Comment Re: Fishy (Score 1) 566
Hence "boot autonomously", as in boot without a password having to be entered.
Hence "boot autonomously", as in boot without a password having to be entered.
Auto unlock to boot, ie autonomous booting... not unlocking of non system drives, but unlocking of the system drive in order to boot without requiring user intervention (i.e. entering the key).
Windows system passwords are laughable, the encryption is extremely poor by modern standards (no salts etc), and if certain network services are running (e.g. smb - running by default) you can login using the hash even without knowing the plaintext password.
If the system can boot autonomously, you can use specialised hardware to extract the contents of memory, which will include the password hash.
Even if you don't have access to such hardware, you can probably plug the machine into a small isolated network and try to attack it that way... If the system is fully patched you just keep the box turned off and wait for new exploits to come out as it's not going to patch itself without a working internet connection.
If you can boot the machine then there are a number of attacks...
Chances are you could connect the machine to a dhcp network via ethernet and it will get an ip, so you can exploit the machine over the network... If it's not vulnerable to anything you just wait for new vulnerabilities to come out as the machine is never going to patch itself while it's turned off.
Not terribly sophisticated, needs an ethernet switch and a copy of metasploit.
A more sophisticated attacker could extract the contents of memory using custom hardware once the machine has booted.
You can already do this with Gentoo, you're highly unlikely to use the same combination of compiler, kernel, assembler, libraries, use flags, compiler flags etc as anyone else...
And streaming is stupid... Downloading movies would make a lot more sense than DVDs, but streaming is ridiculous...
Most people would want to watch movies around the same time, so think of the crippling bandwidth requirements all at once. And what about those who can't get fast connections at home for whatever reason - streaming would be impractical, but downloading would usually still be quicker than a mail order dvd.
And storing the key in a TPM chip isn't equivalent to leaving the key in the computer?
The key is there, it's just obfuscated, only takes one person to work out how to extract it...
Automatically unlock the drive to boot is a false sense of security, if the computer can boot autonomously then it has the key and therefore so does anyone who steals the whole machine (as opposed to stealing just the drive)... You're no longer relying on the strength of the encryption, but rather the strength of the obfuscation used to hide the key.
Many slashdot readers are well versed in CS and we do not trust these systems. How then can we expect the public to have any faith in these systems?
Precisely because they are not well versed, and thus blindly trust the system without being aware of the possible flaws... This happens all the time.
No you have a system where the vote must be hacked both electronically and on the paper side, if you only hack one method then the results wouldnt match and the election could be declared void and thoroughly investigated.
That is one of the key problems tho, short term thinking... While reducing headcount may increase profits in the short term, depending on what those staff do you are likely to decrease the viability of the business in the long term.
Cutting down R&D increases short term profits, but then leaves you behind the curve on the next generation of products.
Cutting down support staff can decrease short term costs, but will drive customers away if the quality of service goes down.
I've dealt with such a company myself recently when renting out an apartment, instead of having their regional offices deal with my queries directly they centralised it all to one office staffed by people who are no longer familiar with me or the local area, and there is now someone different who deals with me every time.
While i'm sure it saved them quite a bit by having all the staff in one place, after putting up with that for a year it's cost them a customer and there are plenty of others who have made the same decision as me.
How do you think the rest of the world got so far ahead of these remote african locations?
We had all the same problems in the past too, and we overcame them.
The real key is education, to enable people to improve their own conditions... Dishing out medicines and food will just increase the population while doing nothing about the conditions that make even the current population levels unsustainable. It's only making the problem worse, and making the people ever more dependent on foreign aid.
There was noone around giving europeans free food and medicine when people were starving or dying from plagues. Most people had to go it alone and have emerged much stronger as a result. Africa on the other hand is being completely screwed by foreign interference.
BSD and Linux are the obvious places to start, as you already cover the vast majority of embedded devices and a significant proportion of server systems.
The only other OS that's really relevant these days is Windows, and that already has its own native SSL implementation.
This is a very poor comparison to make...
OpenBSD is a relatively minimal OS compared to AIX, Solaris or HPUX... There's bound to be less issues found.
Conversely these systems (with the partial exception of solaris) are entirely closed source and developed behind closed doors, so many more security holes may have been found and fixed but never disclosed.
Similarly finding and fixing security holes is a primary goal of OpenBSD, and they do so in an open and transparent manner.
Or buy a router which already ships with the desired firmware preinstalled...
That way you know the device will be fully compatible with it. Buying random devices can often be problematic as manufacturers will change the specs without changing the model number and you might find yourself with a crippled version that can't run the firmware you want.
Really they should just give up developing their own crippled firmware and just ship one of the well known firmwares, would save a lot of development time and provide a better experience for users.
Embedded devices do and should connect to the internet, the key is in the device being built properly in the first place and being updated if/when necessary. A properly designed embedded device will have only the features it requires, and thus a very small number of things that *might* need updating.
Most routers and firewalls are embedded devices, and they would become pretty useless if not connected to the internet.
The problem is that devices are designed to be "easy to use", which means "enable everything by default in the tiny chance that customers might use those features", and this is why most printers come with support for a whole load of protocols enabled by default when the average user will only ever use 1 of them. I can't think of the last time i tried to print anything via FTP, and yet many printers support that by default.
"It is hard to overstate the debt that we owe to men and women of genius." -- Robert G. Ingersoll