Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Nobody. And NSA etc. sabotage makes things worse (Score 5, Insightful) 148

by gweihir (#49377827) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?

It is bad enough as it is with most software being insecure. Sabotage only makes things a lot worse. And for what? A zero-success track-record against terrorism? Industrial espionage? Having dirt on any possible future and present President, Congress Man, Senator?

Comment: Re:So, let me get this right (Score 1) 161

by gweihir (#49373407) Attached to: Europol Chief Warns About Computer Encryption

While this sounds convincing on the surface, it is utterly false in reality. You cannot determine from the contents of communication whether some people communicating are terrorists if they have at least minimal OpSec. You can, to a degree, identify groups when you have one member, but that works regardless of encryption.

These days there are only two kinds of terrorists (disregarding the ones created by the FBI): The dead ones and those with good OpSec. Of course, there are not many of either, and the whole thing is completely blown out of proportion. By "Qui bono?" is also becomes clear why it is being blown out of all proportion: It means more money and power for various police, state security and other anti-freedom organizations. These people are habitually lying to us these days and milking the fear for all its worth.

Comment: Re:Shut uuuuup (Score 1) 161

by gweihir (#49373355) Attached to: Europol Chief Warns About Computer Encryption

No, it is not. What spooks them is ordinary citizens being able to talk without them being able to listen in. These people are pathological paranoids and very, very afraid of the general population. Terrorists are not even using email or cellphones these days, the US drone-kill "strategy" made sure of that.

Comment: Re:Shut uuuuup (Score 1) 161

by gweihir (#49373333) Attached to: Europol Chief Warns About Computer Encryption

Terrorists do not use encryption for communication. With encryption, you can still determine sources and destinations and that gets people drone-killed on the mere suspicion of being terrorists. Of course, those that survive have become smarter, as part of an ordinary evolutionary process under predator pressure.

Comment: Re:TAILS Linux WARNING v.1.3.1 (Score 1) 58

by gweihir (#49373275) Attached to: Australian Government Outlines Website-Blocking Scheme

This is TAILS. There are no guest accounts. This is not a distribution intended to be installed at all. It is intended to run from CD or (preferably write-protected) memory stick. Without jumping through major hoops, you cannot even write persistent changes to it even if is on an unprotected memory stick.

That said, if configuration changes by a legitimate user, installing of packages by legitimate user, etc. are needed to open a backdoor, then that is not a security vulnerability. For example, it just takes one small change to the tunneling config of TAILS to send clear-text messages out over the normal network. It it just takes some very small config changes to open up any Unix installation to the world. Or it just takes a very small configuration change to your car to make it exceptionally easy to steal (leave the key in the ignition and the door open). These are not security vulnerabilities.

Comment: Re:No biggie (Score 2) 58

by gweihir (#49364471) Attached to: Australian Government Outlines Website-Blocking Scheme

TOR has this as one of its project-goals. And since they are in an arms-race with the "Chinese wall" firewall, I expect TOR has quite a head-start.

Of course, it is a sign how much of a problem western governments have become these days if one seriously needs to contemplate using TOR to fight back against them.

Comment: Re:TAILS Linux WARNING v.1.3.1 (Score 4, Informative) 58

by gweihir (#49364097) Attached to: Australian Government Outlines Website-Blocking Scheme

You seem to have no clue whatsoever what you are talking about.

'tails-autotest-remote-shell' in /etc/init.d includes a rather obvious test for a kernel parameter:

if grep -qw "autotest_never_use_this_option" /proc/cmdline
then
                :
else
                exit 0
fi

If that parameter is missing, the script aborts. I guess you do not know how to read shell-scripts or you did not bother to even look what it does.

And 'tails-autotest-remote-shell' in /usr/local/lib is different from the file in /etc/init.d and actually the python script called from there if needed. It also includes a pretty clear and accurate statement at the start: "ATTENTION: Yes, this can be used as a backdoor, but only for an adversary with access to you *physical* serial port, which means that you are screwed any way." As this very clearly says this is a serial-port connected remote shell, I guess you did not look for one second into the file. And if you had looked and looked at the code as well, you would have seen that it does indeed only open serial port.

So, in total: This script opens a remote shell on a serial port if you give a very specific kernel-parameter on startup.

Remind me again where there is _any_ security problem here? My guess is you are just an honor-less shill spreading FUD for money to keep people from trusting TAILS.

Comment: Re:But! (Score 2) 404

by gweihir (#49352413) Attached to: Millennial Tech Workers Losing Ground In US

Incompetence and only be fully developed and utilized to its maximum potential if it is paired with arrogance, as otherwise people could utilize undesirable insights into their own skills (or rather lack thereof) as motivator to increase their competence level. One of the tried-and-true ways of establishing arrogance is fostering high self-esteem that is not founded in accomplishments, but in the believe that everybody can and should regard themselves as highly valuable, regardless of whether they have actually accomplished something.

Makes me wonder whether this drive to give young people high self-esteem is actually a coordinated attempt to sabotage education and self-improvement.

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...