Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Safe just from prying eyes? (Score 5, Interesting) 155

Governments can indeed ask for some data, using subpoena or in the case of the US "National Security Network." But for that, they have to actually ask, and the request has to be targeted, naming for example a specific individual. The NSA and the GCHQ were not content with that, they wanted to grab "everything," so instead of the legal channels they used a hack. The hack was to spy on the internal network of Google, and of other services as well, because these internal exchanges were not encrypted.

According to Eric Schmidt, now they are. This is absolutely good news. It is also exactly what the Electronic Frontier Foundation is asking web services to do. You can check the relative state of Google and other services according to the EFF at: https://www.eff.org/deeplinks/....

Comment: Re:Encrypt everything. (Score 3) 145

by louarnkoz (#45314939) Attached to: GCHQ, European Spy Agencies Cooperate On Surveillance

End to end encryption is the only answer here. Maybe instead of relying on server certificates, which could be compromised, do the reverse -- the client certificate is used to secure the connection. That way everyone can use a CA (or even issue their own) that they trust. ...

Have you looked at the work going on in the IETF and other places to deploy "perfect forward secrecy?" The idea is to use a Diffie-Hellman exchange to negotiate a random key, and then only use the server certificate to prove the server's identity and knowledge of the key. Pretty much the same result as client certificates, easier to deploy, and with the added advantage that even if the server's key is compromised, the sessions' keys remain secret.

+ - Corruption Allegations Rock Australia's CSIRO->

Submitted by Anonymous Coward
An anonymous reader writes "Australia's premiere government research organisation the CSIRO has been rocked by allegations of corruption including fraud against drug giant Novartis, dishonesty with 60 top-class scientists bullied or fired, illegally using intellectual property, faking documents and unreliable testimony to judicial officers, but CSIRO Boss Megan Clark has refused to discipline the staff responsible and the federal police don't want to get involved. Victims are unimpressed and former CSIRO scientists are calling for an inquiry."
Link to Original Source

Comment: Re:Sob story, but ultimately lacking. (Score 1) 267

by louarnkoz (#42932901) Attached to: Do Patent Laws Really Protect Small Inventors?
He could not in fact patent something as broad as 'a mechanism for generating electrical energy from human input' because such mechanisms have been around for maybe 100 years. The old bicycles, for example, had a little dynamo that powered the head light and back light. It got its power from friction on the wheel, which was powered by the human cyclist...

What this story really exposes is the hubris of the inventor. Say you work a couple of months on an invention, and file a patent. Do you really expect years and years of revenue? Really?

Comment: root trust: the hole in PKI, SSL, TLS! (Score 4, Interesting) 75

by louarnkoz (#42470507) Attached to: Turkish Registrar Enabled Phishing Attacks Against Google
Everybody thinks that if an "https" connection is securely established, if the browser displays a green light, then they are good. But it only proves that the other end of the connection showed a "valid" certificate, where "valid" is defined a "signed by one of the hundreds of authorities allowed to do so, or by any entity who somehow obtained a certificate with signing rights from one of these authorities."

We have seen attacks like that before, e.g. the "Comodo" hacker (http://arstechnica.com/security/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached/). My bet is that we will continue to see more of these, because the attack surface is just too large.

Comment: Re:VoIP -- problem NOT solved (Score 2) 62

by louarnkoz (#41790061) Attached to: Secret Stingray Warrantless Cellphone Tracking
VOIP will protect the data if the content is properly encrypted, but headers and locations are still exposed. The phone can still be identified and located, which is already great information for the police. The IP addresses can be tracked in the header and voila, pen-register services without a warrant. And if VOIP is not encrypted, or if the encryption is weak, even the content can be accessed.

Comment: Re:Join the army (Score 2) 789

by louarnkoz (#41091453) Attached to: Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like?
Another requirement is to pass physical and medical tests. The Legion won't take you if you have poor eyesight, weight too much, or are otherwise unfit. The mythical slashdot readers who spend their days snacking in front of the computer might have a hard time getting accepted.

On the other hand, if you are accepted in the Legion, you will have a fun time in places like Afghanistan, Djibouti or the Ivory Coast, to name a few. If you goal was to escape being shot at, you may want to reconsider.

Comment: Re:This is getting stupid. (Score 1) 94

by louarnkoz (#40825845) Attached to: ICANN Backflips Again
ICANN was supposed to managed the legacy of Jon Postel. Instead, it is managing the interests of a coterie of Internet parasites. As the parent said, "the new top-level domains (and some of the existing top-level domains) are basically a money grab," effectively allowing the new registrars to levy taxes on trademark owners. Good old fashion blackmail, as in "nice trademark you have here, you would not want something bad to happen, like having it managed by a porn site or a competitor, what about getting some protection?"

Comment: Re:Huh? Not random! (Score 1) 312

by louarnkoz (#37512476) Attached to: A Few Million Virtual Monkeys Randomly Recreate Shakespeare
Randomness will produce everything indeed. But this experiment is not random. The monkeys are not *producing* the work of Shakespeare. They are *reproducing* it. The master program already know the work, and has it programmed in its tests. There is a big filter here: take this random bit, and decide whether it is "part of Shakespeare's work." Not quite the same as letting the monkeys type a full page, and then have readers decided whether this is "as good as Shakespeare." Prior knowledge killed Schrödinger's Cat!

Comment: Third parties make that untenable (Score 1) 90

by louarnkoz (#37376240) Attached to: UK: Open Standards Must Be Restriction Free
This is a vexing problem because not all patent holders participate in the standard making. If a company participates in the standard making, the standard organization has leverage: guarantee that others can use your patents under reasonable conditions, preferably free, or we will not consider your contributions. But if a company does not participate, the standard making organization has no leverage at all.

Consider for example what happen to Wi-Fi. The IEEE has a fairly detailed patent policy, and the Wi-Fi standards have been very successful. But after millions of cards were sold, CSIRO came out of the blue and asserted a patent on indoor OFDM that they said covered Wi-Fi. The resulting lawsuits have costed millions.

Comment: Re:Finally (Score 1) 200

by louarnkoz (#37235472) Attached to: New Worm Morto Using RDP To Infect Windows PCs
Microsoft's analysis is published at: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A

The list of password that the worm tries is interesting. Apart from the obvious abc123 and the like, the worm tries "RavMonD" and "zhudongfangyu". Is that a clue? Some Chinese hommage to the bazar?

What is now proved was once only imagin'd. -- William Blake

Working...