Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Immune system for operating systems? (Score 1) 50

by Burz (#48400265) Attached to: Open Source Self-Healing Software For Virtual Machines

This is the one thing QubesOS could use to improve its security-by-isolation approach: Detection and repair in VMs. Even if you assume the hypervisor stays safe (and therefore, your trusted VMs stay safe), you're still relying on VMs to get everything done and the VMs doing the risky tasks are vulnerable to attack. It would be nice if those less-trusted VMs could get automatically restored after a successful attack.
Security

First Victims of the Stuxnet Worm Revealed 39

Posted by Soulskill from the patient-zero dept.
An anonymous reader writes: Analyzing more than 2,000 Stuxnet files collected over a two-year period, Kaspersky Lab can identify the first victims of the Stuxnet worm. Initially security researchers had no doubt that the whole attack had a targeted nature. The code of the Stuxnet worm looked professional and exclusive; there was evidence that extremely expensive zero-day vulnerabilities were used. However, it wasn't yet known what kind of organizations were attacked first and how the malware ultimately made it right through to the uranium enrichment centrifuges in the particular top secret facilities. Kaspersky Lab analysis sheds light on these questions.

Comment Come on over to I2P (Score 3, Informative) 135

by Burz (#48357189) Attached to: Tor Project Mulls How Feds Took Down Hidden Websites

There are no privileged routers (or 'guard' nodes) on I2P, and from the perspective of "relays" I2P has many times the number Tor has.

Its way better than Tor when you're looking mainly to communicate with other anon sites/users. Comes with bittorrent and an option for decentralized (serverless) securemail.
Canada

Canadian Police Recommend Ending Anonymity On the Internet 231

Posted by samzenpus from the sign-in dept.
An anonymous reader writes "Michael Geist reports that last week the Ontario Provincial Police, one of Canada's largest police forces, recommended legally ending anonymity on the Internet. Noting the need for drivers licenses to drive or marriage licenses to get married, the police suggested that an Internet license that would reveal all users is needed to address online crime. The Canadian Supreme Court strongly endorsed a right to anonymity earlier this year."

Comment Re:Don't totally agree (Score 2) 224

by Burz (#48345427) Attached to: Mayday PAC Goes 2 For 8

Its dumbasses like you that think "As long as you are voting for the lesser of two evils you are making a difference"

There is such a thing as a protest vote, "dumbass".

Showing up to vote is critically important. At the very least it ensures the authorities will have to do the dirty, dirty work of physically turning people away if they have been purged from the rolls.

Comment Re:Unfortunate, but not surprising (Score 1, Insightful) 450

by Burz (#48341643) Attached to: Joey Hess Resigns From Debian

As a (primarily desktop) Linux user since 1998, the unfolding of this debacle is starting to look like an example of why Linux distros in general lack appeal in the desktop space. Desktop/laptop users can't 'make do' with server architecture; there isn't enough veritcal integration of the powerful features we need. When layers represented by systemd and wayland must be considered swappable, the more talented users turn off to the possiblity of building stable user-facing applications on that platform.

One bit of advice is, don't be such primadonnas. Like the laptop users, you'll have to explain to the world which workflows and features are getting broken by these recent changes. OTOH, if all that's getting 'broken' is your philosophy then you might want to take a step back and consider that a better (if larger) one may have replaced it.
Science

Study Shows Direct Brain Interface Between Humans 110

Posted by samzenpus from the I-want-to-know-what-you're-thinking dept.
vinces99 writes University of Washington researchers have successfully replicated a direct brain-to-brain connection between pairs of people as part of a scientific study following the team's initial demonstration a year ago. In the newly published study, which involved six people, researchers were able to transmit the signals from one person's brain over the Internet and use these signals to control the hand motions of another person within a split second of sending that signal.
Businesses

The Other Side of Diversity In Tech 441

Posted by Soulskill from the all-together-now dept.
An anonymous reader writes: We frequently discuss diversity in the tech industry, and all the initiatives getting underway to encourage women and minorities to enter (and stay in) the field. The prevailing theme is that this will be good for companies, good for innovation, and good for the future of technology. While that's true, greater representation will also be good for the individuals themselves. Erica Joy has been in IT for a long time, and she's worked in many of the industry hotspots. She's written an insightful article on how the lack of diversity has affected her throughout her career. An excerpt: "Unfortunately, my workplace is homogenous and so are my surroundings. I feel different everywhere. I go to work and I stick out like a sore thumb. ... I feel like I've lost my entire cultural identity in effort to be part of the culture I've spent the majority of the last decade in."

Comment Re:Would love to see how I2P-Bote fares. (Score 3, Informative) 96

by Burz (#48314911) Attached to: EFF Begins a Campaign For Secure and Usable Cryptography

Thus, any packet sniffer out there (be it by a credit card thief, the NSA - who may also be credit card thieves, or anyone else) can't look for context to decide what packets to grab. There is no context.

Actually, there is the very important context of who is transmitting to whom, and when, which IPSec is giving away. Each user, therefore, might as well be the subject of a pen register.

With I2P, all they see is a stream of encrypted packets to random points and even the 'when' is obscurred (I2P users onion-route traffic for other users by default and expectation, so you can think of this protocol as marrying ideas from IPSec, Tor and Bittorrent).

That means having to decrypt absolutely everything, including DNS lookups...

Speaking of DNS lookups: Why make your addressing dependant on centralized, establishment-controlled scheme? If PKI can be subverted to let them eavesdrop, then IP addresses and DNS certainly can be as well. Addresses that operate like public keys are much better.

Its already there on your TAILS disc... try it out. ;)

Comment Re:Would love to see how I2P-Bote fares. (Score 2) 96

by Burz (#48314447) Attached to: EFF Begins a Campaign For Secure and Usable Cryptography

Its also worth noting that the I2P layer under I2P-Bote is general purpose: You can browse and even torrent with it, anonymously and securely.

Why make the focus so piecemeal??? We have experts going around saying the answer to mass surveillance is to make application-level crypo ubiquitous. I'm sorry, but that sounds like an unnecessary hassle that begs people to "just turn the crypto thingie off". Its better to have one tool that can provide security and anonymity for a large array of applications.

I respect the EFF's work, but I think their technical vision is very tiny and may meet up with the blind alley it deserves.

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close