Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:Anyone can intercept SSH some of the time (Score 2) 60

by phantomfive (#48686067) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry

They have fake certificates from trusted authorities for some major sites, and use MITM attacks to serve up fake pages with them. We know that GCHQ loves doing the latter, so it's a question of working out which certificate authorities have been compromised and deleting them. We can also potentially defend against this by using more certificate pinning and warnings which certificates change unexpectedly, as well as distributed certificate checks (to make sure the one you get is the same one everyone else gets).

I don't think so because not many people use trusted authorities with SSH. (In fact I've never heard of anyone doing that, but surely there are people who do). Most likely the NSA just sits there sniffing traffic that goes by, waiting until there's an SSH to a new box (which actually happens a lot, every time you reinstall or something), then begin sniffing. After that they have the password and everything, so the attack can expand.

Comment: Re:Hysteria (Score 1) 60

by phantomfive (#48686015) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
The article is merely listing tools. I expect that if we have a spy agency, they will use the tools available to spy. That is what a spy agency does. If you're outraged that a spy agency actually does spy, then you're probably addicted to outrage or something.

The problem with the NSA isn't that they are spying, it isn't that they know how to decrypt SSL or mount a MITM attack; the problem with the NSA is they are spying on everybody. Limit the spying to only enemies of the US, and only the paranoid will be outraged.

Comment: Anyone can intercept SSH some of the time (Score 4, Informative) 60

by phantomfive (#48685957) Attached to: Snowden Documents Show How Well NSA Codebreakers Can Pry
If you ever get the warning:

The authenticity of host '...' can't be established. RSA key fingerprint is .... Are you sure you want to continue connecting (yes/no)?

That's ssh letting you know that a man-in-the-middle attack could be successfully launched at you, and decrypt all your communication.

Comment: Re:Hmmm ... (Score 1) 143

by phantomfive (#48684829) Attached to: Sony Accused of Pirating Music In "The Interview"
Man: Would you sleep with me for a billion dollars?
Woman: Why, yes, I would!
Man: Would you sleep with me for a hundred?
Woman: Why sir, of course not! What kind of woman do you think I am???
Man: We've already established what kind of woman you are, now we're haggling over price!

In other words, you've presented a quantitative distinction, not a qualitative distinction.

Comment: Re:False Summary - Haigh Agrees with Knuth's Thesi (Score 1) 138

Yep, the whole article is basically "we couldn't make any money if we actually wrote history about the thing you're interested in, so... tough tits"

Which isn't true......or rather, maybe they couldn't, but a more competent writer surely could.

What this country needs is a good five dollar plasma weapon.