Are you implying there's a big percentage of people getting their money stolen because they rooted their phones? I'd like to see some data on that if so.
I don't know the reality, but my guess would be that it's the inverse of what you proposed; a significant portion of fraud cases identified by banks involved a rooted phone. From the defender's perspective, this could be a problem they run into over and over again, and take an outside place in their eyes.
I think the point is that phone apps are more secure than, for example, web apps.
Users that try to use mobile apps as if they were web apps, disabling location, and security features are just flagged by numerous security mechanisms.
Probably. I know a guy who roots phones for older people or friends parents, installs pirated games and such for them and making sure it is locked down in certain ways for the older generation.
In other words, the correlation is that older people are more likely to have a rooted phone and are more susceptible to fraud.
Dunno how widespread this is, just something to keep in mind.
I don't believe it's the case anymore, but it was very common for VLC to cause video corruption (see [1] for example of what it looked like) in the past, the hate just stuck around and I don't think it's ever going away.
This has been my experience too, when I upgraded my GPU, I wanted to switch to Linux full time, so I went with AMD because everywhere people kept saying NVIDIA GPUs had a lot of issues, but it turned out to be the opposite. With my old card, I just have to install the proprietary NVIDIA driver, zero issues.
I think people are still clinging onto old "wisdom" that hasn't be true for decades, like "updating breaks Arch", go figure.
There is no evidence that people prefer high frame rate movies. Motion interpolation on TVs is set on by default, not a conscious choice the end user is making.
Doing such "customizations" (which are actually crypto 101) will break all attacks designed specifically for a crypto algo in mind. Even better if you lie on the crypto algorithm.
Ofc, that must be encrypted on systems which "cannot connect" (and you can go overkill with EM protection with a very good faraday cage).
If you are making such a technical pain for attackers, they will switch to social engineering anyway.
Algorithms like AES-GCM are standards because - when used according to best practices - there are no known practical attacks against them.
If someone has an attack that would defeat the cryptographic protection in a particular piece of software, the software is likely doing one or more of the following:
* Not using a modern, well-tested algorithm (e.g. using DES, a hokey custom XOR stream cipher, AES-ECB, etc.).
* Not following general cryptographic best practices (e.g. hardcoded or predictable key/IV/nonce, insecure storage of keys).
* Not following best practices for the specific algorithm (e.g. using AES-GCM, but reusing a key/nonce combination; using AES-CBC without applying an integrity-protection mechanism).
* The software is doing something that doesn't make sense, cryptographically (e.g. using symmetric encryption to encrypt sensitive data, but the data and the keys are necessarily accessible to the same set of users/service accounts, so there's no net change in security).
If such an attack fails because a developer has made changes to the cryptographic algorithm, a motivated attacker is likely just going to look at the code in Ghidra, x64dbg, etc. and figure out how to account for the changes. It's not a strong security control. I've been decrypting content stored using that kind of software for something like 20 years.
The correct approach is to verify that the use of a particular type of cryptography makes sense in the first place, then use a well-tested modern algorithm and follow the current best practices. i.e. using code from years-old forum posts will likely result in an insecure product.
Sure, ignorance of the law is not an excuse, but contracts are not law. In fact, the law requires a "meeting of the minds" as a required element of a contract. Although, the modern bar for this is extremely low, and courts will judge this based on manifestations of assent.
That being said, Vizio has a high paid legal department and is certainly not ignorant of the fact they ship third-party licensed software. They are simply ignoring it.
Courts would say "look you're professional organization well aware of software licensing landscape and you're using it, so you have agreed"
reply