Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Yup (Score 5, Informative) 46

Per EFF: https://www.eff.org/deeplinks/2015/09/finally-doj-reverses-course-and-will-get-warrants-stingrays/

First and foremost, without a statute or court decision giving this voluntary policy the force of law, there will be no consequences if law enforcement agents flout its terms and continue using Stingrays as they haveâ"without warrants. With only this policy shielding us, thereâ(TM)s nothing keeping warrantless Stingray evidence out of court, and therefore nothing to deter agents from behaving badly.

Comment She ain't competent (Score 1) 1

We don't claim to find everything. That fact still doesn't justify a customer reverse engineering our code to attempt to find vulnerabilities, especially when the key to whether a suspected vulnerability is an actual vulnerability is the capability to analyze the actual source code, which - frankly - hardly any third party will be able to do, another reason not to accept random scan reports that resulted from reverse engineering at face value, as if we needed one.

I strongly suspect that "the key to whether a suspected vulnerability is an actual vulnerability" is testing whether the binary performs the vulnerability. The code shows the exact details of why, but then the diagnosis is probably pretty obvious from the vulnerability (bounds check, etc).

Comment The perfect system to spy on citizens (Score 1) 1

Wi-Fi Aware devices go through a unique process of discovery and synchronization, establishing a common 'heartbeat' that enables very power efficient operation. Devices form clusters and exchange small messages about services available nearby, enabling immediate discovery.

So if every household has one Wi-Fi Aware device, it will be a massive mesh spy network.


Right now it's possible to blacklist one's TV in the router by MAC address, so it can stream AV but not phone home to the internet.

With this technology, it will be a twinge more difficult to stop the invasion of spying appliances from carrying out their tracking missions.

Comment HT is untrustworthy (Score 3, Informative) 95

Per TFA:

According to Motherboard's Lorenzo Franceschi Bicchierai, the company has sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") - even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers?

Yet, according to ]Hacking Team[ Six Confidential Whitepapers on cryptome.org, HT explicitly state on page 31

NOTE HackingTeam have no way of connecting to or receiving any information from the Customerâ(TM)s RCS installation.

So, if HT lie to their rather high powered customers about a major detail like that, what else?

Comment Oh dear (Score 1) 2

The basic idea is that HTTPS is more secure â" it stops government agencies spying on what we do and it stops man-in-the-middle attacks.

yes, more secure.

no, it doesn't stop government agencies spying on what we do, and it doesn't stop man-in-the-middle attacks. It just makes it more expensive.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen