Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Google thinks texting is secure??? (Score 5, Insightful) 69 69

Google's security people aren't thinking straight. They believe there is state sponsored hacking and they then recommend their silly phone pin nonsense ("two factor authentication")? Did they think that the phone channel was secure? They don't believe someone could watch them send the PIN over a text message? If they really cared about security they'd ween people off of passwords and only use computer generated RSA/DSA keys. I believe that browsers already allow client certificates for setting up https connections. Using computer generated and invoked keys would solve the phishing and guessing attacks. The keys would have a high enough search space that guessing would be impossible. The connections would be authenticated in a way that wouldn't expose the private key itself, so phishing wouldn't work. 1) the google server key would be checked in a secure crypto manner and a MITM attack wouldn't be possible. 2) the user's key would be checked in they standard public key crypto manner also, which wouldn't expose the private key in the process of authentication. Crap, I know practically nothing about crypto and can punch holes in Googles stuff. They don't think the equivalent of some evil country's NSA could do much better?ï

Comment Naked scanner from your terahertz wifi card? (Score 2) 134 134

If terahertz wifi cards become generally available, how long before we see articles about people repurposing the hardware to do terahertz reflective imagery like the security guys already do for looking through walls to spot people in a room or look through cloths to see "weapons"?

http://www.dailymail.co.uk/sciencetech/article-2131932/The-REAL-X-Ray-spex--new-terahertz-scanner-lets-mobile-phones-walls.html

Comment fail: 30 lumens per watt (Score 5, Informative) 348 348

Their ads claim that it has similar efficiency to a CFL, but that is far from true for the CFL's one finds at Home Depot or similar.

The company's VU1 is 600 Lumens and uses 19.5 watts. (ref: http://www.jetsongreen.com/2011/11/vu1-esl-r30-light-bulb-lowes.html ) This comes out to 30 Lumens per watt.

A typical under $4 CFL from home depot puts out 1500 Lumens using 23 watts for 65 Lumens per watt or more than twice as much light for the same input power. (ref: http://www.homedepot.com/h_d1/N-5yc1v/R-100686995/h_d2/ProductDisplay?catalogId=10053&langId=-1&keyword=100%20watt%20cfl&storeId=10051 )

Comment Wear and Tear (Score 1) 160 160

Google needs to add wear and tear to the clothes so that as time goes on they look rattier and rattier. After a few months the clothes finally develop holes and fall off on their own accord. After all the clothes have disintegrated they can shut down the servers. ;-) It is sure to be cheaper than paying out 5 megabucks.

Comment Re:I don't know... (Score 2) 248 248

Not being able to grep the logs would suck. It would break every hack script I have for checking things in the logs.

Furthermore, I'm not sure what problem the binary file with crypto signing would solve vs. just also logging to a secure log machine. Syslog already allows one to duplicate the logging to any number of off-machine syslog daemons.

For figuring out how a breaking was done woudln't it be better to just log all IP traffic (say with "tcpdump -w ...") on a dedicated logging machine and perhaps have a pruning mechanism that trims any TCP stream to a few megabytes. That way large file transfers wouldn't fill up the logging disk unnecessarily. Add to that some off-machine logging built into sshd or perhaps the pty driver and one can get a pretty good picture of how any breakin was done.

Comment In other news (Score 1) 159 159

The groups trying to enforce security in government systems are no doubt smiling.

It is sad how the TLA's in charge of security standards are regularly ignored. Maybe these embarrassing break-ins will give them the power to force other government agencies to take security a bit more seriously.

Comment ssh keys compromised? (Score 1) 101 101

"you should consider the passwords and SSH keys that you have used on these sites compromised."

How the heck can ssh keys compromised by this breakin? Doesn't the site just have access to the developer's public key? With a sufficiently large ssh key (say 1k or 2k) how is anyone going to derive the ssh private key from the public key? The fact that if is effectively impossible is supposed to be the whole point of public key encryption.

Comment stop using non-random passwords (Score 2) 212 212

People need to stop using non-random passwords for WPA2-PSK. This attack sounds like a dictionary attack, because there is no way at only 400k passwords per second that he could map more than a minuscule fraction of the 2^256 key keyspace. We are talking 1e77 potential passwords. At 400k/sec that only amounts to 1e13 passwords per year. It will still take 1e64 years to break. Since the universe is only ~1.5e10 years old, I think we are safe enough from a true brute force attack.

Of course that assumes people do turn off WEP and WPA1 and all the WPA1 crap in WPA2 (like turning off TKIP and only allowing CCMP).

Comment Where is the NSA in all of this? (Score 1) 173 173

This incident underscores how little influence the NSA really has when it comes up against lobbyists and morally-corrupt senators trying to ingratiate themselves to the same lobbyists. It is shameful that this country has a group that is very, very good at analyzing security issues yet it isn't allowed force use of a secure operating system within the government.

Comment Re:It's not open source (Score 2, Insightful) 406 406

If you could actually AFFORD the phone you buy a unlocked one.. Google tried to sell you one, none of you cheap bastards bought one.

The G2 is also available for $500 from T-Mobile free and clear with no contract. It will be interesting to see what justification T-Mobile comes out with for locking down the bootloader on the G2 when it is bought outright like this.

The moon is made of green cheese. -- John Heywood

Working...