Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Contradictory Argument (Score 1) 254

This article makes little sense. The suggestion that the social surveillance would modify bad behaviour is disproved by the example. The attendant warned her that she is being surveilled and that the video may be released ("I will play the video, be careful"). She noted the camera, and then continued with the bad behaviour anyway. Maintaining an awareness of surveillance and the implications of such surveillance continuously or in periods of high stress is difficult. This is not to say that surveillance has no effect, but the impact varies based on the situation. If you have time and the capacity to consider the impact of a behaviour, say where the cause and effect is clear (making a threat to the TSA in an airport for example), you might modify the behaviour. If the moral standard is unclear (Joking on twitter about airplane wifi) or the effect is less clear (insulting another gamer) you might not modify the behaviour. Rolling out surveillance is not a cure for social ills and those that have lived under social surveillance systems (such as East Germany) will not struggle to recount examples of negative impact.

TL;DR Lady knew she was on camera and was bitchy anyway therefore 'surveillance makes people be good' thing is BS.

Comment Irresponsible (Score 1) 181

This is terribly irresponsible regardless of the validity of it. South Korea has been attempting to reduce tensions in the area to return to negotiations with the North. This could be considered as evidence of hostilities by the South and increase tensions in the area. This would have a negative effect on the talks, increase the resolve in the North and add legitimacy to Japan's quest to reestablish a military. Destabilizing an entire region of the world and putting millions of lives at risk, reducing the effectiveness of your and your allies' cyber divisions, just to add weight to your PR campaign is nothing but irresponsible.

Comment Re:Legalities (Score 1) 301

You are 100% Correct. In fact Washington State law reflects this. In the law on public Disclosure.

Besides the fact that an anonymous request should be ignored as the applicants name and address etc. should be included on the application.
RCW 42.56.240
Investigative, law enforcement, and crime victims.
The following investigative, law enforcement, and crime victim information is exempt from public inspection and copying under this chapter:
(1) Specific intelligence information and specific investigative records compiled by investigative, law enforcement, and penology agencies, and state agencies vested with the responsibility to discipline members of any profession, the nondisclosure of which is essential to effective law enforcement or for the protection of any person's right to privacy;
(2) Information revealing the identity of persons who are witnesses to or victims of crime or who file complaints with investigative, law enforcement, or penology agencies, other than the commission, if disclosure would endanger any person's life, physical safety, or property. If at the time a complaint is filed the complainant, victim, or witness indicates a desire for disclosure or nondisclosure, such desire shall govern. However, all complaints filed with the commission about any elected official or candidate for public office must be made in writing and signed by the complainant under oath;
(3) Any records of investigative reports prepared by any state, county, municipal, or other law enforcement agency pertaining to sex offenses contained in chapter 9A.44 RCW or sexually violent offenses as defined in RCW 71.09.020, which have been transferred to the Washington association of sheriffs and police chiefs for permanent electronic retention and retrieval pursuant to RCW 40.14.070(2)(b);
(4) License applications under RCW 9.41.070; copies of license applications or information on the applications may be released to law enforcement or corrections agencies;
(5) Information revealing the identity of child victims of sexual assault who are under age eighteen. Identifying information means the child victim's name, address, location, photograph, and in cases in which the child victim is a relative or stepchild of the alleged perpetrator, identification of the relationship between the child and the alleged perpetrator;
(6) The statewide gang database referenced in RCW 43.43.762;
(7) Data from the electronic sales tracking system established in RCW 69.43.165;
(8) Information submitted to the statewide unified sex offender notification and registration program under RCW 36.28A.040(6) by a person for the purpose of receiving notification regarding a registered sex offender, including the person's name, residential address, and e-mail address;
(9) Personally identifying information collected by law enforcement agencies pursuant to local security alarm system programs and vacation crime watch programs. Nothing in this subsection shall be interpreted so as to prohibit the legal owner of a residence or business from accessing information regarding his or her residence or business; and
(10) The felony firearm offense conviction database of felony firearm offenders established in RCW 43.43.822; and
(11) The identity of a state employee or officer who has in good faith filed a complaint with an ethics board, as provided in RCW 42.52.410, or who has in good faith reported improper governmental action, as defined in RCW 42.40.020, to the auditor or other public official, as defined in RCW 42.40.020; and
(12) The following security threat group information collected and maintained by the department of corrections pursuant to RCW 72.09.745: (a) Information that could lead to the identification of a person's security threat group status, affiliation, or activities; (b) information that reveals specific security threats associated with the operation and activities of security threat groups; and (c) information that identifies the number of security threat group members, affiliates, or associates.

[2013 c 315 2; 2013 c 190 7; 2013 c 183 1; 2012 c 88 1. Prior: 2010 c 266 2; 2010 c 182 5; 2008 c 276 202; 2005 c 274 404.]

Article (1) and (2) pretty much put a stop to this whole thing. Further, Article (9) there basically provides a precedent for this operation and most of the data would be covered under the other aspects previously noted. It would not be particularly problematic to amend this law to include body cam footage as it appears to have been done in the past to cover other things.

I hop this whole thing is a play to get this kind of change made and not can the program.

Comment This is not a zero sum issue (Score 1) 549

I agree and yet I disagree with the article

I think that the solution to this issue will both overcome true brute force and selected sample attacks (aren't these called rainbow table brute force ? )

I reject the password manager as the default as many people switch between multiple machines some of which are not in their control as such assuming that people own the machines that they use is designing a scheme that does not work for a large number of people. It would be difficult for the multitudes in developing countries that use shared (internet cafe, school etc) computers to get online to implement this scheme.

I agree on changing passwords rarely, but again this depends on the type of use and different users should be able to adjust their behaviour to suit their personal risk profile. For example if I had no choice but to use hotel and airport wifi and access services often I would change my password more frequently than if I only used a machine in the office or at home due to the increased risk from less secure networks and surveillance of my activities.

We are struggling currently to change habits that were introduced 20 years ago. If we make the learning curve too steep we risk the majority finding someway to avoid the process. People tend to ration the mental effort they dedicate to security based on the perceived risk ( If we make the effort too high then they may develop a coping strategy that is not productive.

I think that Diogo Monica makes a very good point. But the implementation should be slow and should follow the widespread adoption of pass phrases. In the meantime, if all (some already do) password assessment tools could give a poor mark to the top ten passwords, and passwords containing the service name, user name or birthdate.

Comment Re:Not a medical professional, but: (Score 2) 30

Very interesting. Not quite the same as the article because the subject in this case is blindfolded and its a referred sensation.
Nonetheless I didn't know about this and was happy for the reference.
I think the /. appropriate content is at the links below

Synaethesia in phantom limbs induced with mirrors (1996)
V.S. Ramachandran & D Rogers-Ramachandran

Phantoms Limbs and Neural Plasticity
V.S. Ramachandran & D Rogers-Ramachandran (2000)

Comment Generalizations not helpful (Score 1) 299

This just in, some individuals are better suited to some situations than others.
I don't think that anyone had decided that they wouldn't hire ex-military with relevant experience because of where they acquired it. Most organizations require some adjustment from their staff in order to understand and fit into the culture of that place. That is why they still interview potential staff, to see if as a person they would likely fit into the social environment.

Comment Re:Security is too hard (Score 3, Informative) 70

It is not just you that thinks this. But I think it is a convenient thought not a considered one.
I don't think there is anything in terms of research to support the 'criminal subclass' idea (i.e. a group too stupid to succeed without breaking the rules), it is just a rationalization that outlived phrenology.
Even if the measure of criminal intelligence was not being caught, it assumes that the entire criminal justice system is composed of exactly average people with the same resources as the criminals. That is clearly not the case, as their 'situational awareness' tools are what motivates those without criminal intentions to consider these technologies.
Regarding the use of TOR, when imagining the criminal 'eptitude', you have to balance the fact that the risk would motivate them to expend additional effort in using the system. These things are more about discipline than intelligence. You might be more disciplined in your approach to paid work than a hobby, it would be reasonable to expect that criminals would similarly be more disciplined with the use of TOR than a hobbyist.
I think mveloso's heuristic for measuring a security tool is still valid.

Comment The outcome is that there is probably a problem. (Score 1) 460

Have a look at the original article the authors even note the major problems of this study. The sample (Only 666 respondents) is not representative. The subject matter is more likely to be responded to by those with strong negative views. The link was referred, making it a snow ball sample, those who know others with strong view are likely to pass it to those people. The group was uncharacteristically composed of women They assumed a different email name signifies a different person. The researchers pointed this out along with the face that there is not way of singling out any group as being worse than any other group. This in combination with the differing understandings of the questions. That said however, there are issues here. It is important to highlight the different understanding and norms between genders and age groups that can cause problems as well as bring attention to the options open to victims to seek help and remedy issues. Note that the survey found that none of the men knew what to do if they felt they had been sexually harassed.

Comment Re: Not the full story (a.k.a RTF) (Score 1) 248

For an act to be criminal it often is required that the person is aware that the act is illegal. It is not fair for a the courts to punish a person for breaking a law that doesn't reflect current social norms and is collectively forgotten. Those weird sex laws that you read about would be an example. In that case you could honestly state that you believed you were acting lawfully. That belief needs to be backed up by fact, your behavior should reflect your understanding. In this case, he would need to be able to refute the evidence presented by the prosecution. The had the log files from the server and his machine that showed he visited the front page that showed that the documents were restricted to those that had logged in. He could have maintained that he didn't understand that the particular files in question were restricted but it may have been unconvincing as he works in it security.

Comment Not the full story (a.k.a RTF) (Score 2, Insightful) 248

He admitted in court that he had been to the front page of the site where they were hosted and was aware that the documents were not intended to be available to the public. Finding them by accident on Google is one thing and not the point of contention here. Then downloading all of them and then republishing them knowing full well that what you are doing is definitely unethical and probably illegal is another matter. The blogger runs a security company and should have informed the company of the fault before blogging about it. This is not the kind of practice that is considered acceptable in the security community. Given that it could be considered as a criminal offence in Europe to access the documents without the requisite authorization you can take the fine (no prison time, no criminal conviction) as not a bad outcome. The issue here is that the court had no idea about the the online environment or what crime online is before the trial which speaks to a definite problem in regards to the training of judicial staff.

Comment Re:There goes another Swiss Army knife (Score 1) 298

About 10 years ago I lost a small voltage test screwdriver on my way to a meeting with security management which was moved en route to a room inside the secure area of the terminal. No way to prepare for that.

That wasn't TSA though, that was their cousins in Australia.

That's a pretty rare case though, those guys are pretty good normally.

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig