Forgot your password?
typodupeerror

Comment: Re:Low even for Slashdot (Score 1) 313

Nice try,

Facebook changing THEIR privacy policy directly affects users. The outcry is justified and has nothing to do with the politics of their CEO or board. This issue is entirely different. People are calling for boycotts and pressure because a perfectly capable board member used to work for the Bush administration which started a wiretapping program. It has NOTHING to do with what she personally has done nor what she has done as a board member of the Dropbox company.

Thanks for playing, next time try using your head...

Comment: Low even for Slashdot (Score 2, Insightful) 313

Let's quit pretending this is anything but an attempt to force her out because she is/was a Republican.

If she were a Democrat, the article would talk about the racist/sexist Republicans that were trying to force her out.

The Democrats have only enhanced the spying and wiretapping, but you don't get outcry's about the likes of Facebook the Zuckerberg's of the world who are huge Democrat donors.

I love to see that "tolerance" the left is famous for.

Comment: First, XFCE (Score 2) 448

by shellster_dude (#46716219) Attached to: Ask Slashdot: How To Start With Linux In the Workplace?
First, I'd recommend going with XFCE for your desktop. It's simple, looks kinda like windows and doesn't change looks constantly with each release.

If you are going to be managing these things, you might want to go with some sort of thinclient architecture with a beefy server, serving the old ex-XP boxes. This will reduce the configuration hassle long term, and make those crappy XP boxes seem pretty snappy. The downside, and it can be a doozy, if the server goes down or the networking is lousy, no one will be able to work.

Comment: Seriously? RTFM (Score 1) 90

Am I the only one who read the read the article?

The Mylar system supports searching of the encrypted data and encryption with multiple, separate keys allowing multiple users to have access to specific records without requiring any key sharing.

The server can operate in a completely compromised fashion (in theory), as the data is all encrypted on the client side, before it goes to the server, and the server will never have the plaintext or the key to decrypt the ciphertext.

They seems to be operating under the assumption that it is much harder to compromise all the clients than a single server...unfortunately I don't think that claim holds up as there is nothing to prevent compromise of the clients if the server is compromised, via simple XSS-like attacks, which will be trivial since it will be same-origin.

IMHO, the only way to make something like this really work, would be hardened browser clients, with special encryption APIs which cannot be directly accessed by code that the server can inject (NOT JavaScript).

Comment: Not useful (Score 4, Insightful) 914

The foremost point of prison is to keep bad individuals where they can't harm the general populace, and to punish them for their actions, with the hope that they will correct their behavior.

Using a time dilation drug does in lieu of actual time served does nothing to help keep them off the street.
Using a time dilation drug as well as a normal sentence amounts to psychological torture or near torture, and won't help with any corrective process which might have prevented repeat offense.

Bottom line: drugs like this have no place in or penal system, regardless of the ethical ramifications of using them on prisoners.

Comment: Understanding PRNG (Score 2) 143

by shellster_dude (#46487027) Attached to: Weak Apple PRNG Threatens iOS Exploit Mitigations
When cryptographers say that a PRNG is deterministic (in a bad sense), they usually mean it violates one of the following rules (or similar):

1) It should be realistically impossible for an outsider to determine or guess all the values that constitute a seed.
2) No matter how much of the "random stream" an attacker has seen, they should not be able to realistically determine the next value in the stream (without all the sources of entropy throughout the process).
3) Given the initial seed, an attacker should not be able to determine the random value at a point in the future because that value should constantly be affected by both new "entropy" inputs including the number of times, size, and amount of random data previously requested.

Comment: Cyber Security Analyst here... (Score 1) 572

My company does it, and it isn't for malicious reasons of spying on their users. It is done so that IDS and IPS can actually detect malware downloads and C2 communication over SSL. I suspect that's the primary reason most other companies do it as well. If they don't the company can't adequately detect or remediation most modern malware.

Detection of exploit kits via HTTP monitoring is one of our primary indicators of compromise, so this information is vital.

Comment: A hybrid approach (Score 1) 305

by shellster_dude (#46299259) Attached to: Why Your Phone Gets OTA Updates But Your Car Doesn't
A lot of people don't trust their car manufacturer to be in charge of firmware pushes. That makes perfect sense. Maybe the best approach, would be utilizing special software on existing smartphone platforms. This solves many issues at once. Car owners don't have to worry about their car "phoning home" or the dealer pushing "fixes" without their knowledge, while simultaneously giving the car owner, and the dealer the advantages of a remote software update. If you want it, you can install the dealer's smart app, and hook your phone up to your car for an update.

There are, of course, new issues. You need to properly sign and validate your updates, to make sure they are delivered to the cars uncorrupted, in the correct format, and that no one else can use the functionality to hack the car.

Comment: Custom Router (Score 4, Interesting) 264

by shellster_dude (#46286401) Attached to: Routers Pose Biggest Security Threat To Home Networks
After I found that my ASUS RT-15U was running telnet with a default password, open to the world which I couldn't kill or change the password on, I swore of embedded device routers.

I have replaced it with a small Debian box with dual NICS, and bought a 24port switch from TPLINK. It was the best decision I have ever made. Perfect reliability, complete control, via IPTABLES. I've got auto blocking of malicious ips trying to hit my ssh or port scanning me via DenyHosts and PSAD.

A couple other custom scripts and DNSMASQ, dhclient, snort, and python, and I have all the other services and features I want, and ONLY the services and features I want.

FORTRAN is for pipe stress freaks and crystallography weenies.

Working...