Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: An SS7 coder writes... (Score 1) 80

The comments above about SS7 being designed without security are spot-on. In the old days, access to the SS7 network was strictly for big players and salesmen with 'extremely customer-friendly' expense accounts. Basically, anyone with access was a big player (with all the baggage that entails).

Really, the issue here is with MAP (an add-on to SS7 to support mobiles). The explosion of mobile means SS7 is no longer just the playing field for national carriers - mobile-only operators came to the party (still all $xbillion players). Then, smaller countries with some interesting networks came on the scene, and rather naughty SS7 traffic started to appear on the network.

Smarter operators (or at least bigger ones who got their fingers burnt) spent money to install gateways that limit and control their exposure (wouldn't you?). The less clueful/more cash-strapped/networks in less-developed countries remain more exposed.

Anyone interested can search for 'SS7 mobility management' ; the <a href="http://www.informit.com/library/content.aspx?b=Signaling_System_No_7&seqNum=116">code is easy</a>, the issue is getting access to the network.

Oh, wait, these days SS7 is being routed over IP now (ever wondered what the <a href="http://lksctp.sourceforge.net/">linux SCTP module</a> is actually for?).

Comment: Re:C is very relevant in 2014, (Score 1) 641

by hazeii (#48556191) Attached to: How Relevant is C in 2014?
And C++ doesn't? (cited as it was mentioned as something better).

Any high-level language is an elaboration on the underlying reality. C is closer to whats really going on than its offspring (a simple consequence of it being built at the time we were learning to drive computers effectively).

Really, the argument is about teaching people how to drive when they don't know what's going on under the hood. How many people these days care about that? Like your average programmer, they just want to get from A to B.

Comment: Systemd is great because... (Score 1) 928

by hazeii (#48281903) Attached to: Ask Slashdot: Can You Say Something Nice About Systemd?

The killer advantage of systemd is the money it makes. By integrating this software into our distro, we can be sure that any business using linux will take one look at the complexity, binary logs, and other great features and realise they really need to pay for a support contract. You see, this fixes the problem of the old, really lame (simple, yuk!) systems that have been around for years - anyone with a bit of shell knowledge can learn them in a few minutes, and it's really hard to make money when kids with some computing knowledge can sort system problems out. No, in order to convince customers that support contracts are necessary we need to replace the easy, working stuff with something we invented, something far richer, something that we can integrate into the system and which gives us addtional control. With this approach, we can effectively neutralise all those damn people who can learn how the system works in their spare time. Just make it so complex, only paid professionals can afford to flail about fixing things! As is clear, systemd fits that bill perfectly (along with pulseaudio and a nod to udev). Never mind all those whining ninnies (hey, tell them to go pay for a support contract if they want to use linux). What really matters here is the benefit to the bottom line - just remember, people, complex crap sells support contracts!

In summary, systemd is great on other's people machines - when you'd getting paid by the hour!

+ - Breaching air-gap security with radio->

Submitted by Anonymous Coward
An anonymous reader writes "Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method (“AirHopper) for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone.The published paper and a demonstration video are in the link."
Link to Original Source

+ - How to Unbrick your Device after FTDIgate->

Submitted by RJ31337
RJ31337 (3895467) writes "So, as we all know by now, FTDI decided to pull a dirty little trick to brick devices using "non-genuine" FTDI Chips by changing their PIDs to 0000, rendering them effectively useless. However, with access to a Linux machine (In our case Ubuntu 13.04) We have found a method to reverse the process and turn the PID back to 6001, making the device perfectly useable again!

We know we shouldn't have to do this, but what choice have they given us ay guys?"

Link to Original Source

+ - Secret policy allows GCHQ to bulk NSA data 1

Submitted by hazeii
hazeii (5702) writes "Though legal procedings following the Snowden revelations, Liberty UK have succeeded in forcing GCHQ to reveal secret internal policies allowing Britain's intelligence services to receive unlimited bulk intelligence from the NSA and other foreign agencies and to keep this data on a massive searchable databases, all without a warrant. Apparently, British intelligence agencies can "trawl through foreign intelligence material without meaningful restrictions", and can keep copies of both content and metadata for up to two years. There is also mention of data obtained "through US corporate partnerships".

According to Liberty, this raises serious doubts about oversight of the UK Intelligence and Security Commitee and their reassurances that in every case where GCHQ sought information from the US, a warrant for interception signed by a minister was in place.

Eric King, Deputy Director of Privacy international, said:

“We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ's database and analysed at will, all without a warrant to collect it in the first place. It is outrageous that the Government thinks mass surveillance, justified by secret “arrangements” that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful. This is completely unacceptable, and makes clear how little transparency and accountability exists within the British intelligence community.”"

Comment: News today: UK wants driverless buses (Score 1) 287

by hazeii (#48214959) Attached to: Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

Interestingly, there's a report in the Telegraph today suggesting that driverless buses could be on the roads in the UK pretty soon.

On the one hand, this makes sense - the complexity of the problem is reduced with a vehicle following a pre-programmed route.

On the other hand, I'm deeply sceptical - taking the assumption that such vehicles would have to be super-safe to be accepted, I can see a spate of teens having fun baiting autobuses into emergency stops. Oh, and cyclists will totally rule the roads - get in front of a bus and pedal as slow as you like.

+ - After Negative User Response, ChromeOS To Re-Introduce Support For Ext{2,3,4}

Submitted by NotInHere
NotInHere (3654617) writes "Only three days after the large public has known about ChromeOS to disable ext2fs support for external drives, and linux users voiced many protests on websites like reddit, slashdot, or the issue tracker, the ChromeOS team now plans to support it again. To quote Ben Goodger's comment:"

Thanks for all of your feedback on this bug. We’ve heard you loud and clear.

We plan to re-enable ext2/3/4 support in Files.app immediately. It will come back, just like it was before, and we’re working to get it into the next stable channel release.""

Comment: Re:"Emergency" laws. (Score 1) 147

by hazeii (#47427105) Attached to: UK Gov't Plans To Push "Emergency" Surveillance Laws

And the reason this was *scheduled* for news release today?

Because there was a public sector strike too (they knew which would get the TV headlines).

Plus the lame nods about "sunset" clause (yeah right) and reviews of RIPA (yeah, heard that one before).

What do the people of this fine land think?

Well, you only need to start reading the comments to see.

+ - UK government to rush in emergency surveillance laws-> 2

Submitted by beaker_72
beaker_72 (1845996) writes "The Guardian reports that the UK government has unveiled plans to introduce emergency surveillance laws into the UK parliament at the beginning of next week. These are aimed at reinforcing the powers of security services in the UK to force service providers to retain records of their customers phone calls and emails. The laws, which have been introduced after the European Court of Justice (ECJ) ruled that existing laws invaded individual privacy, will receive cross-party support and so will not be subjected to scrutiny or challenged in Parliament before entering the statute books. But as Tom Watson (Labour backbench MP and one of few dissenting voices) has pointed out, the ECJ ruling was six weeks ago, so why has the government waited until now to railroad something through. Unless of course they don't want it scrutinised too closely."
Link to Original Source

+ - UK media now allowed to report secret trials.

Submitted by hazeii
hazeii (5702) writes "Following some pretty heroic efforts here in the UK, we are now allowed to know a secret trial is taking place. We aren't allowed to know who is being tried, or for what (except it's "terrorism related"). And the media are still barred from reporting the outcome (even if the unnamed defendants "AB" and "CD" are found innocent).

More from the BBC, the Guardian, and plenty of other sources."

Possessions increase to fill the space available for their storage. -- Ryan

Working...