Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Human limitations? (Score 1) 152

by ramriot (#49536201) Attached to: Hubble Spots Star Explosion Astronomers Can't Explain

This is more a limitation of the researcher than of the science. This type of Short duration hyperbright nova is not unknown and elsewhere in the literature there are several theories as to their Natural origins. They have been a few detected over the last 50 years but because of their rarity a comprehensive analysis is still wanting.

So this is not a NEW HUBBLE DISCOVERY, more a OH NICE! you saw one too.

Comment: Swatting just got an upgrade! (Score 1) 144

by ramriot (#49390809) Attached to: Obama Authorizes Penalties For Foreign Cyber Attackers

Yay, swatting just got an upgrade.

Since internet based crime is already hard to track down to individuals or groups who are only making reasonable efforts to hide their identities I envision a new from of cyber-attack, DOFBA attack or Denial Of Funds By America attack. All that is needed is to commit a 'cyber' attack on the US or its citizens in a way that upon investigation tracks back to some group that you wish to punish. Though come to think of it, this may have already happened see the timeline of the Sony Hack.

Comment: CORRECTION! (Score 2) 82

by ramriot (#49390745) Attached to: Verizon Subscribers Can Now Opt Out of "Supercookies"

Before we get too far down the rabbit home here, I would like to add a correction to the story above.

The Verizon 'SuperCookie' is not "placed on their phones" it is an additional header line 'X-UIDH' inserted in outgoing internet requests by their network management system see: As such it is never present on the users device, but does uniquely identify a user to any server they communicate with if that server either has back end pair access to verizon's customer database or they use services that combine multiple trackers with this one to keep lock on the users sessions relative to the entire history, but not associated with a Verizon customer record.

One good thing (if anything about this can be called good) is that they cannot add this header to TLS/SSL traffic as the headers are end-to-end encrypted, so provided yo stay HTTPS on your connections or run a mobile VPN it does not matter if you opt out or not as they cannot add this tracker to your traffic.

One final thought is that even without encryption if there was a proxy server out on the internet that you set your mobile device to sent all traffic through and that server was to strip out this header from your requests before passing it on to its destination then you would also be protected, which I will be setting up should this 'service' emerge from the slime in the future.

Comment: A better methodology (Score 1) 267

by ramriot (#49350763) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

If you don't trust password managers and would like a way to generate unique, deterministic and hard to crack passwords. Take your 8 word diceware password and use it as the entropy for:-

Which generates a 26x26 latin square. Use that with the domain name of the site and a memorable algorithm to generate a password for each site.

Also, in the near future (from the same source) is:-

You will still need your ONE strong password (or biometric) to protect the master key from which all site specific keys are generated (via the domain name), but when supported by a site it leaves nothing but a site specific public key for them to store that you use by proving that you can sign a random challenge with your site specific associated private key. So even if their database leaks it has no useful authentication data for an attacker to make use of because each sites keys are unrelated to any other. Which also means that for low value site who only need your key and nothing else to authenticate you due ti it being a two party system you are uncrackable.

Comment: 5 words you cannot say in Florida? (Score 5, Funny) 366

So as a Floridian federal employee I cannot say:-

"There is no such thing as human induced [climate change], or [global warming] as it was once called and my belief in this will last as long as the [sustainability] of a congressman's gravy train."

but I can say:-

"You climate deniers are full of S..t, and are definitely corrupt and in the pocket of the oil industry"

OK, I can go with that.

Comment: Security by Oscurity (Score 2) 324

by ramriot (#49158597) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Here is the problem:
Manufacturers guard their intellectual property fiercely, and they guard their proprietary firmware fiercest of all. Thus the API for uploading drive firmware is Write Only (WO). Thus within the existing API and interface there is by design no way to validate the firmware. What that means is that, if you are able to build your own firmware (because you have a copy of the source, obtained deviously) then you can alter it to your own ends and even make it so that the (WO) overwrite API does nothing.

Outside of the existing interfaces though you can with sufficient skill get some knowledge. If the firmware is stored on a flash chip separate from the drive CPU you can get a copy of the microcode by probing the chip directly either during read cycles with the drive active or by controlling the chip fully with the drive off. Unfortunately you cannot do this so easily if the firmware is stored in flash within a drive micro-controller. As to JTAG, that may or may not work because in production a manufacturer may choose to disable that interface to prevent competitors doing exactly what you are wanting to do.

In Summary, you are SOL unless manufacturers rewrite their firmwares to add a secure means of proving firmware validity, and don't ask me how.

Comment: Robbing Roosevelt to pay Washington? (Score 1) 391

by ramriot (#49153523) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

So, Verizon posted " 'Throwback Thursday' Move Imposes 1930s Rules on the Internet" and yet on In 2012, it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right,".

Sorry Verizon, you cannot have it both ways. You cannot use the argument that a law enacted in an age of Steam and Telegraph ( ) is bad while maintaining protection under another law enacted in an age of Sail and buggy whips ( ).

Unless that is you wish to say that the Communications act of 1934 is unconstitutional, and I think you have had enough time in the last 81 years to challenge that.

You can argue un-applicability, or anything you like but in truth you and your ken have brought this on yourselves with your penny pinching profiteering at the state's and citizens expense. If you had invested appropriately in new technology,taken a modest amount of profit and served your customers as if you were a utility then there would have been no need to reign you in and enforce utility rules upon you.

Comment: Ok fine FLOSS you! (Score 1) 406

by ramriot (#49138297) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

This is all fine and dandy. Make sure US companies encryption products have an extra front door. This can probably even be made reasonably secure by use of a gov' public key to add an extra header to all encrypted data from said products.

But how exactly are you going to make Open Source products comply with these regulations. All it will do internationally is make US encryption products unpalatable to anyone who guards their privacy weather they be criminal or not. Perhaps via international treaty, the US could like it has with copyright, force nations to criminalize large portions of their populace.

You know, I say go ahead, we all know where this ends and the vox-populi is not something Mr Director you would want to be lined up against the wall to answer.
"When government fears the people, there is liberty. When the people fear the government, there is tyranny." - Thomas Jefferson

Comment: Jurisdiction? (Score 1) 51

If a granted warrant is out of the jurisdiction of one appointed legal entity what are the chances that it will be inside the jurisdiction of another. I would say the chances are 100%. So lets say a judge grants such a thing to the FBI, location unknown. They then go off and gather evidence, remotely. Only later when using that evidence to present an international arrest warrant do they expose the location.

The defence teem would I guess have a field day, presenting the FBI with their own arrest warrant accusing the FBI of a Cyber-crime across international boarders. Supported by new anti-cyber-crime laws that the US via the MPAA/RIAA fought long and hard to put into place by international treaty.

Comment: Would we even know, after! (Score 1) 576

All the assumes that an invader would be perhaps biological and probably macroscopic. Assuming for the moment no faster than light travel and no magical energy sources. This means that travelling between stars will take a long time and need lots of energy. So mass and biological lifespans are a huge factor, the smaller the mass and the longer the passenger lives, the faster it can be pushed with less energy, relativistically speaking...

Today in the near earth environment we can track things larger than a baseball travelling at orbital velocities with existing NORAD space tracking. But anything smaller or faster or further away, forget it. Therefore I wonder if we would even know should the invader consisted of a cloud of nano-machines released from a micro-probe that had travelled here at near light speed.

Once the invader was here, floating down from the stratosphere scanning for useful biological machines with large enough brains we would not even be aware. Save perhaps for a spectacular sunset or two. The first sign that we had been invaded would be perhaps a sudden breakout or global cooperation and perhaps the appearance of apparently physic abilities and heightened regenerative abilities in infected subjects. It would only be much-much later that any remaining uninfected individuals would see the real purpose, when a new international space plan is put into place to send AI nano-machines as avatars for ourselves to the nearest stars.

Comment: Hmm? Consider the wider picture. (Score 2) 175

by ramriot (#49018553) Attached to: Hobbyists Selling Tesla Coil Kits To Fund Drone Flight Over North Korea

Putting aside for a moment that this KS is probably a scam, what are the ramifications of an act such as this.

In the current climate, what would he US call it if citizens of another nation started drone flights of unknown purpose over US soil. I would suggest the T word would be used and as soon as the launch point is identified all extra-judicial efforts will be made to ensure the perpetrators are removed from the gene-pool.

Would a state like "Democratic People's Republic of Korea" consider doing less if it were in their interest.

Other states have done similar to citizens of other countries, located outside of their boarders for reasons of National Security, see:-

Comment: Additional headers? (Score 1) 111

by ramriot (#48946353) Attached to: Fixing Verizon's Supercookie

Has anyone tried adding multiples of their own version of this header to outgoing traffic upstream of verizons gateway, to see what happens?
Not having Verizon here in Canada I cannot try this, but it would be interesting to see if doing so with a true random nonce would defeat their tracking by adding confusion, as to which header was the real verizon one and which the customers.

Also F*** verizon, go full VPN on all your mobile traffic from now on.

Comment: And if gas does not work, try water... (Score 1) 378

by ramriot (#48931349) Attached to: Why ATM Bombs May Be Coming Soon To the United States

Seems Jamie and Adam got there way ahead of all of us (New myth to test):
If you allow for the fact that in their case the had to burn a small hole in the top which set fire to the contents first before filling the enclosure with water, which in the case of an ATM you don't have to, than its a reasonable idea.

Comment: Old news and still needs pwned access (Score 3, Interesting) 86

by ramriot (#48931295) Attached to: Georgia Institute of Technology Researchers Bridge the Airgap

Firstly this is old news,
Secondly almost the first thing said in the video is that they had to install a driver on the target to force it to emit signals they could pull out of the noise. So its a nice idea that if you have access to put software on the PC you can later get it to emit information, but it you are going to do that then why not use what else is there because how often is all the targets other wireless interfaces fully disabled. I suspect unless your name is Snowden, not very often. Further, if you are that worried about leaking information that you go fully air gapped you would not be trusting a malleable OS to run from, much better to run from a live CD.

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke