Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:Wait a sec (Score 3, Informative) 267

Exactly the opposite: "Encryption works" was one of the key points made by Edward Snowden. The NSA found it much easier to just bypass encryption. There are some instances where we suspect the NSA has had a hand weakening or backdooring some algorithms (like recommending odd seed values for elliptic curve cryptography) but nothing definitive.

Comment Memorizing site-unique passwords isn't possible (Score 5, Insightful) 267

Diceware is a great recommendation, but you're missing one key consideration: password reuse is a larger danger to users than is having a weak password. The Apple iCloud hack is one of the few in recent memory where a password-related breach wasn't tied to password reuse. What happens most of the time is that a site is vulnerable to SQL injection gets their users table stolen, and "bad guys" use that information to try accounts on related sites. If the compromised website was using a bad (i.e. fast) password hashing algorithm, then having a good password will protect you a little, but you're playing with fire. Password cracking techniques have been advancing exponentially, as has GPU power. But if this site is using reversible encryption or storing passwords in plaintext (which still happens with alarming frequency) then all your other accounts are at risk from the one breach regardless of how great your password is. Of course, if they're using a good password algorithm like PBKDF2 or bcrypt, even a mediocre password will be relatively safe. But what are the chances that every site you've registered with is using a good password algorithm? Probably zero. How can you check the password storing technique of a site you're about to register with? You can't.

Yeah, you could make an algorithm to modify your password across sites so that you can memorize it yet it'll be different, but as "bad guys" combine information from multiple leaks, any algorithm you come up with will be vulnerable to reverse engineering. Especially if your online identity is valuable. The real solution is to use password management software like KeePass, LastPass, or 1Password. Lock your password program with your good password from Diceware, and use unique, truly random passwords for all the websites you've registered on.

Comment Memorizing site-unique passwords isn't possible (Score 1) 2

Diceware is a great recommendation, but you're missing one key consideration: password reuse is a larger danger to users than is having a weak password. The Apple iCloud hack is one of the few in recent memory where a password-related breach wasn't tied to password reuse. What happens most of the time is that a site is vulnerable to SQL injection gets their users table stolen, and "bad guys" use that information to try accounts on related sites. If the compromised website was using a bad (i.e. fast) password hashing algorithm, then having a good password will protect you a little, but you're playing with fire. Password cracking techniques have been advancing exponentially, as has GPU power. But if this site is using reversible encryption or storing passwords in plaintext (which still happens with alarming frequency) then all your other accounts are at risk from the one breach regardless of how great your password is. Of course, if they're using a good password algorithm like PBKDF2 or bcrypt, even a mediocre password will be relatively safe. But what are the chances that every site you've registered with is using a good password algorithm? Probably zero. How can you check the password storing technique of a site you're about to register with? You can't.

Yeah, you could make an algorithm to modify your password across sites so that you can memorize it yet it'll be different, but as "bad guys" combine information from multiple leaks, any algorithm you come up with will be vulnerable to reverse engineering. Especially if your online identity is valuable. The real solution is to use password management software like KeePass, LastPass, or 1Password. Lock your password program with your good password from Diceware, and use unique, truly random passwords for all the websites you've registered on.

Submission + - RSA Conference Bans 'Booth Babes" (networkworld.com)

netbuzz writes: In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be bereft of a long-controversial trade-show attraction: “booth babes.” New language in its exhibitor contract, while not using the term 'booth babe," leaves no doubt as to what type of salesmanship RSA wants left out of its event. Says a conference spokeswoman: “We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show.”

Comment Re:Where was the flight attendant? (Score 2) 737

A pilot can not be left alone in cockpit with a terrorist because the terrorist will kill the pilot. A flight attendant can not be left alone in cockpit with a pilot because the pilot will fuck the flight attendant. A terrorist can not be left alone in cockpit with a flight attendant because the flight attendant will have the terrorist to return to his seat.

Submission + - Passphrases You Can Memorize That Even The NSA Can't Guess 2

HughPickens.com writes: Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like “cap liz donna demon self”, “bang vivo thread duct knob train”, and “brig alert rope welsh foss rang orb”. If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you’ve generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn’t take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It’s a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training"

Comment Re:wikipedia have not only messed that (Score 1) 264

Not if the "substantial edits" can cite a biased journal or "news" site that support the new claims. Wikipedia has a serious problem with controversial topics because "the rule of Wikipedia is that authority trumps accuracy," and people with big megaphones and too much time on their hands can find or make "authoratative" sources that support their worldview regardless of the facts.

Comment Re:eh (Score 4, Insightful) 290

The problem isn't that the day after the bill gets passed, we'll experience a media blackout. These things happen in steps. Thailand started censoring porn, but once the system and precedent was established they went on to censoring political content. Many, many other countries followed similar paths, starting by censoring some things and then getting worse and worse. (disable javascript to view Wikipedia)

Also, "facilitating the commission" of copyright infringement (which SOPA and PIPA includes in their infringing site definition) is so broad that the many non-tech-savvy judges will be able to be influenced through heavy lobbying by MPAA and the like.

Lastly, H.R. 3261, Title I, 103.d (in SOPA) does allow plaintiffs to issue court orders to service providers from what I understand.
IBM

Submission + - IBM creates question-answering algorithm (nytimes.com)

religious freak writes: IBM has created and made the question answering algorithm, Watson, available online. Watson has competed in and won a majority of (mock) matches against humans in Jeopardy. Watson does not connect to the Internet to answer his questions and seeks answers using many different algorithms then employs a ranking algorithm to choose the best answer. Click on 'original source' below to try your luck against Watson.

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.

Working...