Forgot your password?

Comment: Re:Most of this will be about internal politics (Score 1) 519

Actually , till that prize idiot Galtieri buggered it up by invading , the conservative government of Margaret Thatcher was considering adopting a hong kong style sale and lease back . The story then , as is now , was defense cuts and the absolute bonkers sums of money it costs us to keep those sheep farmers safe.The Argentine government finds it a convenient issue to deflect attention from its economic woes .And no UK PM will forego an opportunity to display his utter devotion to our peace and security by loudly professing the safety of the falklands while decimating our armed forces.

Honeywords — Honeypot Passwords 110

Posted by Soulskill
from the oh-bother dept.
CowboyRobot writes "Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information. That's the thinking behind the 'honeywords' concept first proposed this month in 'Honeywords: Making Password-Cracking Detectable (PDF),' a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest (the 'R' in 'RSA'). Honeywords aren't meant to serve as a replacement for good password security practices. But as numerous breaches continue to demonstrate, regardless of the security that businesses have put in place, they often fail to detect when users' passwords have been compromised."

Comment: OpenSUSE is your bag (Score 1) 573

by Master of Transhuman (#43266177) Attached to: Ask Slashdot: New To Linux; Which Distro?

If you're coming from Windows, presumably, you want to use KDE because it's closer to Windows than GNOME is. And openSUSE is THE KDE distro to use.

It's got everything, it's supported by a large development community, it's stable, it has better QA than Ubuntu ever will, its software repositories are large and well-stocked, its GUI system management tools are very good (maybe the best). They also aren't prone to "radical" experiments in user interfaces like Ubuntu is.

I've used openSUSE for several years now after having had bad experiences with Mandriva and Ubuntu (specifically Kubuntu) in the past. No distro is perfect - currently I have issues with something on my system - I suspect the NVidia proprietary drivers and/or Firefox - that's causing frequent maxed out CPU situations. openSUSE 12.2 is the first time I've had issues of this sort. Previous releases have been perfect. Hopefully 12.3 will resolve these issues. And not everyone has them, just me and a couple other people in the openSUSE forums apparently.

But you can't go wrong with openSUSE. It's one of the top five Linux distros out there.

Comment: A suggestion (Score 1) 786

by Master of Transhuman (#43019751) Attached to: Linus Torvalds Explodes at Red Hat Developer

Fuck dual-booting. Fuck secure boot.

Linux shouldn't care about people who want to dual boot their systems. The method of choice today is virtual machines. So forget about dual-booting - it's an obsolete technology that shouldn't control how the OS is designed.

Forget secure boot. This is going to be bypassed by someone anyway - someway, sometime. Let Linux users turn it off in the hardware BIOS and forget about it. People who think their computer's security is going to depend on this secure boot technology are living in a fool's paradise. Even if the technology is not actually cracked and bypassed directly, the mere complexity of the OS and the applications running on top it means it's going to be bypassed de facto in user space just as it is today.

Do we really need all this extra complexity and ONE COMPANY owning the "keys to the kingdom" (literally) - especially as someone pointed out, anyone with a credit card can get a key signed by them or just steal the key from them - just to deal with boot loader malware and the odd occasion when some hacker gets physical access to the machine and boots a Linux Live CD?


I go along with Linus on this - this is nonsense from Microsoft for Microsoft's own agenda and people who have been brainwashed into thinking secure boot must be mandatory are basically idiots who don't understand security at all.

I'm someone who goes against the current infosec mantra that security controls should not interfere with business goals. I think security goals are by definition PART of a business' goals. But in this case I think the complexity and lack of cost-benefit of this particular security technology should rule it out.

If you want secure boot, then make it totally VENDOR-INDEPENDENT. That's the only way this is going to work.

Comment: Nice PR for Mandiant and Richard Beitjich (Score 4, Interesting) 137

While there's no doubt that there are hundreds of thousands of hackers in China (not surprising given the population there), and there is little doubt that many of them are going to be hacking the "Big Bad" (i.e., the U.S.), this is mostly a PR campaign for Mandiant and Richard Beitjich.

Beitjich has been bitching and moaning about China for years now. He won't be satisfied until the US is at war with China - not cyberwar, REAL war.

The problem is multiple:

1) First, there is my "security meme" which should be engraved on everyone's forehead:

"You can haz better security, you can haz worse security. But you cannot haz 'security'. There is no security. Deal."

This means there is no way to keep hackers out of your networks, given the state of the software and telecommunications industries in terms of software development. There is no secure software (short of some specific stuff used by the DoD - and I'm not sure about thee, as the saying goes) and no secure infrastructure. What one guy can make, another guy can break. This is history.

The consensus in infosec today is that the best you can do is try to detect a breach, react to it and contain it so the enemy doesn't get everything it's after. All attempts at "preventing" hacking are utterly futile.

2) Cybercrime is a "growth industry". It's where the narcotics industry was back in the first half of the 20th Century after the anti-drug laws were passed. It will continue to grow until the software and telecommunications industries change their development practices - and based on human resistance to change, this won't happen until cybercrime is ubiquitous and governments and corporations are nailed to a wall of loss.

3) As we used to say in Federal prison, "I hope you don't like it. What are you going to do about it?" i.e., China is a nuclear power. They have 200 or so nuclear warheads. So what is the US going to do to stop Chinese hackers from spying? Bomb them? Threaten them with trade sanctions and start a trade war - with China owning trillions of dollars of US debt and is the US biggest trading partner? The days are gone when the US can just stomp on countries they don't like. Iran is giving the US the finger over the sanctions on it. How much less is China going to be affected?

Finally, I view this whole situation as "leveling the playing field." This is related to 2) above. The U.S. has used its military and economic clout for a hundred years to overwhelm and push countries all over the world around. What is happening now is that the chickens are coming home to roost. The U.S. "intellectual property" (an oxymoron at best) regime is being looted - as it should be.

So nothing is going to change for at least the next decade, maybe two decades.

So as my meme says: Deal.

Comment: Brilliant rant and completely true (Score 2, Insightful) 1110

by Master of Transhuman (#42355085) Attached to: 30 Days Is Too Long: Animated Rant About Windows 8

All you need to know is - who the hell decided to call this crap on the side the "Charms Bar"?

Seriously? That alone disqualifies Windows 8 from being a usable operating system.

His list of four design elements that Windows 8 CLEARLY breaks is perfectly correct. A tablet and a desktop PC are TWO TOTALLY DIFFERENT ANIMALS. Mixing the UI metaphor is just stupid.

I don't think the notion of a "recall" is likely to be a useful suggestion. However, I think a "Service Pack" that makes some of the UI screwups "optional" is likely to be in Windows 8 immediate future, despite Microsoft's insistence that there won't be any more "Service Packs".

OTOH, there are enough third party utilities out there that attempt to correct some of the more egregious UI errors that maybe Microsoft will try to "tough it out". After all, as the guy says, anyone buying a new machine is pretty much going to be force-fed Windows 8, and we all know Microsoft couldn't care less about its customers.

I do agree that Linux is undergoing the same sort of stupidity. The Ubuntu Unity interface was roundly denounced by many Linux users. I didn't like a lot of the KDE 4.x changes when I shifted from KDE 3.x to 4.x and either never used the "features" that were added and in a couple cases disabled them.

I don't have an a priori problem with trying to improve PC user interfaces. I DO have a problem with making changes that no one has asked for, simply on someone's notion that "hey, this could be COOL!" "Cool" invariably leads to CRAP.

Comment: Zero evidence for both contentions (Score 0) 159

First, there is ZERO evidence presented so far that Iran had anything to do with any cyberattacks on anyone.

Anyone in infosec knows how hard it is to attribute a given attack on a given party. There are just too many ways to fake an attack's origin. And the US government has not provided any direct evidence of Iranian involvement.

It's on a par with the ridiculous "Saudi ambassador assassination" claim. The lunatic involved in that case plead guilty, but there is still ZERO evidence that it had anything to do with the Iranian government, and far more likely had to do with the anti-Iranian terrorist group, the M.E.K., which the US, in its infinite wisdom, just took off the terrorist list thanks to "material support" from a number of US politicians - in violation of US anti-terrorist statutes prohibiting such activities.

As for the drone, it was Hizballah who ran the drone into Israel, not Iran. Iran may have supplied the drone, but that's no surprise. Iran has been supplying Hizballah with technology for some time. And deservedly so. Hizballah is the only thing that has kept Israel out of Lebanon for the last decade. Israel tried to destroy Lebanon in 2006, but failed miserably. It will try again. In fact that is the reason for the Syrian crisis - to degrade Syria's military sufficiently to allow Israel to cross into Syrian territory to attack Hizballah in the Bekaa Valley.

Apparently the conventional wisdom is that the US is allowed to attack anyone, anywhere, any time, with any means - but even the hint of retaliation is grounds for being declared a "terrorist" and then being either droned to death or outright invaded.

Finally, I will repeat the FACTS about Iran's nuclear energy program:

1) There is ZERO evidence that Iran has a nuclear weapons program. This is agreed on by both all 16 US intelligence agencies AND Israel's intelligence agencies (Netanyahu and Obama notwithstanding.) And for the SEVENTY PERCENT of the US population who thinks Iran already HAS nuclear weapons - well, intelligence was never the US electorate's strong suit...

2) There is ZERO evidence that Iran ever HAD a nuclear weapons program, except as the DIA says a likely "feasibility study" back when Iran was afraid Saddam had such a program. And Iran ended that program, quite logically, when the US overthrew Saddam and handed Iran major influence in Iraq.

3) Iran has no strategic or tactical need for nuclear weapons, and couldn't use them as a deterrent against either the US or Israel if it had them. And the Iranians know this and have said so repeatedly.

4) Iran has never threatened to "wipe Israel off the map", no matter how many times you've read that alleged "fact" in the media.

5) Iran's military posture is strictly defensive. They rely on "soft power" projection for influence in the region, including supporting Shia communities in Lebanon and the GCC, and seek good relations with all the countries in the region (except Israel, of course.) They haven't attacked anyone in hundreds of years. Israel has attacked someone in every decade since the 1940's. The US - don't even ask...

6) Israel is the only country in the Middle East with nuclear weapons, has not joined the NPT, refuses to allow its nuclear capabilities to be monitored, and has threatened to use nuclear weapons on its neighbors in the past. It is the only country with a nuclear second strike capability and the ability to threaten countries outside the region with nuclear weapons via its submarine fleet. In fact, it has been suggested that the sole reason for Israel to have nuclear weapons - an unnecessary addition to its conventional military capability compared to the nations on its borders - is to be able to threaten the WEST should the need arise - which it did in 1973 when it threatened to nuke the Aswan Dam if the US did not re-supply it during the 1973 war. Hint: The US caved.

7) The bottom line: Iran is not toeing the US line and interferes with Israel's ability to gobble up countries on its borders in the insane Zionist quest for "Eretz Israel" (WHO are the REAL "mad mullahs" is a valid question.) Therefore the US and Israel intend to degrade Iran until it is no longer an effective geopolitical actor in the region. This was the goal with Iraq. It is the goal with Iran. And just like the bogus Iraq "WMDs", there is no Iranian "nuclear threat" - and never will be. But the people who run the US - the military-industrial complex, the oil companies, the banks who finance them, the neocons and corrupt politicians who are owned by them, and Israel and its massive Lobby in the US - fully intend to attack Iran as soon as they've degraded Iran's potential allies in that war - Syria and Hizballah in Lebanon.

It will ignite a regional war, it will cause an oil price spike that will devastate the US economy (except those in the military-industrial complex who get paid directly from US taxpayers), and it will result in a million or three civilian deaths and thousands of US military casualties. All so a handful of rich people can get richer and some fanatics in Israel can get rid of one of their enemies.

Comment: "Evidence suggests"... (Score 1, Troll) 306

by Master of Transhuman (#41425063) Attached to: Iran Behind Cyber Attacks On U.S. Banks

No, it doesn't, because absolutely NO evidence has been presented.

If I have to choose between the Iranian government (as opposed to some random Iranian hackers) doing deliberate DDoS attacks on US banks - since they presumably know Pentagon doctrine has such attacks justifying a military strike on the perpetrator - and some nameless *cough, Israel, neocons,cough* propagandists touting this notion as another excuse to attack Iran, I'll back the latter. Another highly likely probability I'd be will to bet on over Iranians doing this is that Israeli hackers are doing this - AND on command of the Israeli intelligence agencies.

Ninety percent of what the IAEA has been reporting since Amano took office as its head as "evidence" of an Iranian nuclear weapons program has been exposed by former IAEA investigators such as Robert Kelley and journalists such as Gareth Porter as utterly bogus. We know from Wikileaks cables that Amano is totally in the pocket of the United States with regard to the Iranian file.

There remains ZERO evidence that Iran has a nuclear weapons program and almost zero evidence that they ever had even before 2003 - when every one of the 16 US intelligence agencies agree Iran stopped the "feasibility studies" they allegedly undertook prior to 2003 (because they were afraid Saddam had one.)

Until some sort of evidence is presented, I dismiss this latest as just more anti-Iran propaganda.

Badges? We don't need no stinking badges.