Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Horsepoop yourself. It's a contract (Score 1) 324

The constitution is a contract, established between "the several states", the people of said states, and the federal government. If you tried to interpret any other contract as a "living document", granting one party new rights and privileges according to its own interpretation of changing conditions, you'd be laughed out of court. The contract has a process for dealing with changing conditions--it's called an amendment! Now I happen to agree with you that the clean air act is constitutional (under the commerce clause, because air pollution is interstate) but this "living document" stuff is a formula for tyranny. It takes what was intended to be a written constitution, with strictly enumerated powers, privileges and rights, and turns it into something like the Roman Republic, which had no written constitution--just traditions. And we all know how that ended up.

Comment Re:Email is like Postcards.... (Score 1) 490

Want privacy? Encrypt the actual message itself.

So in order to view an email you must:

1 Log into a computer
2 pull up an email program
3 authenticate with the server
4 download a copy from the server
5 read the email.

I can certainly see how adding one extra step

4.5 Open the email (decrypt or de-envelope)

Is the BIG step that you think is necessary to imply an expectation of privacy. So, why is it that 4 distinct steps is not sufficient to be considered no expectation of privacy, but 1 extra step is?

And what if the encryption is ROT13? is that sufficient? Or if someone is good enough to have memorized it and can read such a message rote do you no longer have any expectation of privacy?

The simple fact of the matter, is that the concept of an expectation of privacy is based upon the concept of what a person may observe with their own senses and not going out of their way to acquire that information. It is EXACTLY why it is NOT legal to use IR cameras to spy into buildings even though all that juicy IR information is beaming right out of the homes.

You can not read an email without technical assistance. That's all the envelope that is necessary.

Comment Re:103000 passwords per second. So? (Score -1) 215

[a-z0-9]{8} Yields 36^8, or 2821109907456.

Must contain at least 1 number means you subtract all those that don't (26^8). Must contain at least 1 non-number (I'm assuming this is also a restriction) means you subtract all those that don't (10^8).

You're down to 2612182842880.
Other specific restrictions (can't be the user name, can't be last password, can't be 1234abcd) will have very little effect. Let's call it 2500000000000.

At 100000 per second, we have 25000000 seconds, or 9 and a half months to crack a password.

Odds are you'll crack it in 1/2 that time, so you've got 4-5 months.

Simply require users to change their password every 6 months and you're safe enough.

An attacker would have to:
  - Know when a user changes his password.
  - Get the hash immediately.
  - Know the encryption scheme used.
  - Crack non stop without the video card melting.
  - Have about a 60% chance of getting it before the user is required to change their password again.

It's doable, but anyone who would be the target of such an attack would likely have:

  - A better bank
  - FDIC-insured investments
  - Lawyers with very expensive suits

But why are we talking about cracking passwords when we should be discussing the root of the problem? Someone done accessed ur shit and got ur password file, foo!

Security

Feds Tighten DNS Security On .Gov 140

alphadogg writes "When you file your taxes online, you want to be sure that the Web site you visit — www.irs.gov — is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency. That's because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet's DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites. DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption."
Google

Submission + - Gmail accounts hacked - no response from Google (livejournal.com)

jared51 writes: A few friends have recently had their Gmail accounts hacked, causing immense life complications. With Gmail storing all information (many people have a handy label "Accounts" making life easier) that has ever been emailed, a hijacker can easily move on to eBay, PayPal and credit card accounts to turn the crime into cash. Making matters worse, Google is impossible to contact by human. Hijacked users must contend with an endless series of forms.

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)

Working...