNS traffic itself isn’t encrypted from the ISP’s ability to analyze).
So even if you visit a site that is hosted on some big service, where the IP address might not reveal what you’re looking at (like visiting a site hosted or cached by Cloudflare or AWS), the DNS lookup might at least reveal the domain you’re visiting.
Still, the domain itself doesn’t reveal the URL that follows the domain.
So if you do a Google search for “weird sexual fetishes,” that might cause you to visit the URL:
https://www.google.com/search?q=weird+sexual+fetishes
Your ISP can see that you visited the www.google.com
domain, but can’t see what search you actually performed.
There are different tricks and tips for keeping certain things private from certain observers, so splitting up the actual ISP from the DNS resolver from the website itself might be helpful and scattering pieces of information, but some of those pieces of information will inevitably have to be shared with someone.
A zero day is an exploit that has been identified by someone but not yet used.
I’ve always understood that the counting of days comes from the vendor’s knowledge. So any exploit from before Google was aware of the vulnerability would be a zero day.
It wouldn’t make any sense to refer to the days counted from when an attacker first discovers the vulnerability, because by definition any vulnerability in active exploitation wouldn’t be a zero day.
disclosed active exploitation
So, not a fucking zero day.
I’m confused. Isn’t an active exploit that hasn’t been patched yet, by definition, a zero day? So the release of a new patch that closes an actively exploited vulnerability patches a zero-day?
I’ve seen it for keypads that have to send a signal to an actuator located elsewhere, but I think the typical in-door deadbolt (where the keypad is mere millimeters from the motor itself) wouldn’t have the form factor leaving the connection as exposed to a magnet inducing a current that would actually actuate the motor.
Most of LPL’s videos on smart locks just defeat the mechanical backup cylinder, anyway. I’d love to see him take on the specific Yale x Nest model I have, though.
Yup. The backup for battery failure on this model is that the bottom of the plate can accept power from the pins of a 9V battery, held there just long enough to punch in the code.
Things might be different by now, but when I was researching this I decided on the Yale x Nest.
It’s more secure than a keyed lock in the following ways:
It’s less secure than a physical traditional lock in the following ways:
It’s basically the same level of security in the following ways:
Overall, I’d say it’s more secure against real-world risk, where the weakest link tends to be the people you share your keys with.
This meme format works best to absurdly overstate the uselessness of something you find mildly annoying. That’s when it’s funniest, because the criticisms are grounded in something real, and the low-stakes controversy makes the aggressive tone funny in context.