Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Re:Anyone can intercept SSH some of the time (Score 3, Interesting) 159

by phantomfive (#48686067) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry

They have fake certificates from trusted authorities for some major sites, and use MITM attacks to serve up fake pages with them. We know that GCHQ loves doing the latter, so it's a question of working out which certificate authorities have been compromised and deleting them. We can also potentially defend against this by using more certificate pinning and warnings which certificates change unexpectedly, as well as distributed certificate checks (to make sure the one you get is the same one everyone else gets).

I don't think so because not many people use trusted authorities with SSH. (In fact I've never heard of anyone doing that, but surely there are people who do). Most likely the NSA just sits there sniffing traffic that goes by, waiting until there's an SSH to a new box (which actually happens a lot, every time you reinstall or something), then begin sniffing. After that they have the password and everything, so the attack can expand.

Comment: Re:Hysteria (Score 3, Interesting) 159

by phantomfive (#48686015) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
The article is merely listing tools. I expect that if we have a spy agency, they will use the tools available to spy. That is what a spy agency does. If you're outraged that a spy agency actually does spy, then you're probably addicted to outrage or something.

The problem with the NSA isn't that they are spying, it isn't that they know how to decrypt SSL or mount a MITM attack; the problem with the NSA is they are spying on everybody. Limit the spying to only enemies of the US, and only the paranoid will be outraged.

Comment: Anyone can intercept SSH some of the time (Score 4, Informative) 159

by phantomfive (#48685957) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
If you ever get the warning:

The authenticity of host '...' can't be established. RSA key fingerprint is .... Are you sure you want to continue connecting (yes/no)?

That's ssh letting you know that a man-in-the-middle attack could be successfully launched at you, and decrypt all your communication.

Comment: Re:Hmmm ... (Score 1) 160

by phantomfive (#48684829) Attached to: Sony Accused of Pirating Music In "The Interview"
Man: Would you sleep with me for a billion dollars?
Woman: Why, yes, I would!
Man: Would you sleep with me for a hundred?
Woman: Why sir, of course not! What kind of woman do you think I am???
Man: We've already established what kind of woman you are, now we're haggling over price!

In other words, you've presented a quantitative distinction, not a qualitative distinction.

Don't sweat it -- it's only ones and zeros. -- P. Skelly

Working...