Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re: Isn't 30 years a little excessive? (Score 1) 118

One important detail. This gut is not a spammer. He's a scammer. For this kind of attack to work you need very targeted emails tailored to the recipient. (I'm having problems calling the receiver victims. you do not need encryption to protect yourself just a working brain. I get a crazy email from my boss, the first thing that happens is that I need clarification, and surprise surprise is obvious that one asks via a different channel for clarification.)

Comment Re:Coding style vs 'problem solving style' (Score 1) 164

Yes and no. The better people in the industry continue to learn, every day.

Actually, my current team lead expects us to learn all the time, and is completely willing to take the hit in longer ticket handling times.
OTOH, my current boss is an outlier in my experience in this industry.

Comment Not so fast (Score 1) 164

Important part:

        Finally, we do not consider executable binaries that are obfuscated
        to hinder reverse engineering. While simple systems,
        such as packers [2] or encryption stubs that merely restore the
        original executable binary into memory during execution may
        be analyzed by simply recovering the unpacked or decrypted
        executable binary from memory, more complex approaches are
        becoming increasingly commonplace, particularly in malware.

So, there are numerous issues here:

1.) getting the samples for training (e.g. the authors already mention this as a problem) => github and friends distribute source code, and it's not necessarily trivial to get the compiler and options right to recreate the correct binary.

2.) If you would for example profile me online, you'd learn from code repositories that I know python, and you might from post interfere that I know other languages. My Python repositories will not help you identify my binaries build in C.

3.) And worst, the code where this deanonymization would be most useful, e.g. malware, is very hard to handle, as it's usually obfuscated to the max. Worse malware has been known to mutate itself on replication to avoid leaving a signature for virus scanners.

Anyway, nice ML paper. ;)

Comment The FBI has not thought it out (Score 2) 347

So considering that that the us government uses nowadays mammy commercial products of the shelf itself;
Considering that other governments control access to potentially as big or bigger markets than the US one ->

Are they happy with the Chinese/Russians also reading the communications of the US government?

And they are using commercial regular stuff. By design (to save money and make certain projects even feasible) or mistake (do I need to say Clinton ' email).

Also consider that practically all the hardware for these new communications is produced outside the states. Where other governments can insist on back doors (when it quacks ... call it by it's proper name).

E.g. the German privacy watchdog has currently issued a ruling that Google Mail is a communication service and needs to provide "an automatic interface for lawful interception". If the courts let that stand (something quite realistic) and Google not being able to prove to legal standards if an account is "German", that might mean that they'll need to allow to intercept traffic on all accounts.

Great that the FBI gives governments the inspiration to what they should require from companies (including US ones).

Comment Re: Not just police (Score 1) 238

Well that depends on jurisdiction I'd say.

Here around all publicly accessible private space are covered by traffic law. Only your private yard that is open only to you is not covered.

(That regulation seems to be a couple of decades old, on old properties you can see signs telling that traffic law applies on this parking lot, but these signs are clearly dying out.)

Comment Completely wrong summary (Score 1) 142

Subject should read: House votes to extend Patriot Act, and changes some cosmetics when it comes to telephone meta data collection.

1.) Without the act, the Patriot Act, which is what allows the intelligence agencies and LE to collect way to much data, would be again illegal and/or practically much harder. The Freedom Act extends the Patriot Act so the agencies can continue legally to collect the data heaps.

2.) So, the data will be stored at the provider, and they need a court order. And FISA is known to reject at least one request per year (well, most of the years, one cannot be so hostile to our protectors, right), and has never allowed unspecific over broad warrants to be issued, right?

Slashdot Top Deals

We can found no scientific discipline, nor a healthy profession on the technical mistakes of the Department of Defense and IBM. -- Edsger Dijkstra