Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Nothing new (Score 5, Interesting) 178

by Zardus (#49317851) Attached to: Gaming On Linux With Newest AMD Catalyst Driver Remains Slow

It's been this way for years. ATI/AMD support for Linux is unbelievably bad. nVidia support is basically perfect, with the exception of the open-source issue. In the past, I've bought a brand new (nVidia) video card, right after it was released, brought it home, and got it running under Linux, day 1, with no headaches. If you want decent Linux graphics, go nVidia.

Comment: Re:Bring it on, folks! (Score 1) 215

by Zardus (#49050203) Attached to: New Encryption Method Fights Reverse Engineering

That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.

Comment: Re:One elegant solution... is ours. (Score 2) 288

by Zardus (#46917311) Attached to: Applying Pavlovian Psychology to Password Management

I'm glad people are out there thinking about this. As I understand it, though, there are a couple of drawbacks to this specific approach.

1. The unique identifier that now allows you to be tracked across each application you use. I guess this can be solved by having multiple IDs per app. You might want to consider this.
2. "Pay per authentication"...
3. Requirement for your phone to have connectivity. While this doesn't matter most of the time, it can be important when, for example, you're traveling abroad and don't have phone service.
4. You need to be a trusted party for your users. If you're compromised, the whole system is screwed.

Other approaches, such as Google Authenticator, provide 2FA without the requirements of connectivity, trackability, trust, or payment. The only advantage (and this is also quite a weakness) that I can see with your approach is that it's probably easier to replace a lost phone; just call you guys and have you reroute the passwords to a different app. The problem is that this opens the door to social engineering attacks (see #4).

Comment: Implications! (Score 0, Flamebait) 205

by Zardus (#32190120) Attached to: UK Court Finds Company Liable For Software Defects

If this is upheld and catches on, it could have pretty horrid implications world-wide, especially with how willing people are to litigate against companies (such as Google) that are actually based in a different country but have presense in the litigator's country by virtue of internet access....

Don't be irreplaceable, if you can't be replaced, you can't be promoted.