By using common sense and the belief that the NSA is run by rational people, not snarky assholes on Slashdot who think they know everything simply because they googled it, but in actuality have exactly dick in the way of critical thinking skills. Nowhere in military or intelligence doctrine will you find the "Put all your eggs in one basket" to be marked as the best idea. Our nuclear weapons are spread throughout the country. Our military bases are spread throughout as well. Our training facilities are kept separate from our active duty areas. The internet, originally designed to support these activities, was designed to be so decentralized it could withstand a nuclear strike. It does not take very much imagination at all to conclude that the NSA will have decentralized and compartmentalized intelligence assets. I'm really sorry if there isn't a wikipedia entry for you to read up on this, but amongst those who didn't grow up having content spoon fed to them, we had to use this thing called a "brain" to fill in the missing pieces.

This article references a current claim by Apple. It is not a claim Apple made two years ago which is being investigated. Unless I'm mistaken Snowden stole classified documents, not a time machine. He cannot possibly have any knowledge of whether Apple is telling the truth, today, right now, at this moment. Again, your inability to engage in any kind of deductive reasoning has failed you.

Snowden has already released all of the documents he stole. He's said as much. There are multiple copies of the data he released available for anyone who wants it. I'm sorry to disappoint you, but what Snowden released was not organized in any meaningful capacity. It's just like the diplomatic cables on Wikileaks... a lot of data, but no useful organizational scheme. That's why it's taken most of 2013 for people to go through it and release new "revelations" and attribute the find to Snowden. All he's ever done is run to Russia, hide, send a bunch of copies of what he stole to a bunch of people, get asylum, and then take his 15 minutes of fame about 20 times over. That's it. He wasn't an NSA analyst. He didn't know what he was looking at really -- his level of understanding of the overall organization and its operations was casual, unspecialized, and of the sort of thing you'd overhear at the water cooler. Which is what you'd expect from a systems administrator -- not an analyst. He knew the general picture, but not the specifics. The documents he stole took months to piece together the specifics enough to support his claims. There was no organization.

You clearly don't understand what verification means in the intelligence community. All you're doing is just regurgitating what you've heard from someone else. The ability to copy and paste does not create validation, anymore than citing a wikipedia article can prove the veracity of a statement.

Clearly slashdot's common sense quotient has passed its apex with the number of up-mods on this. Snowden didn't download the full NSA database of everything. Ever. Nobody in the NSA has that level of access. Nothing like that likely even exists at the NSA. It isn't like there's just this one computer, somewhere, that sits in a warehouse and contains every national secret ever. You do not get to "Hack the Gibson" and then it just ejects candy like it's a digital pinata. SIPR/NIPR is a network, and it's second only to the actual internet in its size. In fact, it's where the Internet came from; it's MILNET version 2.0 basically. That's where the data is; on thousand of servers spread across the world. And that's just the stuff the NSA has ownership of.

But let's ignore all of that because here on Slashdot, we (apparently) cannot expect people to have a basic grasp of networking and systems fundamentals. Let's look at just the non-technical reasons why this is a horribly stupid statement to make: Snowden's gone. He's not part of current operations. Who is to say that after he left, the NSA decided to embark on a new intelligence initiative. I know -- it's shocking, but organizations sometimes continue to function and do new things after someone leaves it. And that person, no longer being part of the organization, will know nothing of them.

Snowden has no useful function as verification for anything right now. Much of the intelligence data he's collected is now worthless -- a lot of this stuff has a "use by" date, and just like milk, once it's gone bad, trying to consume it will do terrible things to you. There is no Snowden Fact Checking Emporium, where you can just show up and punch in some keywords and find out what the NSA's up to today, or yesterday, or any day really. The data he stole doesn't offer that kind of granulated access... it's like he shoplifted a library, but all the pages in all the books are ripped out and thrown in the middle of the room. Without the organization and analysis of the data, it's largely useless anyway.

There is no verification potential here. None. Nadda. Zero. Zippo. No potential at all. What Snowden says or doesn't say, what he released or didn't release, offers us no confirmation of any kind whatsoever regarding current intelligence operations.

Adherence to a philosophy in the face of more reasonable alternatives is an act of irrationality. Philosophies are meant to guide, not dictate. When a philosophy is elevated to the status of a belief, it ceases being an idea to free us, and instead becomes something to restrict and control us.

The engineer in me says the only "philosophy" one should adopt is the one that leads to the most benefits with the fewest drawbacks. If that requires eschewing the current design paradigm for a different one, than so be it.

The flaw in this statement is beyond biblical proportions, and in fact extends into the patently absurd domain of hollywood proportions. It's non-digital counterpart is referenced in #63 of the Evil Overlord List: "Bulk trash will be disposed of in incinerators, not compactors. And they will be kept hot, with none of that nonsense about flames going through accessible tunnels at predictable intervals."

You're suggesting that only having a vulnerability present at certain times mitigates the risk. It does not.

Okay...

Sounds like the gladiatorial arenas of Rome, except we're doing it in space. Send our "braves" in and watch them get slaughtered to the sounds of clapping and cheering. Oh sorry, forgot... we've evolved beyond the need to watch people get killed for our entertainment, right?

I think I know why he was suspended -- half of the clip is the same couple of scenes remixed, and the typography is unoriginal. If I were the manager, I'd have yelled at him too for the low quality of the parody. It really just demonstrates a lack of dedication and attention to detail that I've come to expect from minimum wage workers in this country. I mean, if you're going to half-ass a parody, what else are you half-assing in your life, mmm?

Disclaimer: Snarky. If you take this post seriously, there's something wrong with you.

Amusing, yes, but we have a duty as a society to help our vulnerable. You may have the gift of hearing or sight today, but tomorrow anything can happen. We're not just helping them with this technology, we're helping ourselves.

As well, some people have auditory processing disorders that make groups of people essentially unintelligible. I happen to be one of them -- I can hear and see just fine but I cannot separate individual words or conversations in a crowd. As a result, the only person I regularly go out in crowds with is a lesbian friend of mine who has learned sign language to converse with her hearing-impaired mother.

This technology doesn't just help the deaf and/or blind; It can help those whose disabilities are less severe as well.

The debate is not whether the spy tools should exist, but how they should be used. The NSA was originally meant to be a support organization that assisted the CIA and other federal agencies in protecting national security interests globally; Hence the name National Security Agency.

What it has become lately, thanks to the Department of Homeland Security and our idiot congresscritters, are lackies for the FBI. The FBI has a terrible record going all the way back to the Prohibition of doing whatever it wants and generally running rough-shod over civil rights. It has long shown signs of institutional corruption and rot. This is the source of the rot in our judiciary at the federal level... and like Midas, everything the FBI touches turns to sh*t.

It's worse than that. They're using the word "random" to describe the behavior of a digitally based, computationally deterministic system. One. Zero. Off. On. Yes. No. This is all a computer understands. It cannot be "random" in any meaningful sense. It may be sufficiently complex so as to appear random, but it isn't. There's very little "random" about a computer, or a computer program. Every now and then a single bit error creeps into the I/O but the rate this occurs in computers not in space and thus subjected to extreme radiation is so low you could run most tests for many thousands of hours before encountering one.

Hell, creating randomness is so problematic in a computer that they've had to create specialized circuits to create entropy; And at that, it's still been shown to fall short of being random enough for some cryptographic algorithms... If creating entropy is this hard in a computer, then why do people suddenly point at the sky and say "It was teh randomz!" whenever it crashes? It wasn't random: Something caused it. It just may be beyond your ability or comprehension to know what it was, but it's a deterministic system. It did not just up and decide to fail because it felt like it.

Well, not exactly missing so much as our Dice overlords apparently don't know how to properly format an anchor tag. Up next, they'll be telling us of a new trend sweeping the industry called "Doing the needful"...

Let me rewrite this headline: There Ain't No Such Thing As A Free Lunch: Fact, or Myth of Web 2.0? Because that's what you're asking: And no, there isn't. Like every other time idiotic questions like this have been asked, it is situational. Unsurprisingly, different situations yield different responses. I can only conclude that it's a terribly slow news day at Dice Hipster And Slashvertisement Incorporated... perhaps nobody bought up any article slots on the weekend after a big holiday?

You're assuming competence here when every aspect of this breach has demonstrated incompetence. I happen to know what Target considers "encrypted" PINs, and it's nothing so elaborate. They are referring to the drive-level encryption mandated by Sarbanes-Oxley. They are correct in that the keys to decrypt the drive is tied to the hardware and that the only copies are stored on a remote server. However, what they aren't telling you is that this breach didn't consist of someone walking into a server closet and absconding with the hard drives -- which is the only scenario in which drive encryption protects the data.

From what I've been able to gather, the breach targetted the POS terminals directly because they are booted over DHCP and the DHCP server is located on the other side of a WAN link. As you know, DHCP is a broadcast protocol and the first reply is assumed authoritative. All an attacker would have to do is gain access to the wifi or a hard line (accessible on the floor of the store as their IP cameras run on the same network), download the POS image, make a few modifications, and then activate their own DHCP server. For more stealth, you could write a simple daemon to reply to the DHCP sent from the real server so that the leasing database still appears legitimate.

Oh, and by the way... DUKPT isn't an encryption standard, it's a protocol for exchanging keys. It still requires a shared key, and guess where that would be stored: In the TFTP image. Which is sent in plain text over the wire every morning when the POS terminals get turned on.

Great security there. Yup. Highly secure. I'm sure nobody figured out how to hack the "super secret encryption key" (bonus: That's actually what early documentation for DUKPT referred to it as)... by simply sending a DHCP request and asking for it...

Probably because he understands business better than you do. Your condescending attitude belies an abject lack of understanding regarding brand identity. Walmart brand cola may taste exactly the same as coca cola, but it costs quite a bit less... so why doesn't everyone drink Walmartola instead of Coca cola? Brand identity. That's what you're paying for here... and it's a small surprise a bunch of hipsters can't figure out that the cost of producting something only makes up typically 1/3rd or less of the total sale price. And no, it's not all profit, to answer your next question. Contrary to popular belief, profits don't typically appear in double digit percentages, and in fact most people can't even accurately define what profit is, or the difference between sales and revenue. -_-