srollyson - Slashdot User

Comment Re:Is TOR really make web surfing anonymous? (Score 2, Insightful) 122

by srollyson on Thursday April 23, 2009 @04:51PM (#27694005) Attached to: How Tor Helps Both Dissidents and the Police

Yes, this is a weakness. Hopefully multiple alphabet soup agencies from different countries will get this idea and end up competing with each other. An arms race of diminishing returns to get a bigger chunk of the Tor network just means we'll have plenty of free Tor bandwidth on the gov't dime.

Protip: You can edit the Tor config or source code to pick geographically diverse nodes yourself.

Comment Re:Linux version? (Score 1) 133

by srollyson on Friday April 17, 2009 @11:56AM (#27614553) Attached to: The Secret History of the FBI's Classified Spyware

Apologies about the "hacker" faux pas.

Anyway, you might be right about the cracker coming back with a honeypot. I wish I was a fly on the cracker's wall so I could see how this played out.

As far as gov't grey-hats go, there is definitely a turf war between agencies. Hell, even the Air Force wants a piece of the pie. God help us all!

Comment Re:Linux version? (Score 4, Insightful) 133

by srollyson on Friday April 17, 2009 @09:12AM (#27610925) Attached to: The Secret History of the FBI's Classified Spyware

This paragraph from TFA is telling:

In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility."

Seems like the FBI exploits browser vulnerabilities a la the Pwn2Own contest in order to deliver CIPAV, but CIPAV itself might not run in linux. I suspect that the FBI will have written a linux-compatible CIPAV after the quoted incident. Probably a bash or perl script so they don't have to worry about different architectures.

On a side note, there was probably some good porn on that page for the hacker to load it 30 times.

Comment Re:Slashdot was useless today (Score 1) 346

by srollyson on Wednesday April 01, 2009 @10:09PM (#27426231) Attached to: Microsoft Asks Fed For Bailout

I fell for it, too. I bet there isn't one. ;)

Comment Re:The April Fool (Score 1) 1582

by srollyson on Wednesday April 01, 2009 @09:51AM (#27415411) Attached to: Slashdot Launches User Achievements

Ditto! Achievement unlocked!

Comment Re:What is it with these guys? (Score 2, Funny) 146

by srollyson on Thursday March 26, 2009 @05:12PM (#27348365) Attached to: Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

Nah. The trick is to memorize a 4096-bit RSA keypair and encrypt your typing.

Comment Re:What is it with these guys? (Score 2, Insightful) 146

by srollyson on Thursday March 26, 2009 @04:49PM (#27347931) Attached to: Laser Sniffing Captures Typed Keystrokes From 50-100 Feet

I don't know if that's a good enough defense. TFA says that the laser sniffing method is "analyzing the spectrograms of frequencies from different keystrokes." Once you've got a signature for each key and a large enough typing sample, your problem is reduced to a simple substitution cipher.

Comment Re:On windshields? (Score 1) 193

by srollyson on Thursday February 19, 2009 @11:51AM (#26917351) Attached to: In-Game Web Browser Round-Up

I'd be wondering why a child was playing on the freeway in the middle of nowhere.

How about: "what do you think would happen if a ball rolled out into the street in front of your car, followed by a laughing deer?" ;)

Comment Re:You're Not Doing it Right (Score 1) 189

by srollyson on Thursday January 15, 2009 @11:10AM (#26465743) Attached to: GPUs Used To Crack WiFi Passwords Faster

If you're going to do it right, then you might as well run sshd on your wireless router and enforce traffic tunneling.

Oh, and make the router's sshd key-authentication only.

...better throw a port knocker on that bad boy, too.

...and make the port knocker's socket combination based off of a one-time pad.

...which was generated using diceware or a hardware random number generator.

...and send the encrypted data packets across a short wave signal like a numbers station rather than using 802.11whatever.

Or you could just realize that wireless is designed for convenience, not security. If someone's going to go through the trouble of using their GPUs to crack your key, then you've already got an adversary sophisticated enough to warrant the use of wired ethernet and a secure facility.

Submission + - Why Linux will succeed on the desktop 3

Submitted by Stony Stevenson on Sunday November 04, 2007 @07:23PM

Stony Stevenson writes: In this opinion piece on itnews, former Linux Journal editor Nicholas Petreley, argues that the open-source operating system will break through big time on the client side, especially if pre-installs increase and the KDE graphical environment is adopted. He counts the global push for open standards, the prohibitive costs of upgrades for new Windows machines and the "free-ness" of Linux, both in its ideals and costs, will make it a massive hit on the common desktop.

Petreley says: "There is one additional factor that cannot be overstated. To anyone who truly knows what free software means, they know that "free" as in liberty is the greatest strength of Linux. However, one cannot deny the power of "free" as in "free beer." Microsoft applied this power to make Internet Explorer the most popular browser in the world. Of the three top competitors on the desktop, Windows, Mac OS-X, and Linux, only one of them is free as in beer. That will go along way toward making it the de-facto standard on the desktop.

Slashdot Top Deals