Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49134623) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

True, you didn't built everything from source, but you were happy enough that everything traced back to "the" sources to make you feel secure. That's a lot more protection than anything from a commercial vendor, who probably just sold you formulaic encryption without any extra work to make you feel secure. Your data would have been more secure, if not actually secure, but you'd have felt it less, because really you have no way of knowing. So without somebody taking the extra time to make you feel secure, you naturally wouldn't feel it very much, if at all.

The problem is that there is no conceivable way to do what you are saying. It involves compromising or proxying disparate traffic, expertly.

And then, after all that, it would involve rooting an otherwise secure installation that is barely network connected, and using that to inject what, defects into the right sources so that the resulting binaries are weak or exploitable?

I agree that the NSA, CIA, and FBI have extraordinary capabilities, but the attack vectors that have thus far been revealed are the same attack vectors that security researchers have known and published for a long time - firmware, obscure libraries that are often used but seldom examined, zero-day exploits of popular software, mathematical flaws in encryption implementations, and physical security and chain of custody.

All of which is to say, the basic landscape of the threat has not changed much in 20 years. It is sophisticated, but as always, a strong layered defense and strong procedures and policies will minimize the possible impacts, exploits, and severity of breaches (if they occur in the first place). There are few things more secure than a well maintained GNU/Linux or OpenBSD box running in the wild.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 5, Insightful) 406

by danheskett (#49121185) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If, on the other hand, you live in a world where simply crying "Encryption!" is some kind of barrier that magically sanctifies the underlying data, and that it then cannot and should not ever be accessed by anyone other than the data owner...well, then I would ask what you think about the German and Japanese codes in WWII?

I think it's deeply sick that our government or anyone would equate our foreign, Congressionally declared, military enemies locked in nearly unrestrained warfare with the private effects and papers and their electronic equiavlents of it's peaceful citizens.

The law and Constitution (as interpreted and implemented by our system of government) are the constraints -- not specific technological capability.
Disagree. The Constitution recognizes an inherent right - that of a person to be secure in his person and papers from unreasonable search and seizure of his person and those effects. That natural right, along with the natural right to be held personally inviolate (i.e. not tortured) are the dual foundations for the presumption that encryption keys, like secrets ensconced in your memory, are immune for the government's attempts to ascertain them.

What he "wants", when US-based companies hold data that still can technically be accessed for legitimate foreign intelligence purposes supported by our system of law, is that a legal framework should allow for it. When it can't be, it's up to NSA to determine other mechanisms to access that data.

It is impossible to know hat the NSA, or any government agency, actually wants. There is no legal nor oversight mechanism that will force them to disclose that information to you, or me, or even to their Congressional overseers, or even to other members of the Executive branch. They have demonstrated lawlessness at the highest levels and vast dishonesty, using every legal, regulatory, judicial, and yes extra-legal mechanism possible to avoid operating transparently. Whatever the intention, whatever the reason, it is beyond question that civic minded citizens should believe any pronouncement, no matter how clearly worded it appears to be, from the Executive branch. When the Director of National Intelligence says point blank they are not collecting records of millions of Americans, it is not simply a matter of redefining away the words. It's lying. Without punishing those who deceive American citizens and especially Congressional oversight, we must only be left to assume that the NSA operates outside of the realm of the rule of law, and because of that, we must act accordingly.

Even if it means a massive terrorist attack on US soil, even if means the collapse of the government, or invasion, or a mushroom cloud over a major US city, we have to resist the presumption that any agent of the executive acts without oversight and accountability.

Comment: It Also Works to Describe Examples of Fascist Prop (Score 1) 23

by Jeremiah Cornelius (#49102779) Attached to: Might explain some of the behavior here

"Dedicated to the proposition that all men are created equal"
"Beacon of freedom and promoter of democracy"
"Greatest nation on earth"
"Home of Free"
"Highest standard of living in the world"
"Best health care system ever"
"Dedicated to rule of law as determined by the will of the people with regard for the defense of the minority"
"Capital is the best expression of democracy at work"

The hits keep coming for the Homeland.

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49096941) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

I don't know how true this.

I had a high-security/high-trust scenario, and I ended up bootstrapping a machine from source-built binaries, and then building a compile system. I used the compile system to verify that binaries I was using from the official Debian distribution checked out from the various original sources. True, I did not built everything - literally everything - from source, but I was happy enough that everything was traced back the sources enough to make me feel secure. That's a lot more protection than anything from a commercial vendor.

Comment: Monkeys don't get HIV, they get SIV or SHIV (Score 1) 96

I'm amazed that TFS says HIV as well as the first link. TFNA (The Fucking Nature Article) title is "AAV-expressed eCD4-Ig provides durable protection from multiple SHIV challenges". Wow, SHIV is right there in the title. Humans can be infected with "human immunodeficiency virus". Simians can be infected with "simian immunodeficiency virus".

Additionally, plenty of "monkeys" get SIV and don't become symptomatic because they're natural hosts. Rhesus macaques (as stated in the Nature article), however, are not natural hosts and do become symptomatic. Just using the over-arching term "monkey" is ridiculous for a "science" blog.

Comment: I've used both... (Score 1) 128

I've used my iPhone to track my steps as well as a FitBit to do so. I can agree from experience that they both track just as well as the other. The difference? My phone is much larger and is much more expensive to replace. I like that I don't have to bring my phone with me to track my activity when I'm out doing stuff (and no annoying calls). I also track my stats when playing ice hockey. What kind of fool would bring a phone for that?

They may be the same in terms of counting steps, but in terms of appropriateness in more situations the small, wrist based tracker wins.

Badges? We don't need no stinking badges.

Working...