Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Of all the stupidity (Score 2) 107

by mitcheli (#49233161) Attached to: Lawsuit Claims Major Automakers Have Failed To Guard Against Hackers
Clearly some lawyer has some teenaged kids he's looking to put through school. But food for thought here. Having just gotten into analysing the ECMs in my car and figuring out how to analyse the performance characteristics of my car, I appreciate the ability to figure out what's going on with the vehicle without paying $1000's to the mechanic. That being said, I have serious doubts that a public/private key cryptographic authentication mechanism on the vehicle ECM would be shared with the consumer that purchased said vehicle and would ultimately eliminate the ability of people to work on their vehicles.

Comment: Net Neutrality and it's effects on Cell Providers? (Score 1) 550

So Some cell providers in the US provide "x" amount of GB's of data on a rate plan and when that data is used up, they turn off access to the Internet (blocking) and other providers will allow you to use "x" amount of data and then throttle back your remaining data (throttling) to dial up modem speeds (EVDO or less). Since these rules prohibit blocking and throttling, what will Net Neutrality do to cell phone plans?

Comment: "People need to know — the public needs to k (Score 2) 246

by mitcheli (#49111279) Attached to: In Florida, Secrecy Around Stingray Leads To Plea Bargain For a Robber
Whether or not the use of this technology is a violation of Constitutional Rights is really up to a Judge to determine. And as for "the people need to know", that's really pointless. The people are powerless to prevent the use of such technologies if their elected officials aren't doing anything to prevent the use of such technologies. The nature of globally connected communications in this era leaves open the avenue for exploitation of technology across vast distances. Cell phone intercepts, such as the ones in the article, firmware exploits such as the ones published last week, and any other manner of exploits are going to define the new normal. Unless laws are passed (and with the Patriot Act, I have sever doubts) that prohibit not only average citizens from engaging in these activities, but law enforcement as well, then we just need to suck it up and deal with it. For professionals in our field though, this does present us an opportunity to review our standards and identify logical risks associated with them and then to redefine them to take privacy and security in mind. Encryption designers need to up the bar and create stronger and more secure algorithms. Right now, there are only a small handful of manufacturers looking at this level (black phone?) but even they aren't digging deep enough.

Comment: Non-repudiation (Score 4, Insightful) 129

by mitcheli (#49021591) Attached to: The Technologies That Betrayed Silk Road's Anonymity
The advantages to Encryption and defense-in-depth strategies is they are based on the triad of information assurance, one key of that is "non-repudiation". The "downside" to non-repudiation is the ability to connect the dots come litigation time. Interesting that they mention that the SSH sessions used key based authentication when the opposing attorneys claimed that anyone can name their systems "frosty" and use the login name "frosty". My question is, did the key on the laptop that was supposedly logged in as "frosty" also correlate to the key on the server? If so, the "anyone" list just got a lot smaller.

Comment: Second amendment zone of lawlessness (Score 5, Interesting) 431

by mitcheli (#48925291) Attached to: Justice Department: Default Encryption Has Created a 'Zone of Lawlessness'
Has anyone considered looking at this from a Second amendment perspective? If we are not to pass laws prohibiting the right to bear arms in order to establish a proper militia, has it not been considered that the command and control of said militia would also be as equally important? If so, then would it not be fair to assume that military grade encryption standards (read: non-exportable encryption) would by nature also be protected weapons systems? Granted, I know that arms exports has a litany of laws and the average Joe American can't just walk down the street buy an over the shoulder rocket launcher, but one would think that the ability to communicate securely for defensive purposes would in and of itself constitute protection under the Second Amendment? Or am I just reaching here?

Comment: Nothing good can come of this. (Score 1) 114

by mitcheli (#48884457) Attached to: Apple Agrees To Chinese Security Audits of Its Products
So, what do we think? Will the Chinese Government use this opportunity to provide valuable input to Apple on security vulnerabilities that they discover to help better secure Apple products? Or will they squirrel away the things they discover to their Intel agencies? My bet's on the latter.

What is worth doing is worth the trouble of asking somebody to do.