If you don't trust password managers and would like a way to generate unique, deterministic and hard to crack passwords. Take your 8 word diceware password and use it as the entropy for:-
https://www.grc.com/otg/offthe...

Which generates a 26x26 latin square. Use that with the domain name of the site and a memorable algorithm to generate a password for each site.

Also, in the near future (from the same source) is:-
https://www.grc.com/sqrl/sqrl....

You will still need your ONE strong password (or biometric) to protect the master key from which all site specific keys are generated (via the domain name), but when supported by a site it leaves nothing but a site specific public key for them to store that you use by proving that you can sign a random challenge with your site specific associated private key. So even if their database leaks it has no useful authentication data for an attacker to make use of because each sites keys are unrelated to any other. Which also means that for low value site who only need your key and nothing else to authenticate you due ti it being a two party system you are uncrackable.

So as a Floridian federal employee I cannot say:-

"There is no such thing as human induced [climate change], or [global warming] as it was once called and my belief in this will last as long as the [sustainability] of a congressman's gravy train."

but I can say:-

"You climate deniers are full of S..t, and are definitely corrupt and in the pocket of the oil industry"

OK, I can go with that.

If the Whitehouse can present no backup of this account and for some unknown reason the ISP does not have one, further potential litigation could be avoided perhaps if they ask the nice people at the NSA for their backup ;-)

Here is the problem:
Manufacturers guard their intellectual property fiercely, and they guard their proprietary firmware fiercest of all. Thus the API for uploading drive firmware is Write Only (WO). Thus within the existing API and interface there is by design no way to validate the firmware. What that means is that, if you are able to build your own firmware (because you have a copy of the source, obtained deviously) then you can alter it to your own ends and even make it so that the (WO) overwrite API does nothing.

Outside of the existing interfaces though you can with sufficient skill get some knowledge. If the firmware is stored on a flash chip separate from the drive CPU you can get a copy of the microcode by probing the chip directly either during read cycles with the drive active or by controlling the chip fully with the drive off. Unfortunately you cannot do this so easily if the firmware is stored in flash within a drive micro-controller. As to JTAG, that may or may not work because in production a manufacturer may choose to disable that interface to prevent competitors doing exactly what you are wanting to do.

In Summary, you are SOL unless manufacturers rewrite their firmwares to add a secure means of proving firmware validity, and don't ask me how.

So, Verizon posted " 'Throwback Thursday' Move Imposes 1930s Rules on the Internet" and yet on In 2012, it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right,".

Sorry Verizon, you cannot have it both ways. You cannot use the argument that a law enacted in an age of Steam and Telegraph ( http://en.wikipedia.org/wiki/C... ) is bad while maintaining protection under another law enacted in an age of Sail and buggy whips ( http://en.wikipedia.org/wiki/U... ).

Unless that is you wish to say that the Communications act of 1934 is unconstitutional, and I think you have had enough time in the last 81 years to challenge that.

You can argue un-applicability, or anything you like but in truth you and your ken have brought this on yourselves with your penny pinching profiteering at the state's and citizens expense. If you had invested appropriately in new technology,taken a modest amount of profit and served your customers as if you were a utility then there would have been no need to reign you in and enforce utility rules upon you.

This is all fine and dandy. Make sure US companies encryption products have an extra front door. This can probably even be made reasonably secure by use of a gov' public key to add an extra header to all encrypted data from said products.

But how exactly are you going to make Open Source products comply with these regulations. All it will do internationally is make US encryption products unpalatable to anyone who guards their privacy weather they be criminal or not. Perhaps via international treaty, the US could like it has with copyright, force nations to criminalize large portions of their populace.

You know, I say go ahead, we all know where this ends and the vox-populi is not something Mr Director you would want to be lined up against the wall to answer.
"When government fears the people, there is liberty. When the people fear the government, there is tyranny." - Thomas Jefferson

If a granted warrant is out of the jurisdiction of one appointed legal entity what are the chances that it will be inside the jurisdiction of another. I would say the chances are 100%. So lets say a judge grants such a thing to the FBI, location unknown. They then go off and gather evidence, remotely. Only later when using that evidence to present an international arrest warrant do they expose the location.

The defence teem would I guess have a field day, presenting the FBI with their own arrest warrant accusing the FBI of a Cyber-crime across international boarders. Supported by new anti-cyber-crime laws that the US via the MPAA/RIAA fought long and hard to put into place by international treaty.

All the assumes that an invader would be perhaps biological and probably macroscopic. Assuming for the moment no faster than light travel and no magical energy sources. This means that travelling between stars will take a long time and need lots of energy. So mass and biological lifespans are a huge factor, the smaller the mass and the longer the passenger lives, the faster it can be pushed with less energy, relativistically speaking...

Today in the near earth environment we can track things larger than a baseball travelling at orbital velocities with existing NORAD space tracking. But anything smaller or faster or further away, forget it. Therefore I wonder if we would even know should the invader consisted of a cloud of nano-machines released from a micro-probe that had travelled here at near light speed.

Once the invader was here, floating down from the stratosphere scanning for useful biological machines with large enough brains we would not even be aware. Save perhaps for a spectacular sunset or two. The first sign that we had been invaded would be perhaps a sudden breakout or global cooperation and perhaps the appearance of apparently physic abilities and heightened regenerative abilities in infected subjects. It would only be much-much later that any remaining uninfected individuals would see the real purpose, when a new international space plan is put into place to send AI nano-machines as avatars for ourselves to the nearest stars.

Putting aside for a moment that this KS is probably a scam, what are the ramifications of an act such as this.

In the current climate, what would he US call it if citizens of another nation started drone flights of unknown purpose over US soil. I would suggest the T word would be used and as soon as the launch point is identified all extra-judicial efforts will be made to ensure the perpetrators are removed from the gene-pool.

Would a state like "Democratic People's Republic of Korea" consider doing less if it were in their interest.

Other states have done similar to citizens of other countries, located outside of their boarders for reasons of National Security, see:-

http://en.wikipedia.org/wiki/G...
AND
http://www.globalresearch.ca/t...
AND ALSO
http://en.wikipedia.org/wiki/N...

Has anyone tried adding multiples of their own version of this header to outgoing traffic upstream of verizons gateway, to see what happens?
Not having Verizon here in Canada I cannot try this, but it would be interesting to see if doing so with a true random nonce would defeat their tracking by adding confusion, as to which header was the real verizon one and which the customers.

Also F*** verizon, go full VPN on all your mobile traffic from now on.

Seems Jamie and Adam got there way ahead of all of us (New myth to test):
http://youtu.be/dxgPX5-cmvc?t=...
If you allow for the fact that in their case the had to burn a small hole in the top which set fire to the contents first before filling the enclosure with water, which in the case of an ATM you don't have to, than its a reasonable idea.

Firstly this is old news,
Secondly almost the first thing said in the video is that they had to install a driver on the target to force it to emit signals they could pull out of the noise. So its a nice idea that if you have access to put software on the PC you can later get it to emit information, but it you are going to do that then why not use what else is there because how often is all the targets other wireless interfaces fully disabled. I suspect unless your name is Snowden, not very often. Further, if you are that worried about leaking information that you go fully air gapped you would not be trusting a malleable OS to run from, much better to run from a live CD.

So the drones "like the one that crashed Monday, weigh only a few pounds and lack the power to do much harm."

That predisposes that you know what the mass limits are for all dangerous things to be carried. Exactly what is the minimum mass of biological agent and aerosolizing device that can expose an area upwind of the target such that natural air currents will cause multiple exposures?

Also what is the upper limit of small drones that you can stop, per second, at the fence with 100% effectiveness.

You can plan to stop larger intrusions but, stopping small drones and their miniature payloads is not the solution. The thing to do is look at where a small drone can get in and what it can carry and put in place automated defences that deal with the result, before people get hurt. Say, automated bulletproof, airtight windows and a guy in a hazmat suit with a spray bottle of bleach.

This information leaked by Clapper and Comey while not exactly a lie is misleading at best. Without the exact timeframe of the "got Sloppy" IP's it is not possible to determine if this is actually NK actioning an attack or GOP making it look like NK after the fact.

It all comes down to the fact that the NK / The Interview connection was not voiced by GOP until after the press had latched on to that link to point the finger at NK because of Sony pictures being the producer of The Interview. Now if the sloppy tradecraft (very unlikely) leaking a NK IP (175.45.176.0 – 175.45.179.255, 210.52.109.0 – 210.52.109.255 take your pick) prior to any mention of NK being responsible in the press then that would lend strong credence to that assertion. Otherwise it may point to GOP being unconnected with NK apart from PWNing either a machine within NK or via a BGP poisoning attack of a China Telecom router. Which neither China Telecom or NK are going to openly admit because of loosing face. Remember also that most of the machines in China & NK that run commercial OS's do so outside the ULA and are thus unable to keep patched and are thus open to being attacked by many known zero-day issues.

In the end it all comes down to this, governments are very bad at doing business and whoever GOP owes their allegiance or funding to, the attack on Sony was a covert criminal act conducted possibly across international boundaries and thus it needs to be treated as such. So If and when their is conclusive proof of someone who is responsible then legal recompense needs to be sought. Unfortunately international law and covert actions being what it is, it seems unlikely that even given the first the second will reach some resolution. FWIW this is a teachable moment for all large corporations, so start listening to their CISOs and give them the funds and manpower to properly secure their networks in the current climate.

Every time this come up, its RFID ePassport this and RFID credit card that. None of these use RFID at all, the technology used is NFC. As for the RFID blocking jacked, pants, wallet etc. I have tried a number of these and yes they are good at blocking RFID access tags, but do only a little to reduce the range of NFC.