Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:Cardholder services (Score 2) 230

by TheCarp (#48883741) Attached to: Dish Network Violated Do-Not-Call 57 Million Times

> Likewise, when scammers call me up about my [insert model year] [insert make] [insert model] and how my
> warranty is up, I ask them to name my warranty company

I had fun with these guys once. I was tired of hanging up on them so I decided to hang on the line and try to get info out of the guy after they thought they might have me. So I get put on with this guy who....asks about my car!

Lol the audacity to claim my warranty was expiring then to not even know what kind of car I have? wow. So I told them.... a 1992 bucik lesaber (this was about 5 years ago so almost a 20 year old car, and one I never owned). and I ask "oh btw what company is it you work for" I forget now, but I wrote it down and then told him, thanks for the info now you can add me to your do not call list. :)

Despite that, he saved the car info, and I started getting calls about my 1992 buick lesaber!

Comment: Re:Well, the king wouldn't abuse it, so... (Score 1) 289

by TheCarp (#48863985) Attached to: Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

Sure while it is strictly correct that it can happen and does happen, it certainly doesn't happen with nearly the frequency which it should, which is, every single time. These events are such a rarity that we really may as well ignore the few times it happens since its not significant compared to the magnitude of the problem.

Comment: Re:Well, the king wouldn't abuse it, so... (Score 1) 289

by TheCarp (#48859089) Attached to: Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

Oh I fully agree, in no way did I mean to imply that throwing out the evidence was wrong..... its the best thing you can do under the circumstance and the only proper way to handle in within the context of the original case.

My comment is 100% aimed at the lack of followup and the lack of any even attempt to prevent the issue beyond hiding the truth of the matter and avoiding dealing with it.

Its correct to toss out such evidence, its incorrect to not treat the criminal searches as a crime.

Comment: Re:Didn't we have this discussion... (Score 1) 289

by TheCarp (#48858687) Attached to: Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

Honestly, dogs shouldn't even be used except in certain situations, for the post part, their findings should be as inadmissable as a polygraph because; and I want to be clear IN THE WAY THEY ARE COMMONLY USED they are little more than a prop.

The reason for this is while, they have excellent snouts, they are even better at playing clever hans.

So if you have an endless line of luggage to check, or lines of random cars waiting.... that is, situations where the handler himself has no reason to suspect anything in any particular place, dogs perform quite well, they are excellent sniffers.

However, its been shown that in cases where there is any suspicion at all on the part of their handler, that a dogs false positive rate goes through the roof to the point that they actually "hit" on nothing more than their handlers pre-existing suspicion more often than not.

Essentially maning, dogs are worst than useless in the most common use cases, and really work best in the rather uncommon cases of tracking and large scale checkpoints; and have little to no place at all anywhere else.

Comment: Re:With taxes you buy civilization, remember? (Score 1) 289

by TheCarp (#48858573) Attached to: Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

> Huh, controversial use of tax dollars (and a very small percentage of tax dollars) implies that all taxes are bad? I
> didn't realize we took the worst reported use as the standard use.

Not sure standard case works either. Non-controversial uses of tax dollars should not be allowed to justify or excuse the less standard and more abusive ones. If taxes pay for abusive uses then taxes are bad. This is a standard that is appropriate and every single person whose actions are representative of the people who take taxes should be reminded of it and should feel the full force of that dire responsiblility.

Yes an illegal search in some way invalidates taxes because.... it is a violation of the very rights that this government was founded to uphold, and ALL other functions are secondary to imposing those limits on itself.

Comment: Re:Well, the king wouldn't abuse it, so... (Score 3, Interesting) 289

by TheCarp (#48858289) Attached to: Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

> I expect to see hundreds of law enforcement officials going to jail.

If that is what you expect, then you are going to have a very bad time. Police only occasionally go to prison and it really takes extraordinary circumstances. We know incidents of illegal searches happen, we know that because evidence gets excluded at trial, yet, only 10% of people who are convicted actually even go to trial.... yet in that sampling, we find illegal searches.

Now, do police get charged with a crime for an illegal search? The constitution itself garauntees us freedom from searches without due process, not freedom to have the evidence tossed out in court, so far, only part of that is being upheld....where is there ANY attempt being made to ensure that illegal searches NEVER EVEN HAPPEN IN THE FIRST PLACE?

I see no attempt being made. If anything, all I see is attempts to do end runs around our rights and limit exposure of the truth.

Comment: Re:Locked Homes are Next? (Score 1) 372

by TheCarp (#48857553) Attached to: FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN

> And what proof do you have of that? What assurances do you have they don't abuse this?

Yup and, what evidence would exist if they did abuse it? None at all. This is something that, if they have it, the ONLY protection we have for our privacy is to hope they don't abuse it; or if they do abuse it, that they meticulously log their abuses.

How would you ever know that a legitimate warrant was not proceeded by other scans, which were then used to manufacture a believable story with which to gain the warrant? Hell, with police actually defending the practice already as "Parallel construction", we can't really trust them at all.

Comment: Can you say stingray? (Score 1) 55

by TheCarp (#48855883) Attached to: Researchers Use Siri To Steal Data From iPhones

> On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the
> modified Siri traffic.

So basically, its useful if you can run a stingray and most effective against more sophisticated users who jailbreak their phones (yet still use siri). Nice, real nice.

Comment: Re:Dewhat? (Score 1) 150

by TheCarp (#48855787) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

I know I am a little late to the reply but...

> I prefer a wireless keyboard with a USB dongle that acts as a standard keyboard, thank you.

which is exactly what I prefer too but, which is why I say, ditch the driver. The driver is just one more place your scheme can be compromised, clearly the solution is to have the dongle capable of pairing without PC participation beyond, (possibly) providing power.

Comment: Re:This could be fun.... (Score 2) 164

by TheCarp (#48812511) Attached to: Man Saves Wife's Sight By 3D Printing Her Tumor

Often I think it comes less down to the FDA and more to the interpretation. If you are a hospital using a device that comes with a certification from a vendor saying that you have to buy their drives to maintain certification, a few hundred bucks extra isn't worth the risk of it not being a bluff.

When I was working for a hospital we had a box running an ancient version of rhel (AS 2.1 if I remember) that the vendor swore could not be upgraded or security patched because of fda certs. What did we do? We made an exception.

Comment: Re:Dewhat? (Score 1) 150

by TheCarp (#48807915) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

Which is all the more reason why system designers really should consider themselves as having a duty to care for them. The vast majority of users are not experts and any risks they expose themselves to in using the product really are things they can't be expected to understand. So products intended for non-professional markets especially; should really be designs to not expose inexpert users to risks as much as possible.

Comment: Re:Dewhat? (Score 1) 150

by TheCarp (#48807375) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

> Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means
> you need enough logic to run the LCD screen and the pairing stuff.

oooh I have been thinking about this.... I think it can be done even easier and cheaper.

Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing. Just plug the dongle into the device, and press a button, they can do a key negotiation over their local USB connection. No LCD needed, maybe.... an LED and a button.

That should put an easy end to easy sniffing. Course if someone is coming into your house and plugging shit into the wall, maybe they can just replace your whole keyboard too.... fake the dongle and keyboard into each pairing with his device and MiTM you? or wholesale replace yours with his lookalike.... but, its certainly not casual sniffing at that point.

Comment: Re:Dewhat? (Score 1) 150

by TheCarp (#48807313) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

In the future keyboard designers should make the protocol more configurable so that on casual observation it is not so easy to determine what packets are data

Thats a very common misconception, but the fact is that is pretty exactly what they should NOT do.

Specifically that is, they should not even attempt to design their own method of securing the data. They should use fairly standard, well tested, modules produced by professional cryptographers. Full stop. These are solved problems, and there are several very well researched and well designed techniques for solving these issues.

There is always room for more such techniques but, to think that some engineer working on a keyboard is going to design one that is even as good as what we have as just....a submodule of his project is just not realistic.

Choose a solution for authentication/key negotiation....choose a cipher. Go back to designing the keyboard itself. That really is the best part.... since its a solved problem.... it really isn't a huge level of effort to fix correctly.

Plus its a keyboard...a "pairing" could be as simple as flipping a switch into pairing mode, then typing some text that shows on the screen of the device pairing with it. Its not like its some headset with only 2 buttons.

Are we running light with overbyte?

Working...