Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Weak attack (Score 2) 66

Unlike MD5, it is still impossible to get two different files that have the same standard SHA-1 checksum.

False. As long as there are potentially more bits in the input than there are in the output (read: the input can be longer than the resulting hash), any hashing algorithm will have collisions. It is the difficulty in generating these collisions that makes the algorithm strong or weak; and they are quite easy to generate for MD5.

Comment Re:what about git? (Score 1) 66

Interestingly, if you produce a language specification which permits fewer valid inputs than the number of possible hash outputs, it is in principle possible that no collisions will occur.

Yes, and knowing each possible valid input would allow you to build a rainbow table to decode each hash back to its original value (and not just to a value that will give you the same hash).

Indeed it would be a good exercise for a beginning cryptanalyst to try and construct a language such that valid inputs were guaranteed to get different md5sum outputs.

Only because they would, shortly thereafter, learn that hashes are, in fact, meant to not be reversible. Guaranteeing a 1-to-1 mapping (e.g. no collisions) makes them reversible, negating the point of the hash.

Comment Re:Samsung != Apple (Score 1) 141

You can quit attempting to put words into my mouth,

Where have I done this?

I have no intention of falling for your strawmen.

What strawmen?

Android's abysmal adoption rate of new OS versions is well known.

I never argued this.

Marshmallow is and will be irrelevant for months until it's adoption rates become significant

I don't care about anyone else's devices, only my own. The adoption rate for Marshmallow is 100% for the devices I am concerned about. That's as significant as it gets.

given how frequent new & different attacks have been released for android over the past few years I have little confidence that marshmallow will bring significant change because any new bug is still no more likely to be patched by upgrading to a fixed version than present versions of Android have been.

That's getting a little closer to what I've been trying to get out of you. Since it seems you have no concrete information regarding what I actually care about, I suppose time will tell.

That someone with the experience you claim would be so apparently clueless as to ignore these points and to keep bringing up "but how's marshmallow" like it makes any difference just shows that you still haven't understood the problem.

No, I understand the problem quite well. There are a number of known vulnerabilities in versions of Android that I don't use, which makes it not my problem. I am asking about the version I do use, because those vulnerabilities are my problem.

My children are adults now.

Then you must be old enough to have acquired the wisdom to discern when you and the person you are conversing with are talking about two different things, from two different perspectives. Please apply that wisdom here, as I've pointed this out several times by now.

During their childhood they were often complimented on how well behaved they were for their ages

As as I.

but I've seen what bad parenting does.

We all have. It often leads to discussions like this.

Your lack of self-control and justification of how that is supposed to be normal in particular for an adult does not speak well for how you were raised.

I don't lack self-control, I simply have no tolerance for people like you who try to get by in indirect insults as if that's any better than calling someone a dumbass. As for the words you claim I am putting in your mouth, I can only assume you are referring to me saying the following:

Most small kids would not have waited for you to call them by the wrong name, take an insulting tone with them, insinuate that they're in denial about something they've already openly acknowledged (head in the sand or up... where, exactly?), and refuse to address (acknowledge, hell, not even answer) their questions, before calling you a doo-doo head.

Well, I'm not sure how that's putting words in anyone's mouth. Here are the quotes detailing you doing each and every one of those things:

"by the wrong name": Androids are getting Powned left right & center due to their abysmal security & Bronsco thinks I'm talking about ad blockers?!?!

"take an insulting tone with them" and "insinuate that they're in denial about something they've already openly acknowledged" are covered by the next two:

"head in the sand": Just how deep in the "sand" do you have your head stuck in?

"or up... where, exactly?": Oh, do keep your head up where it's been hiding

And, to that, I'll reiterate: Where, exactly? I'm sure your mother would be proud. As for your refusal to address my questions, well, I'm not going to quote our entire conversation; you can go back and read it yourself.

Comment Re:Samsung != Apple (Score 1) 141

You're an android user

Thanks for highlighting that incorrect assumption. I didn't give you my full bio but, in addition to being a user, I am also a developer (apps and roms alike) and, in addition to Android, I also use iOS, Windows, several distros of Linux, a couple of BSDs, and my primary OS of choice is OSX. Hardly a fanboy.

Android bugs that in most cases will never be corrected until people replace their phones with new models so that their maker will be motivated enough to update them.

Are you implying that newer versions of Android aren't affected by the vulnerabilities you know of? That's what it sounds like; if that's the case, I don't know what we're arguing about. Older versions of iOS are vulnerable, too. Apple controls the upgrade path for iOS just like Google controls it for Nexus devices; if other manufacturers don't privide patches and OS updates, that's an other-manufacturer problem, not an Andriod problem.

To clarify my point, only Apple makes iOS devices, so we have no example of how 3rd party devices would receive updates. All that exists for this is conjecture. As a result, we can not legitimately compare the update process of iOS devices with the update process of non-Nexus Android devices and pin the results on Google. Likewise, we can not compare the security of iOS devices and non-Nexus Android devices and pin those results on Google, either.

And, as a user of a fully updated Nexus device (and several Apple devices including two iPads) thats, quite conveniently, all I care to discuss.

Again, I am not here to educate you & I have signed NDAs that prevent me from talking about them or just what problems they encountered in anything but the most general terms.

Then I guess it's good that I was asking a very general question, isn't it? I'll restate, in that context: By the way, how does Marshmallow hold up? That's pretty general; yes, it's about a specific version, but if your argument boils down to "all Android versions, combined, are less secure than the current version of iOS" I'm afraid my initial comment regarding the intelligence of your posterior appears to be correct.

It's a simple concept, really; when comparing a specific property of two or more things (in this case, security), you make those things as similar as possible, and you only compare those things. iOS: only distributed by Apple. Easy, only compare with Android on Nexus devices. Latest iOS? Only compare with latest Android. iOS in default configuration? Only compare with Android in default configuration. iOS fully locked down? Only compare with fully locked down Android.

Sure, this doesn't give you a broad picture of the landscape, for that you do have to compare all iOS versions and all Android versions currently in widespread use, in aggregate; that's not what we're talking about here, though. Here, we're talking about Nexus devices, which are updated by Google directly and, as a result, will mostly be running the latest version, much like iOS devices, so the comparison should be limited thusly.

I couldn't care less that you are unable to show more control than most small children.

You must not have kids (or friends with kids). Most small kids would not have waited for you to call them by the wrong name, take an insulting tone with them, insinuate that they're in denial about something they've already openly acknowledged (head in the sand or up... where, exactly?), and refuse to address (acknowledge, hell, not even answer) their questions, before calling you a doo-doo head. I could have displayed a bit more restraint, but the name would have come out in this post anyway.

Comment Re:Why do they need ANY info? (Score 1) 416

First you have to know about it. Most people they are collecting data on don't know. Then you have ot find out how to turn it off.

Most people who don't know don't care; conversely, most who do care do know. As for finding out how to turn it off... Google it? It ain't hard.

Even before checkboxes you have to find the fucking page, moron.

Fucking Google it, moron.

They don't and you just DID attack them by lying.

Have you ever read an Apple license agreement? They do, they just don't let you see it like Google does. And why would I attack Apple? I have 2 MacBook Pros and an iPad Air, and my wife has a MacBook Pro, iPhone 6+ and iPad Air 2. Why does everyone think I'm anti-Apple? I'm not, I'm just a realist who knows how to actually read what is presented to him (e.g. Apple EULAs) and research what is not (e.g. how to disable Google features).

Comment Re:Why do they need ANY info? (Score 1) 416

they'd kept a log of every single search I'd done for at least 2 years

And you can delete that log easily.

complex UIs for turning off some features

If a series of checkboxes is too complex for you, perhaps Google is a bit beyond your comprehension. It's probably for the best that you stopped using their services.

If Apple was doing this you'd be attacking them.

Funny, they do and I'm not.

Comment Re:Why do they need ANY info? (Score 1) 416

And who said anything about a constant stream being shared with Google? Their system requiring the information does not mean their system sends any of it back to them; and even if it does, Google has always been good about allowing users to opt out of sharing any data not required for the service being provided. You've clearly never looked at Google account settings, or you'd know this.

Comment Re: Why do they need ANY info? (Score 1) 416

That's not selling search results, that's selling API access to be able to list available room/flight and rate data, there's a difference. They can't simply browse this data because nobody provides it in a browseable (e.g. without entering an infinite combination of values into a set of fields) format, mostly as a result of the technical impossibility of doing so. Providing an API for hotels and airlines to enter this data themselves, on the other hand, that's perfectly possible. They don't even charge for that access (beyond an initial setup, during which they verify identities and whatnot), so there's essentially no barrier to entry, though they do take a cut of any referrals, but that's standard practice.

If it's something more nefarious than that, where are the DOJ and FTC investigations and where is the EFF outcry?

Comment Re:Samsung != Apple (Score 1) 141

It's not like iOS was just hit with ad-blasiting malware or anything. By the way, how does Marshmallow hold up? I'm asking out of genuine curiosity, having just updated, but I'm not expecting any more from you than geneal puffery.

Also, is it the platform or the retarded skins and apps every manufacturer wants to bake into their distributions that cause most of the issues? I aske because I'm aware of a number of issues caused by Touch-Wiz and Sense. These issues don't exist for Nexus devices.

I'd apologize for calling you a dumbass but I'm still not sure if you were purposefully ignoring my admission that there are vulnerabilities in Android (just like every platform) or if you were just too dumb do see it with out having it pointed out to you. You talk a big game but can't be arsed to back it up, though, so I'm still leaning toward the latter; and I don't expect that to change for my current round of questions, either.

How much is Tim Cook paying you to soread his FUD now that iOS vulnerabilities are making a more public appearance?

What this country needs is a good five cent ANYTHING!