Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:Yeah... (Score 4, Interesting) 449

My guess, based on my knowledge of regulatory requirements, is that the profile itself was actually deleted, however financial transactions all have a data retention requirement, 7 years or 5 years, I forget. So forcing men to pay to delete, results in the data about his profile being deleted, but that financial transaction tied to that process had to be kept.

Comment Re:Police state San Jose (Score 2) 258

Bad analogy, IP's are not owned by the person it is registered to at the time. It can also change over time depending on the providers DHCP setup, and ISPs keep terrible logs at times.

Your license plate, is registered to you, or at least to the owner, this is also why camera tickets are a fine, but no points, when it comes to these types of things, it is the owners responsibility to know who is in control of their vehicle, and will suffer the consequences should the person in control do something stupid. Your registration does not randomly rotate to another vehicle like an IP can to another user.

Drones.. well that's new territory, I'm sure we will come up with something, but some laws do still apply, yes the drone can take images of your property, but if the drone parks off in front of your window and records you inside, well thats peeping tom/stalker territory and there are laws that cover that.

What if I walked up and down the street in front of the Mayors house, wrote down every plate I saw for a week.. you bet your ass the cops would show up and possibly not arrest me, but definitely take me in for questioning

Comment Re:Google Maps (Score 1) 258

I'm not sure about San Jose.. but in DC (I learned this the hard way when I was ticketed for out of state plates while living there), even if your car is in your driveway, and there is a gate (obviously with a closed fence they would not be able to see it) around your property, the city can enforce all ordinances and laws while your vehicle is on your private property. The reason I kept out of state plates was I was living in DC temporarily (okay a year), but using public transport, and besides, it was registered to my mothers address, so it was still a valid address to get a hold of me if need be...

Comment Re:Police state San Jose (Score 5, Insightful) 258

It is invasive, because it allows the wholesale collection of information on people without any effort, and the create a massive database on every vehicle owners movements.

I'd be fine if they read the plates, checked whether or not it is stolen, and then dumps the data, never storing it, but we know this won't happen. They will keep the data for years. And my faith in any police force of government body has been shaken enough that I no longer trust them, and the data will ultimately be abused by someone, whether it's an officer checking up on their spouse, or a politician looking for dirt on their opponent.

No, if they want to use the garbage collection resources as a means to read plates, then have the garbage men write every plate down on paper, or manually type it into the computer. Because the city is right, on public streets there is no expectation of privacy. Back in the day, law enforcement had to do the legwork by hand, let that continue.

Comment Re:tip of the iceburg (Score 1) 157

The biggest problem I have run into (as a Security consultant for state local and federal agencies for the last 15 years), is that they won't spend the money on the "appropriate" personnel and equipment needed to secure anything. They do not see any return on investment, so budgets are shoestring. They only wake up when they themselves are compromised, no matter how many high profile ones appear in the news.

Comment Re:Shit cars marketed to fools (Score 1) 157

There is nothing wrong with the Wrangler, or Grand Cherokee, both of which use the same unconnect system, so they are potentially vulnerable as well. Same goes for any Dodge, say the Viper, Hellcat Chargers and Challengers. With the exception of the challenger, the rest are decent to great cars (I hate it for some reason).

Comment Re:Approach security the wrong way? No shit! (Score 1) 157

The problem today is that the entertainment unit is often tied into the ECU for control and metrics. Look at the Hellcat, most of the tunables (suspension, boost, breaks, even displaying key mode (red and black keys have difference performance profiles), as well as the track apps, all of that is on the uconnect system. They would need to add a completely different display and system to completely isolate the entertainment unit. While I agree this is better, the costs and complexity increase result in everything going to the one main screen. I can see within the uconnect system, isolating the entertainment functions from the apps/performance functions, then limit the cell/wireless comms to just the entertainment portion.

Comment OpenVPN (Score 1) 173

I have 3 VPS and 2 mixed networks. All of them can communicate with each other over different subnets

Make one of the VPS servers your master OpenVPN server
Connect all the other VPS, or network gateways to the Master as clients.

Make sure you advertise the routes using server side client config directives (usually in $path/openvpn/ccd/$name_of_certificate)

Problem solved.

Can even go a little more advanced, setup a vps in another country, and use static routes to make it appear like you are local when you hit certain websites (say BBC iplayer..)....

Submission + - Encryption Would Not Have Protected Secret Federal Data Says DHS writes: Sean Gallagher reports at Ars Technica that Dr. Andy Ozment, Assistant Secretary for Cybersecurity in the Department of Homeland Security, told members of the House Oversight and Government Reform Committee that in the case of the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. Ozment added that because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network. "If the adversary has the credentials of a user on the network, they can access data even if it's encrypted just as the users on the network have to access data," said Ozment. "That did occur in this case. Encryption in this instance would not have protected this data."

The fact that Social Security numbers of millions of current and former federal employees were not encrypted was one of few new details emerged about the data breach and House Oversight member Stephen Lynch (D-Mass.) was the one who pulled the SSN encryption answer from the teeth of the panel where others failed. "This is one of those hearings where I think that I will know less coming out of the hearing than I did when I walked in because of the obfuscation and the dancing around we are all doing here. As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

Submission + - U.S. lawmakers demand federal encryption requirements after OPM hack->

Patrick O'Neill writes: After suffering one of the biggest hacks in federal history at the Office of Personnel Managemen, the U.S. government is sprinting to require a wide range of cybersecurity improvements across agencies in order to better secure troves of sensitive government data against constant cyberattacks. The top priorities are basic but key: Encryption of sensitive data and two-factor authentication required for privileged users. Despite eight years of internal warnings, these measures were not implemented at OPM when hackers breached their systems beginning last year.

The calls for added security measures comes as high-level government officials, particularly FBI director James Comey and NSA director Adm. Mike Rogers, are pushing to require backdoors on encryption software that many experts, like UPenn professor Matt Blaze, say would fundamentally “weaken our infrastructure" because the backdoors would be open to hackers as well.

Link to Original Source

Comment Re:Is it unconstitutional? (Score 1) 82

No, it only prevents them from scooping up US communications, the NSA's actual mandate is to do whatever it wants outside the US, however a loophole in many of the rulings and laws allow them to practically scoop up all US communications. Close the loophole, and hopefully it would solve the problem, however I do not see that happening.

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!