Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Zero-days are not "back doors". (Score 1) 82 82

Re: "Unless the zero day flaw was put there intentionally, as back doors are put there intentionally, a zero day flaw is not a back door, it's just some incompetent who should be employed"
The US and UK security services have noted that difference and can shape generations of code, funding, standards, trade and competition policy.
An average company thats incompetent due to hardware and software limitations gets contracts, good press and friendly govs buy in for their own staff, education and clear standards for banking.
Thats a lot of historic power and cash to shape funding to a few US brands globally within the 5 eye nations and other friendly Western powers.
The next method is to set encryption at a level that keeps the press/other users out of a network but is 100% law enforcement friendly.
Over decades that access, funding, standards offers a perfect look down system into wider consumer networks.
https://firstlook.org/theinter...
If all that still cannot keep weak networks and plain text access try the Cybersecurity Information Sharing Act, or CISA.
Immunity to share all data with govs and mil looking for "cyber threat indicators". All that strong encryption for the network reverts to plain text at some point in the system and thats where a company will be waiting to sort domestic data.

Comment Re:How? (Score 1) 377 377

Re "And yes, "make someone else solve it" is a valid option but only if having the sites apply that solution by making the politicians the "someone else" is also a valid option."

The UK can ask the US banking system, political system and big pipe internet providers to to "fix" the pipes and payment options into the UK.
ie the ".com" just fails to load in the UK and a log is sent to some local UK authority about the access attempt.
If that fails the UK could fund US political leaders who understand the UK's gov internet request. PAC Britannia to reshape the US political landscape with people who are more understanding the UK's position long term.
Map out every .com site of interest and ensure they never get loaded in the UK?
An Integrated Cyber Policy. A series of costal super computer centres ensuring no blocked site ever reaches a UK provider under the leadership of a Cyber Supremo.

Comment Re:What about America? (Score 1) 35 35

One Nation under advertising, indivisible, with liberty and CISA for all.
Other parts of the world may want to consider what CISA will be about on any US provided connection.
Cybersecurity Information Sharing Act
"How Big Business Is Helping Expand NSA Surveillance, Snowden Be Damned" (Apr. 2 2015)
https://firstlook.org/theinter...
"A government surveillance bill by any other name is just as dangerous" (13 June 2015)
http://www.theguardian.com/com...

Comment Re:Treason - Peace on (Score 1) 107 107

West Germany needed a powerful tool to stop documents from walking that could embolden any local fascist, communist or cults that threatened emerging fragile post 1945 "democracy".
So any material could could walk out from the West/German bureaucracy or military has some powerful sanctions with none of the US wisdom with "... free press is the duty to prevent any part of the government from deceiving the people "
Upset West/German democracy and the gov has a huge bureaucracy set up just to correct that.

Comment Re:Won't or can't? (Score 4, Interesting) 107 107

It depends how Germany now understands the NSA and all its help setting up West German telco systems after WW2.
German decryption teams found gainful employment in 1945 with the UK/US TICOM https://en.wikipedia.org/wiki/... teams.
Generations of West Germans worked with the NSA and traveled to the US to view emerging US systems, hardware and other crypto systems.
That kind of generational contact has allowed the US to handle elite German crypto staff and keep them away from any domestic West/German legal or political process.
That deal with the USA gave West German total mystery over its internal and international communications networks for decades.
So a few German elected political leaders are facing the might of decades of US/German military friendship at a top level beyond German law.
Other US West German intelligence contacts can be understood from the Gehlen Organization years https://en.wikipedia.org/wiki/...

All German political parties know is their communications have been tasked by the USA even when declared safe by decades of expert West/German crypto officials.
Any inter party or elected party efforts on this topic that where discussed over a secure German network of any kind would have been intercepted.
Given the years of US/UK access to West/German political communications it would be hard to find a cleared German crypto expert who could even present the scope of what was done to German communications networks.
The clearance levels that exist in Germany for German experts would not be of any use to any committee and no German staff with US systems access would be cleared by the US to talk to anyone in Germany at any level.
The US and UK have that domestic legal staff aspect covered in an nation they 'help' :)
US security work given to local German staff out rank any domestic German legal traditions or German fact finding political settings.

Submission + - Germany won't prosecute NSA, but bloggers->

tmk writes: After countless evidence the on German top government officials German Federal Prosecutor General Harald Range has declined to investigate any wrongdoings of the secret services of allied nations like NSA or the British GCHQ. But after plans of the German secret service "Bundesamt für Verfassungsschutz" to gain some cyper spy capabilities like the NSA were revealed by the blog netzpolitik.org, Hange started an official investigation against the bloggers and their sources. The charge: treason.
Link to Original Source

Comment Re:Umm, I hope that translation is to blame. (Score 1) 35 35

Different trading companies had spice investments.
The UK had its large HMS Anderson (1941-57) sigint station and later the GCHQ had its Perkhar (1957-65) listening station (four hundred acres) in Sri Lanka.
It was one of the best sites the UK had in the Indian Ocean.

Comment Re:awkward! (Score 1) 181 181

That is because most of us understand software. We know that things often "work" in Windows only, because Windows often ignores failures or they have internal workarounds based on inside knowledge of the hardware and firmware, as well as the flaws in its implementation. It is actually quite common that something "works" in Windows and fails with Linux because Linux is following the standard / functioning properly while Windows is not, and the actual fault is with the hardware and/or Windows.

Comment Re:Really? (Score 1) 484 484

Are you on drugs. I regularly read here on Slashdot how Microsoft is a horrible company who is all about profit and doesn't actually care about security or usability except as regards to the effect it has on their bottom line. I also regularly read that Windows is a clusterfuck OS. Given that these are all facts, I would say Slashdot is one of the few places you can go on the internet to read anything sensible about Windows.

Submission + - Windows 10: A Potential Privacy Mess, and Worse->

Lauren Weinstein writes: I had originally been considering accepting Microsoft's offer of a free upgrade from Windows 7 to Windows 10. After all, reports have suggested that it's a much more usable system than Windows 8/8.1 — but of course in keeping with the "every other MS release of Windows is a dog" history, that's a pretty low bar.

However, it appears that MS has significantly botched their deployment of Windows 10. I suppose we shouldn't be surprised, even though hope springs eternal.

Since there are so many issues involved, and MS is very aggressively pushing this upgrade, I'm going to run through key points here quickly, and reference other sites' pages that can give you more information right now.

But here's my executive summary: You may want to think twice, or three times, or many more times, about whether or not you wish to accept the Windows 10 free upgrade on your existing Windows 7 or 8/8.1 system.

Link to Original Source

Submission + - CISA: the dirty deal between Google and the NSA that no one is talking about->

schwit1 writes: It's hard to find a more perfect example of this collusion than in a bill that's headed for a vote soon in the U.S. Senate: the Cybersecurity Information Sharing Act, or CISA.

CISA is an out and out surveillance bill masquerading as a cybersecurity bill. It won't stop hackers. Instead, it essentially legalizes all forms of government and corporate spying.

Here's how it works. Companies would be given new authority to monitor their users — on their own systems as well as those of any other entity — and then, in order to get immunity from virtually all existing surveillance laws, they would be encouraged to share vaguely defined "cyber threat indicators" with the government. This could be anything from email content, to passwords, IP addresses, or personal information associated with an account. The language of the bill is written to encourage companies to share liberally and include as many personal details as possible.

That information could then be used to further exploit a loophole in surveillance laws that gives the government legal authority for their holy grail — "upstream" collection of domestic data directly from the cables and switches that make up the Internet.

Link to Original Source

Comment Re:Different approach (Score 1) 76 76

A fence, trusted staff on site, limited internal networks that are not connected to the outside world works well and are not that expensive.
But that wont get a cyber security contract long term to "fix" the system after every expensive logged intrusion.
The new networks have one good plus, wealth creation for the support, upgrade aspect.

Comment Re:Obligatory "why" post (Score 1) 76 76

So one cheap engineer can watch diverse networks rather than a vast unionized on site workforce per shift, every shift.
In the past low skilled staff would have to be in place, drive to or be on site 24/7.
The cost savings add up for the brand but the quality of the network installed expected correct commands on a private network not a network open to the world.
Years later all the limited networks open to the "net" per nation have been transversed and studied by a long list of people and other nations.
The "why" was to get costs down and remove staff while staying compliant with less on site experts.
It works but for the "internet" been allowed in as part of the trusted network.

Bus error -- please leave by the rear door.

Working...