Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment Re:SSH (Score 1) 88

Sorry but as far as I'm concerned key management shouldn't be a part of the process that's handling connection authentications, etc. Why can't this be an outside protocol entirely? For decades, we've been waiting for some kind of automated decentralised, anonymised key-store and surely the effort going into securing this very dangerous piece of code would have been better put into moving the problem away from SSH and allowing multi-protocol use of such things.

If you trust a server by accepting its public key, it is by definition, trusted, for as long as its private key is secure.
Only the initial trust needs to be verified by humans, and with a chain of trust, even that can be nearly automated by adding your organization's CA key when systems are deployed (I'm in an imaginary world where SSH key management has caught up with the rest of the world).
The older a private key gets, the more likely it has been compromised, maybe by VM cloning, backup media leaking, etc.

To address that, you should change the keys periodically. Prompting the user is pointless, because the connection is trusted.

WHOA, let me back up a minute, you did know your session data is actually encrypted with symmetric keys right? ... and those keys are in similar fashion changed on a regular basis without your knowledge?
If you didn't know that, well.. that explains 99% of the ignorance I'm seeing on this page.

SSH's key management is an absolute joke, but this is a step in the right direction at least. The only thing I can imagine is the authors figured people would be using kerberos in all but the smallest shops... and I'm being nice assuming SSH's kerberos integration is any good.

Comment Re:Other than the obligatory security theatre... (Score 1) 110

... just what would the fighter escort hope to accomplish? Are we really ready to order fighter pilots to shoot down airliners over a phoned-in threat? I guess all it'll take now to spook passengers and completely disrupt air travel in the U.S. is a few bozos with bunch of pre-paid or stolen cellphones.

IDK, observation maybe? Or did you want to hope for cellphone videos to explain what happened?

Comment Re:I have an even better idea (Score 0) 304

by ToasterMonkey (#48893649) Attached to: Government Recommends Cars With Smarter Brakes

Let's just enforce existing laws and get dangerous drivers off the road. THERE IS NO RIGHT TO DRIVE. If you are a dangerous driver you can and should be taken off the road.

I was a safe driver for 11 years; no tickets, no accidents, no "close calls", no complaints. Then one day I was driving to the airport early in the morning, got distracted by my radio, didn't notice that the traffic light was red, and ran right into a car that was (legally) crossing the intersection.

My question: should I have been driving for those previous 11 years? If not, why not? What kind of test would you have had me take to show that I was a dangerous driver? Or, if I was a safe driver except on that one morning, how would your plan have prevented my accident?

The fact is, most people are safe drivers most of the time. Except for when they're not.

OMG! You're saying the red light camera didn't dissuade you from driving through a red light??!!!!11 /snark

Comment Re:Just give the option to turn it off... (Score 1) 823

by ToasterMonkey (#48882147) Attached to: Fake Engine Noise Is the Auto Industry's Dirty Little Secret

Honestly, most modern cars these days are already so silent, the only sound you hear from them is the cooling fan and the tire noise. It is only the 'muscle' type cars, that make noise, and like the article says, its just because people expect them to. Hell, the 'Harley Davidson' edition Ford F150 magically sounds like a motorcycle, because they can make it sound any damn way they want now. I agree, the idea of mandating 'fake engine noise' is preposterous, because its pretending this is a new problem, when cars have already been nearly dead silent at parking lot speeds for years now.

You made a very good point, all cars should have some sort of directional warning sound at parking lot speeds.

Comment Re:Hello microwave (Score 1) 181

older non-PMR drives

Those drives are now museum artifacts, so your concern is of no practical use. No mainstream 2.5/3.5 in. hard drive manufactured in the last 15 years is recoverable after a zero-out.

If it does't severely impact your wiping throughput needs, at least use some crappy PRNG instead of zeroes.

A more likely problem than using a 15+ year old hard drive today is today's hard drive being read 5/10/15 years from now with THEIR technology.

I would like to say all information about my life more than X years old is worthless, but I know that is not generally a safe assumption. All sensitive information has its own lifespan, sometimes very long.

Comment Re:How about educating your dumbfuck mother? (Score 2) 463

by ToasterMonkey (#48734065) Attached to: Writer: How My Mom Got Hacked

Oh wait I forgot - you can't blame the victim ever no matter how much of a stupid fucking idiot they are!

I blame our industry for being as you put it "stupid fucking idiots". The most common attack vector for this particular malware and many like it is email attachments.

It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver. Most mail clients let users execute it in the same security context as the user without so much as a peep.

It isn't the users fault they don't fully understand the depths to which the technology they are using is completely broken and wholly unsuitable for purposes for which it is used by countless millions on a daily basis.

It is *our* fault for installing AV software and going back to picking our noses. *MILLIONS* of people are being exploited using the same attack vectors with malware and spyware... this business of calling everyone "fucking idiots" is getting old.

You nailed it. There is some kind of blindness among geeks to how much otherwise worthless knowledge is actually needed to properly operate a computer, all in the name of convenience for the elite who feel they earned the right to look down on everybody else. General purpose computing is just filled to the brim with self-created problems. I'm always seeing this sort of attitude displayed that computers are to serve "computer users"... not pilots, accountants, doctors, lawyers, general contractors, etc. It feels like work created by computers vs. work saved is a much higher ratio than necessary.

Comment Re: Its a cost decision (Score 2) 840

Absolutely incorrect. I have an old sewing machine that was my great grandmother's. It still works perfectly. It is old enough that the sticker inside gives a 5 digit phone number for the service center.

It's construction is heavy to say the least. 'value engineering' (read planned obsolescence) hadn't been invented yet. For quite a while after it was invented it was considered a sign of a shoddy company that is not to be trusted. But the frog in much closer to boiling now.

Any idea what the inflation adjusted cost of that thing would be today? That would be very telling, and what do you get for that money today I guess.

Comment Re:at the moment the only trend (Score 1) 171

by ToasterMonkey (#48731617) Attached to: Doxing -- Something To Expect More of In 2015

Is there a shorter or more descriptive word / phrase that you can use to describe the practice of leaking personal information in order to attack or retaliate against someone you don't like?

Docsing or doxing sounds like a good way to express that concept.

A cute hacker word is a horrible way to describe something that is blackmail without the demands, but the same damaging results.

It's just a form of harassment, and should be treated as such without the silly geek-speak to make it sound harmless.

I'd sooner loosen the definition of blackmail and call it that.

Comment Re:The TOR Project was well aware of this a while (Score 1) 83

by ToasterMonkey (#48678839) Attached to: Lizard Squad Targets Tor

you have to be actively monitoring a specific target to de-anonimize them, you can't do it to everyone. If the NSA actually got warrants when they did that to Americans [pause for laughter] I think it's a fine system.

You laugh, but at what point in an investigation would you be aware of the target's nationality?
Do you know the nationalities of the Lizard Squad members, for example? When would you, before or after this process?
Am I an American citizen? I can't get a driver's license without something like three forms of proof I live here, so tell me how does this work on the Internet?

Warrants for de-anonimizing Americans on the Internet... explain that paradox.
IP addresses are not people, the Internet has no borders, information wants to be free, etc.

IMO, there are no rights on the Internet UNTIL it has borders.

Comment Re:DRM... (Score 1) 43

... by another name.

It's called renting. That is literally what this service is marketed as and used for.
It's not as easy to drive down to Hollywood Video or Blockbuster as it used to be, so what's your problem with streamed renting?

I don't like the rental periods/price points yet, and I think it's all PS3 games right now, but the concept is solid.

In the future, game streaming could be used for promotions like XYZ 2 on sale tomorrow, play XYZ 1 free for a day, or you could try a fully functional demo for a few hours before plunking down $60 for the whole thing.

Tell me what's wrong with any of that.

Comment Re:They're assholes. (Score 1) 336

by ToasterMonkey (#48678433) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

The point he was making is that they could just be playing on PC. You have a very freedom-minded, open source (if you want it), gaming platform that has a huge library of games to go along with it. Oh, main game servers taken down? Get on something like GameRanger to play online without the official servers. The point, I think you missed it.

Next time your Internet is out remember there is someone out there saying you could be playing golf instead.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close