Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:I thought she said she destroyed it? (Score 2) 676

https://en.wikipedia.org/wiki/... describes how storage devices can remap failing sectors, which cannot be erased by normal OS means but could possibly be recovered forensically. The OS cannot erase the contents as the drive firmware opaquely performs the mapping.

Comment Re:backdoor versus sidedoor. (Score 2) 102

Your safe deposit box is vulnerable to one person with a good drill.

Any system that hobbles wide-spread encryption tools with a backdoor key will eventually be subverted by loss / discovery of the key(s), rendering the entire system worse then useless. Multiple keys is also difficult as the NSA/FBI is going to regularly use this facility, so the keys have to be online / available. Not so much the 'break glass in case of fire' but more of 'press button to open door'.

Keys that subvert an entire countries infrastructure would be one of the worlds most sought-after secrets. Thats a lot of resources to bring to bear to defeat a small number of keys.

Comment Re:Completely dumb (Score 1) 342

The T&Cs are satisfied since the entity redeeming the ticket is identified -- just not as an individual person. The owner is set when the back of the ticket is signed (http://www.bna.com/taxpayer-pay-gift-b12884908246/) and that can be any legal entity from the looks of that article.

Comment Re:The future of console games (Score 1) 249

Isn't that equivalent to music companies having no obligation to supply a replacement if your CD is damaged? The theory as I understand it is the license is part of the media, in this case the 'media' is Steam -- I suspect they will not be moved if 'Steam' is damaged.

I recall the old floppy-based copy-protected games would sometimes offer to replace media if it failed, but not always.

Comment Re:Seems like this will work... (Score 1) 213

I suspect it'll require some sort of signup and beacon placement for the drone to know where to place the package; say by placing multiple beacons in your yard / on your building roof (for larger buildings) that designate the boundaries where the objects can be placed. The beacons could also transmit the destination GPS coordinates for en-route navigation, but gps is probably not enough for the final drop. That would have to rely on a signal from the beacons themselves.

The beacons can also act as warnings that a flight is incoming (lights / sounds, etc) and be able to do some sort of sweep if anything is blocking the landing pad.

Or perhaps a 'landing tarp' that has a pattern on it that the drone computer vision can use to determine if anything is in the way (such as expect a regular grid pattern); if any of the grid is obscured then abort.

Comment Re: Ah, come one, don't we trust the Feds? (Score 2) 90

Installing Open Connect means Comcast avoids costs in maintaining higher capacity edge routers, and can place the caching boxes wherever is efficient for their own network topology. For example, if placed in each geographic region hub, it means their own long-haul trunks are less stressed and do not need to be upgraded as soon. If you take as a given that customers will want to watch NetFlix, then the costs of hosting these cache boxes is supposed to be offset by the reduced pressure on the long-distance Comcast network connections.

Comment Re:I use GnuPG (Score 1) 309

The NSA can't subvert a keyserver. At least, at worst they can replace the keys with their own, but then the Web Of Trust would render those keys untrusted. Getting the key from a keyserver or copying it from a webpage is equivalent. The benefit of the keyserver is if you get an email from someone signed by key X, your client can fetch the key from the keyserver then calculate if you have any trust of that key.

Also, I see that your key is on a keyserver: http://pgpkeys.mit.edu/pks/loo... as any key can be published to a keyserver regardless if you have the corresponding private key.

Comment Auditing (Score 2) 262

It seems improbable that a 'Enterprise' Customer Relationship Management system that Comcast must be using wouldn't have a detailed history on account changes, such as who submitted a name change. There should be no mystery as to who is changed the names.

Unless someone has hacked in to the underlying database and is bypassing the business logic, in which case Comcast has a serious problem on their hands.

Comment No control (Score 1) 83

Hosted applications may or may not handle the passwords properly after they've been entered into the form. It is inescapable that the host must have the raw keys in order to decrypt the data. It may be impervious to 3rd parties *now* but there's nothing that prevents that from changing, and the user has no way of detecting it.

Similarly for mobile applications -- unless one has firsthand knowledge that the currently installed application will not transmit raw keys to a 3rd party, AND prevents all future updates to that application, then the security is fleeting.

It may be that the promise of security is enough for a given use case, but to be sure one needs to encrypted the data with keys that are never transmitted to a 3rd party prior to uploading the data.

Another way of looking at it: If an entity were to hold a figurative gun to the head of a mobile app developer / hosting provider, in such a way that you as a user were unaware of it (ie were still willing to use the application / provider in the normal course of usage), could the application be changed such that the data is exposed?

Anything cut to length will be too short.

Working...