Forgot your password?
typodupeerror

+ - Ask Slashdot: After TrueCrypt->

Submitted by TechForensics
TechForensics (944258) writes "(Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?"

Link to Original Source

Comment: Re:Interesting... (Score 1) 133

by Kadin2048 (#45874339) Attached to: UK Company Successfully Claims Ownership of "Pinterest" Trademark

In the US, trademarks only extend as far as someone might be confused by their use. It's not a hard black and white line, but you can use "Word" if you wanted to, in an unrelated industry from Microsoft's, provided that nobody thought that customers might be confused and think that your product was, or was in some way related to, Microsoft's. (Obviously since Microsoft is such a big company and does so much stuff, this might be harder than if they were purely in the word processing business.)

A good example is Apple Records vs Apple Computer Corp. There was a lot of argument that went back and forth as to whether Apple Computers might be confused with Apple Records -- which seemed ridiculous at the time, because why would Apple Computer ever get into the music business? So they worked it out and came to a settlement to stay out of each other's turf. That happens very frequently. (It got interesting when Apple-the-computer-company decided to get into the music business; my understanding is that they made Apple Records an offer they couldn't refuse.)

And given how ubiquitous Microsoft's products are -- love them or hate them -- the breadth of their trademarks are probably not unreasonable. A no-name company ought not be able to assert a trademark with any similar breadth, because there's so little chance of confusion.

Comment: Re:Use it or lose it (Score 1) 133

by Kadin2048 (#45874279) Attached to: UK Company Successfully Claims Ownership of "Pinterest" Trademark

Well they are registered in the .com TLD, which is basically United States namespace, so it would make sense that US trademark law would apply at least in terms of the domain name. I doubt some European company would be able to convince a US court to order Verisign to turn over the domain to them.

So at worst, I would think that Pinterest could continue to operate under the "Pinterest.com" domain name; the challenge would be whether they want to advertise in the European market, which might be prohibited without changing their name.

Comment: Re:What is Bruce Schneier's game? (Score 1) 397

If the NSA were to require them to install a secret backdoor then the NSA would be compromising the security of all of their government customers because they don't sell two different versions of their software, it is the same for all customers.

Unless the product has been certified for use with classified information, that's not much of an assurance. The government has its own internally-developed tools -- which presumably it has confidence in (SIPRNet, etc.) -- for protecting information that it deems sensitive. The NSA might well decide that subverting a commercial tool is worth the risk of compromising something that's used by the government, but only in relatively trivial ways.

I don't know enough to impugn Zimmerman et al, but I don't think "it's used by the government!" is necessarily a great seal of approval, unless it's a formal certification (e.g. NSA Type 1 listing) saying that it can be used to protect classified information. And I'm not aware of any COTS software products that are on the Type 1 list; the NSA only approves particular hardware implementations (at least that I've seen, though I'm happy to be corrected although I'd be surprised).

+ - 3D Space Epic Game Released on Linux->

Submitted by Anonymous Coward
An anonymous reader writes "Salvation Prophecy has space ship dog-fights, planetary battles, alien planets to explore, and a command room to order new colonies, space stations, and military attacks. The linux port is solid, and supports full screen, a variety of input devices (keyboard-mouse, joystick, gamepad), and plays really smooth on any reasonably modern mid-level video card."
Link to Original Source
Security

+ - Ask Slashdot:How to protect a text document 6

Submitted by Jason1729
Jason1729 (561790) writes "I have been ordered by judge to release a large amount of material in "electronic format". Typically it's only available as paper copies which are sold on copy protected paper. Illegal copying of this material has become rampant and a group of lawyers obtained the court order by claiming it would be easier for them to access the material on a computer screen rather than hard copy. It is fairly clear they intend to print and share the single copy rather than paying for certified copies.

I'm looking for a technological solution that will allow me to distribute the documents (with word processing formatting in tact), in "electronic format", complying with the letter of the court order, but also make it impossible or as difficult as possible to print the documents or share the electronic version.

I'd rather not get into a discussion on the morality of copyright as the cost to produce the material was far greater than the single copy price and had I known I'd be facing this court order, I'd have refused to create it to begin with. Total demand is around 5 copies and getting 20% of that means losing a lot of money."

+ - Computer Repair Company Takes Revenge on Devious Customer-> 3

Submitted by herrshuster
herrshuster (2839577) writes "Nerds on call, a small computer repair company, was sued for $500,000 dollars by a customer claiming that they had lost critical information in his litigation. But when they looked into his history, they found this was not the first time he had tried to get money from a company through either his own error or ignorance: http://blog.oregonlive.com/complaintdesk/2011/07/when_store_clerks_give_advice.html In retaliation, they posted an explanation of the circumstances on their site that totalled more than 17,000 words in an attempt to google-bomb his name. Their closing statement: "In the end we won’t label him a scam artist, or assume he had nefarious intent, however, we will let the entire history of our interactions with him stand on their own.""
Link to Original Source
Censorship

+ - article critical of Microsoft pulled from forbes.com->

Submitted by darkeye
darkeye (199616) writes "An article titled 'Sell Microsoft NOW! Game Over — Ballmer Loses' (http://www.forbes.com/sites/adamhartung/2013/01/20/sell-microsoft-now-game-over-ballmer-loses/) by Adam Hartung has been pulled from forbes.com. The article is still available via the Google WebCache here: http://webcache.googleusercontent.com/search?q=cache:Z07qoZSJTV8J:www.forbes.com/sites/adamhartung/2013/01/20/sell-microsoft-now-game-over-ballmer-loses/
  . While Microsoft is clearly on the decline, it seems it still has for enough reaching hands to sensor content on a major publication like Forbes."

Link to Original Source
Businesses

+ - How corruption is strangling US Innovation-> 1

Submitted by
hype7
hype7 writes "The Harvard Business Review is running a very interesting piece on how money in politics is having a deleterious effect on US innovation. From the article:

if you were in any doubt how deep inside the political system the system of contributions have allowed incumbents to insert their hands, take a look at what happened when the Republican Study Committee released a paper pointing out some of the problems with current copyright regime. The debate was stifled within 24 hours. And just for good measure, Rep Marsha Blackburn, whose district abuts Nashville and who received more money from the music industry than any other Republican congressional candidate, apparently had the author of the study, Derek Khanna, fired. Sure, debate around policy is important, but it's clearly not as important as raising campaign funds.

"

Link to Original Source
Input Devices

+ - Razer Mouse Crippled Without Online Activation

Submitted by jones_supa
jones_supa (887896) writes "At Overclock.net forums, nickname channelx99 tells a story about a frustrating obstacle when he begun to use a Razer Naga mouse. A software is required to enable the full functionality of the mouse. The user was greeted by a login screen which couldn't be bypassed, and even worse, the account creation didn't work at the time. It turned out that the Razor activation server was down. As result, channelx99 was left out in the cold, and he wraps up 'Nowhere on the box does it say anything about needing an internet connection to "activate" a mouse. If the servers go down in the future, anyone who buys this mouse is out of luck.'"
Piracy

+ - Heavy metal band does not support label's decision to prosecute pirates->

Submitted by
hessian
hessian writes "“It has come to my attention that Century Media is suing fans over illegal downloads of (among others) our latest album ‘Dystopia’. I felt it was important to clarify that we had no knowledge of this motion and were, sadly, not asked permission.

  We all know the music industry is changing. We have been adapting to this model by embracing legal streaming services such as Spotify and by bringing our music to places we have never played before by touring our proverbial asses off.

  As much as we respect that the labels are having a harder time selling music, we feel this is a misguided effort and want to make sure our fans know we would have not given our consent would we have been asked.”"

Link to Original Source

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...