Comment Re:Anecdotal (Score 2) 362
I'm not an expert, but I do watch The First 48 and the police routinely receive cell tower records of everywhere a suspect has been.
Comment Re:and where's heisenberg? (Score 1) 566
If the pictures aren't taken when the car was clocked, who cares how fast he was going or how long he had to decelerate? They are completely worthless and there is no evidence that his car was the object measured. They show he was on the road at some point. At another time and another section of the road, some object was measured exceeding the speed limit by a different system.
Comment Re:Ignored Bug (Score 1) 309
Sounds about right. Encrypted PPTP VPN hasn't worked for years, yet Google keeps including it in new versions and hasn't even bothered assigning the bug.
Comment Re:Opinion (Score 1) 379
You should check out their propaganda blog
Comment Re:Misguided Rules (Score 4, Insightful) 379
The TSA did not exist on 9/11. Mohammed al-Qahtani was turned away by immigration after his flight landed in the US. He was chosen for Secondary inspection because he didn't fill out the paperwork properly. He was denied admission for a long list of suspicious activity ($2800 cash, no hotel, no return ticket, multiple stories, etc) in addition to being "creepy." That case really doesn't have much in common with what the TSA is attempting to do. That is also CBP's job. They are tasked with undesirable people out of the United States. When the TSA does their job (keeping weapons, explosives, and incendiaries off airplanes), it does not matter who boards an aircraft.
The AAPD asked numerous questions concerning the case. I explained that apart from not having a return ticket and possibly not having sufficient funds, the subject appeared to be malafide. I further explained to the AAPD that when the subject looked at me, I felt a bone chilling cold effect. The bottom line is, “He gave me the creeps”.
Full Testimony: http://www.9-11commission.gov/hearings/hearing7/witness_melendez.htm
Comment Re:Pot and Kettle (Score 2) 213
What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?
Why wonder? It is demonstrated in the attachments. Example:
Google Apps for Government, now with FISMA certification
The representative from the GSA who granted the certification also clearly states in emails that Google Apps for Government is not certified by their department (as you mentioned, it could not be).
Comment Re:Culturally Illiterate? (Score 1) 159
Wasn't that clear and present danger?
Apple AirPlay Private Key Exposed 306
An anonymous reader writes "James Laird has reverse engineered the Airport Express private key and published an open source AirPort Express emulator. 'My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator — there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.'"
Comment Re:Mobile iOS handily beats mobile Windows (Score 1) 399
100 million devices? That is a quarterly number for Windows PCs.
Comment Re:Plenty of Fish was never secure (Score 1) 367
Gawker's hash was salted with a random 2-digit string. The salt was known because it is included in the hash (standard behavior -- you need the salt in order to reproduce the hash when the user enters the password). The problem is a salt isn't really a protection against a brute force or dictionary attack on a single one-way hash. A salt is used to prevent you from using the results of your efforts on one hash on another hash. It's a defense against pre-computed rainbow tables (generating every possible hash), as you need a separate rainbow table for each salt value requiring significantly more space.
In short, in Gawker's case, two people with the password 'password' would have 2 different hashes, but if you ran a dictionary attack on each of them it wouldn't take any time at all to figure out that both passwords are the same. While you have to reproduce the effort twice, that effort is trivial. That is why they were able to point out all the users with simple passwords but not decrypt the entire database. You could still, however, simply brute force any single user in the database if you so choose.
Comment Re:Reason (Score 4, Insightful) 258
I don't think the group that buys $300 raw denim jeans really intersects with the "mom's basement" group
Comment Re:Questionable testing method (Score 3, Interesting) 258
Doesn't really invalidate his test, since this is a standard technique for people breaking in unwashed raw denim jeans. Presumably he was testing the safety of that practice and not the safety of simply being grimy and never washing your clothes
Comment Re:Doesn't that prove the US government is behind (Score 1) 228
Really? I just read an article about a sloppy Mossad operation:
http://www.gq.com/news-politics/big-issues/201101/the-dubai-job-mossad-assassination-hamas
Comment Re:Wow this is a bit onesided. (Score 1) 493
Just because the naming convention uses the phrase "LikeWord95" doesn't mean you need the Word 95 source doe to implement it:
Comment Re:I'm confused -- I thought they were for PW rese (Score 1) 257
I don't know if they still do this, but Yahoo mail used to work this way. It is how Sarah Palin's e-mail account was accessed. They can't e-mail you the new password unless they have a secondary e-mail account on file
