Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Nobody. And NSA etc. sabotage makes things worse (Score 5, Insightful) 148

by gweihir (#49377827) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?

It is bad enough as it is with most software being insecure. Sabotage only makes things a lot worse. And for what? A zero-success track-record against terrorism? Industrial espionage? Having dirt on any possible future and present President, Congress Man, Senator?

Comment: Re:So, let me get this right (Score 1) 161

by gweihir (#49373407) Attached to: Europol Chief Warns About Computer Encryption

While this sounds convincing on the surface, it is utterly false in reality. You cannot determine from the contents of communication whether some people communicating are terrorists if they have at least minimal OpSec. You can, to a degree, identify groups when you have one member, but that works regardless of encryption.

These days there are only two kinds of terrorists (disregarding the ones created by the FBI): The dead ones and those with good OpSec. Of course, there are not many of either, and the whole thing is completely blown out of proportion. By "Qui bono?" is also becomes clear why it is being blown out of all proportion: It means more money and power for various police, state security and other anti-freedom organizations. These people are habitually lying to us these days and milking the fear for all its worth.

Comment: Re:Shut uuuuup (Score 1) 161

by gweihir (#49373355) Attached to: Europol Chief Warns About Computer Encryption

No, it is not. What spooks them is ordinary citizens being able to talk without them being able to listen in. These people are pathological paranoids and very, very afraid of the general population. Terrorists are not even using email or cellphones these days, the US drone-kill "strategy" made sure of that.

Comment: Re:Shut uuuuup (Score 1) 161

by gweihir (#49373333) Attached to: Europol Chief Warns About Computer Encryption

Terrorists do not use encryption for communication. With encryption, you can still determine sources and destinations and that gets people drone-killed on the mere suspicion of being terrorists. Of course, those that survive have become smarter, as part of an ordinary evolutionary process under predator pressure.

Comment: Re:TAILS Linux WARNING v.1.3.1 (Score 1) 58

by gweihir (#49373275) Attached to: Australian Government Outlines Website-Blocking Scheme

This is TAILS. There are no guest accounts. This is not a distribution intended to be installed at all. It is intended to run from CD or (preferably write-protected) memory stick. Without jumping through major hoops, you cannot even write persistent changes to it even if is on an unprotected memory stick.

That said, if configuration changes by a legitimate user, installing of packages by legitimate user, etc. are needed to open a backdoor, then that is not a security vulnerability. For example, it just takes one small change to the tunneling config of TAILS to send clear-text messages out over the normal network. It it just takes some very small config changes to open up any Unix installation to the world. Or it just takes a very small configuration change to your car to make it exceptionally easy to steal (leave the key in the ignition and the door open). These are not security vulnerabilities.

Comment: Re:No biggie (Score 2) 58

by gweihir (#49364471) Attached to: Australian Government Outlines Website-Blocking Scheme

TOR has this as one of its project-goals. And since they are in an arms-race with the "Chinese wall" firewall, I expect TOR has quite a head-start.

Of course, it is a sign how much of a problem western governments have become these days if one seriously needs to contemplate using TOR to fight back against them.

Comment: Re:TAILS Linux WARNING v.1.3.1 (Score 4, Informative) 58

by gweihir (#49364097) Attached to: Australian Government Outlines Website-Blocking Scheme

You seem to have no clue whatsoever what you are talking about.

'tails-autotest-remote-shell' in /etc/init.d includes a rather obvious test for a kernel parameter:

if grep -qw "autotest_never_use_this_option" /proc/cmdline
                exit 0

If that parameter is missing, the script aborts. I guess you do not know how to read shell-scripts or you did not bother to even look what it does.

And 'tails-autotest-remote-shell' in /usr/local/lib is different from the file in /etc/init.d and actually the python script called from there if needed. It also includes a pretty clear and accurate statement at the start: "ATTENTION: Yes, this can be used as a backdoor, but only for an adversary with access to you *physical* serial port, which means that you are screwed any way." As this very clearly says this is a serial-port connected remote shell, I guess you did not look for one second into the file. And if you had looked and looked at the code as well, you would have seen that it does indeed only open serial port.

So, in total: This script opens a remote shell on a serial port if you give a very specific kernel-parameter on startup.

Remind me again where there is _any_ security problem here? My guess is you are just an honor-less shill spreading FUD for money to keep people from trusting TAILS.

United Kingdom

UK Licensing Site Requires MSIE Emulation, But Won't Work With MSIE 157

Posted by timothy
from the strange-circlings-back dept.
Anne Thwacks writes The British Government web site for applying for for a licence to be a security guard requires a plugin providing Internet Explorer emulation on Firefox to login and apply for a licence. It won't work with Firefox without the add-on, but it also wont work with Internet Explorer! (I tried Win XP and Win7 Professional). The error message says "You have more than one browser window open on the same internet connection," (I didn't) and "to avoid this problem, close your browser and reopen it." I did. No change.

I tried three different computers, with three different OSes. Still no change. I contacted their tech support and they said "Yes ... a lot of users complain about this. We have known about it since September, and are working on a fix! Meanwhile, we have instructions on how to use the "Fire IE" plugin to get round the problem." Eventually, I got this to work on Win7pro. (The plugin will not work on Linux). The instructions require a very old version of the plugin, and a bit of trial and error is needed to get it to work with the current one. How can a government department concerned with security not get this sort of thing right?"

Amazon Requires Non-Compete Agreements.. For Warehouse Workers 331

Posted by Soulskill
from the you-may-not-lift-and-carry-objects-for-anyone-else dept.
Rick Zeman writes: Amazon, perhaps historically only second to Newegg in the IT nerdling's online shopping heart, has not only subjected their warehouse employees to appalling working conditions, but they're also making them sign a non-compete agreement for the privilege. Here's an excerpt from the agreement: "During employment and for 18 months after the Separation Date, Employee will not, directly or indirectly, whether on Employee's own behalf or on behalf of any other entity (for example, as an employee, agent, partner, or consultant), engage in or support the development, manufacture, marketing, or sale of any product or service that competes or is intended to compete with any product or service sold, offered, or otherwise provided by Amazon (or intended to be sold, offered, or otherwise provided by Amazon in the future)."

If you think the system is working, ask someone who's waiting for a prompt.