Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - XKEYSCORE: NSA'S Google for the World's Private Communications->

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."

also

"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

Link to Original Source

Comment: iOS users feel it (Score 1, Insightful) 305 305

I currently have a web radio transceiver front panel application that works on Linux, Windows, MacOS, Android, Amazon Kindle Fire, under Chrome, Firefox, or Opera. No porting, no software installation. See blog.algoram.com for details of what I'm writing.

The one unsupported popular platform? iOS, because Safari doesn't have the function used to acquire the microphone in the web audio API (and perhaps doesn't have other parts of that API), and Apple insists on handicapping other browsers by forcing them to use Apple's rendering engine.

I don't have any answer other than "don't buy iOS until they fix it".

Comment: Re:Randomness can't come from a computer program (Score 1) 64 64

Most of us do have a need to transmit messages privately. Do you not make any online purchases?

Yes, but those have to use public-key encryption. I am sure of my one-time-pad encryption because it's just exclusive-OR with the data, and I am sure that my diode noise is really random and there is no way for anyone else to predict or duplicate it. I can not extend the same degree of surety to public-key encryption. The software is complex, the math is hard to understand, and it all depends on the assumption that some algorithms are difficult to reverse - which might not be true.

Comment: Re:Bad RNG will make your crypto predictable (Score 2) 64 64

The problem with FM static is that you could start receiving a station, and if you don't happen to realize you are now getting low-entropy data, that's a problem.

There are many well-characterized forms of electronic noise: thermal noise, shot noise, avalanche noise, flicker noise, all of these are easy to produce with parts that cost a few dollars.

Comment: Randomness can't come from a computer program (Score 2, Interesting) 64 64

True randomness comes from quantum mechanical phenomena. Linux /dev/random is chaotic, yes, enough to seed a software "R"NG. But we can do better and devices to do so are cheap these days.

I wouldn't trust anything but diode noise for randomness. If I had a need to transmit messages privately, I'd only trust a one-time pad.

Comment: Re:I'm spending 60% of my monthly income on rent (Score 1) 939 939

Communism has been tried on a large scale - see Mao's Great Leap Forward.

Nope. That was a totalitarian socialist program pushing a collectivism that didn't work. Communism is a post-scarcity society and obviously scarcity was the thing Mao produced best.

Comment: Re:What's the score now? (Score 1) 77 77

I didn't actually work on GPUs very much at Pixar, the image computer I worked on was the grandfather of the SIMD image processing instructions on modern CPUs. What would become a GPU later on was a very expensive box from Silicon Graphics, I had one that cost at least a quarter Million dollars.

Comment: Re:What's the score now? (Score 5, Interesting) 77 77

If they actually told us how to program their microengines, something good might come of it. But they'll probably just BSD-license a list of numbers, as others have.

I liked writing bit-slice microcode at Pixar. I really could get every last bit of power out of the hardware.

Comment: Re:I'm spending 60% of my monthly income on rent (Score 4, Insightful) 939 939

Maybe you should learn what communism is before calling anyone "commiefriend". (Which I have to say, is really repulsive. It's sort of like picking your nose over the internet.) I think you are discussing the difference between lasiez-faire ecomomics and regulated markets. Communism is a very great difference in scale from that. And it's never been tried on a national scale just as "free market" has never been tried because there are always economic biases that make it impossible. What there has been so far is socialism.

Comment: Re:I'm spending 60% of my monthly income on rent (Score 1) 939 939

I think you're missing the fundamental economic issue that drives all of this. It's the provision of essentially infinite amounts of credit. This is done by government, not banks. Essentially all home loans come from Fannie Mae or Freddie Mac, banks and finance companies are really just front-ends for them and sell their loans to the government once financed.

Given infinite credit, any scarce but necessary resource is going to be bid to absurd values.

It is by no means being a hippie to assert that government should not distort the market for credit, and to expect that urban and suburban land values would return to more realistic rates once the distortion was removed. Too bad that lots of people have already invested in unrealistic land values. They would have to lose.

A language that doesn't affect the way you think about programming is not worth knowing.

Working...