corp1

About

Username
corp1
Joined
Visits
68
Last Active
Roles
member
Points
165
Badges
0
Posts
93

Reactions

80Like17Informative

  • Compared: 16-inch MacBook Pro vs Razer Blade 15 Advanced

    corp1corp1
    mpantone said:
    The weirdest thing is a comparison of specs, but no benchmark data or performance comparisons.
    Testing 3D productivity software would also be problematic. You can't run Final Cut Pro on Windows PCs so you'd have to rely on applications that are multi-platform. Adobe? DaVinci Resolve? Blender?
    Good idea.

    It would also be nice to see Geekbench, Cinebench, and Novabench results (though they might be poor if there are not native M1 versions yet.)

    My guess is AI doesn't actually have the hardware in hand to test, so all they can do is a spec sheet comparison, which is pretty uninteresting.
    Alex_Vwatto_cobra

  • Apple clarifies Safari Safe Browsing feature following Tencent data reports [u]

    corp1corp1
    crowley said:
    tzeshan said:
    crowley said:
    corp1 said:
    Great, now we know how it actually works:
    1. Tencent makes a list of "suspicious" URLs (malware, piracy, terrorism, pro-democracy, etc.)
    2. It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
    3. Safari downloads the hash list.
    4. Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
    5. Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
    6. Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
    7. If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
    8. Tencent forwards the information (your IP address, list of suspicious URLs that you might have been trying to visit, and the date/time of each attempt) to the appropriate Chinese authorities for further investigation.
    9. Profit!


    That doesn't make any sense.  Why are 5-7 necessary after 4?  If the hash is on the list -> block.  No need to send anything to Tencent.
    I think this is what he imagined happened. Not what really happened. 
    Obviously.
    Here is another explanation of how it works, if you are curious:
     https://www.imore.com/heres-apples-statement-safari-fraudulent-website-warning-and-tencent

    Update: cryptographer and CS prof. Matthew Green clarifies that the hash that Safari sends is 32 bits (about 4 billion buckets) and that the URL list is returned in 256-bit hashed form (note that there is nothing preventing Tencent or Google from retaining the mapping from 32-bit hash prefixes to plaintext URLs, which is what they would to do if they wished to track you.) He also goes into more depth on how more information leaks to Tencent/Google over time, allowing them to build a more and more detailed profile:
    https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/

    cat52muthuk_vanalingam

  • Apple clarifies Safari Safe Browsing feature following Tencent data reports [u]

    corp1corp1
    crowley said:
    That doesn't make any sense.  Why are 5-7 necessary after 4?  If the hash is on the list -> block.  No need to send anything to Tencent.

    They are necessary to avoid false positives. If disney.com and malware.org hash to the same number, then you need to verify the actual URL to avoid blocking disney.com by mistake. The way you do that is by requesting the whole list for that number. How do you request the list? By asking Tencent (or Google) "Hey, what is the list of suspicious URLs for this hash number?" Then Safari can verify that you were trying to visit disney.com and not malware.org.

    Usually false positives are rare, so requesting that list of the full URLs has the unfortunate side effect of telling Tencent or Google that you very likely tried to visit a suspicious URL, and it also gives them a good idea of what that URL is (perhaps the list is only a couple of URLs long, for example.)

    Remember that hashes basically compress a large string to a smaller number. This means that there can be collisions (in this case, matches that are false positives.)
    cat52avon b7

  • Apple clarifies Safari Safe Browsing feature following Tencent data reports [u]

    corp1corp1
    Great, now we know how it actually works:
    1. Tencent makes a list of "suspicious" URLs (malware, piracy, terrorism, pro-democracy, etc.)
    2. It hashes all the URLs and makes the list available for download. It retains a map of all of the hashes and the URLs for each hash.
    3. Safari downloads the hash list.
    4. Whenever you try to visit a URL whose hash is on the list, Safari phones home to Tencent and tells them the hash (revealing your IP address in the process.)
    5. Tencent looks up the suspicious URL list (URLs matching that hash) in its hash->URL map and returns the suspicious URL list to Safari.
    6. Tencent logs your IP address, the hash/list of suspicious URLs, and the timestamp
    7. If the URL is actually on the suspicious URL list, Safari blocks the site saying that it is suspicious.
    8. Tencent forwards the information (your IP address, list of suspicious URLs that you might have been trying to visit, and the date/time of each attempt) to the appropriate Chinese authorities for further investigation.
    9. Profit!


    cat52entropysmuthuk_vanalingam