Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:They pop up and notify me they are running. (Score 1) 243

I use a combination of LBE Security, DroidWall and Permission Manager to lock things down tightly. Silly free flashlight apps that try to read my SMS datastore? Nope, denied. Calculators that try to use WiFi or my cellular network? Denied. Games that try to read my IMEI? Denied.

Super secure, tight controls and you can lock everything down, in or out. Use all three.

Comment Re:Dichotomy (Score 1) 234

According to TFA, NSA knows full well exactly this and tried it, but couldn't gain control of a sufficient number of exit nodes. That's not surprising, it really would take controlling quite a lot of exit nodes.

Are we sure they didn't just root the botnet around mid-August/early September?

http://www.infosecurity-magazine.com/view/34453/massive-botnet-is-behind-tor-usage-spike-/

Can we be absolutely certain that the botnet itself, and every single node, is 100% secure and non-rootable from the NSA's 0-day toolkits?

Comment I understand TFA and the legal implications, BUT.. (Score 1) 527

Why did the FBI not just raid the location, take the physical servers and storage assets, clone them and then let the courts sort it out? That way they could go and fetch the keys themselves, MiTM the traffic to the host through his ISP, masquerading as Lavabit, and snarf whatever they needed. They're already doing it in other cases.

What I'm wondering, is that when someone comes to your door with a warrant, and you say "No" and close the door, why would they allow you to go back and manipulate the bits and digital information that comprises the portion the warrant asked for?

In this case, how was Lavabit even allowed to shut down their services, if the FBI was at the door asking for the keys?

Something doesn't add up here.

Comment Re:Tin Foil Hat for your car? (Score 1) 314

Do you turn your phone off when you drive your the car or go about your daily business? Unlikely.

If you leave your battery in your phone, even in the 'off' position, your phone is still on, still capable of receiving and sending, including E911. Just because the screen says it's been turned off, doesn't mean it's been turned off. Pull the battery out.

Soon though, that won't be enough, and your phone and other devices will be able to transmit their location, data, etc. without the need for a battery.

Comment Obligatory Code (Score 4, Informative) 259

...aaaand, here's some code to use to make your own (which I just posted about only yesterday


#!/usr/bin/perl

use warnings;
use strict;
use LWP::Simple;
use XML::RSS;
use HTML::Strip;
use File::Slurp;

my $url = 'http://feeds.bbci.co.uk/news/world/rss.xml';

binmode(STDOUT, ":utf8");

my $hs = HTML::Strip->new();
my @newscanary = '';

my $rss = XML::RSS->new();
my $data = get( $url );
$rss->parse( $data );

my $channel = $rss->{channel};

foreach my $item ( @{ $rss->{items} } ) {
        my $title = $item->{title};
        my $date = $item->{pubDate};
        my $desc = $hs->parse($item->{description});

        # Word wrap the output at 70 characters
        $desc =~ s/(.{70}[^\s]*)\s+/$1\n/xg;

        push @newscanary, "$title\n$date\n" . "-"x70 . "\n$desc\n\n\n";
}

write_file('canary.txt', @newscanary) ;

my $boilerplate = read_file('boilerplate.txt', {binmode => ':raw'});
my $newscanary = read_file('canary.txt', {binmode => ':raw'});

print $boilerplate, $newscanary;

$hs->eof;

Comment Re:Freenet, I2P, Tor - darknets (Score 1) 397

And what happens when those keys are transmitted in the clear, across the two endpoints, when SSL might as well be cleartext at this point, given the computational power, intentional design flaws and other mechanisms of the NSA to break the conversation in real-time.

Still trust the other end? I don't.

Comment Re:Do you trust your exit node? (Score 1) 397

Do you trust your exit node or proxy? Defcon had a recent talk on setting up proxy servers as a very quick way to find people who have something to hide. Now you have their IP address and their destination.

It's not just about exit nodes anymore. The NSA can, and regularly does, de-anonymize users within the Tor network, with or without compromised or 'baddie-controlled' exit nodes.

Tor works only as long as exit nodes are not in the bad guy's control.

Correction: Tor only works (in its current implementation) when there isn't a single bad node in the entire network. IOW, not going to happen.

Let's also keep in mind that 60+% of the funding for Tor, comes directly from the Department of Defense (DoD).

Concerned yet? You should be.

Comment Re:What is Bruce Schneier's game? (Score 1) 397

Then they can make a public and private key for whatever.com. Then they use their fake Intermediate CA Inc.certificate to sign that. Unless you the person visiting whatever.com specifically have an original copy of the real whatever.com certificate public key, and you look at the public key of the certificate every time you visit the website, you'll never notice that the NSA has replaced the real certificate with theirs. As long as they're using the correct Verisign private key, your browser will not detect any problems.

This is precisely why you should be checking site fingerprints and using browser add-ons like Certificate Patrol, in combination with a secure browser (eg: TorBrowser).

If you blindly stumble around the Internet accepting certs, not checking source and destination, you deserve what you get. If you verify the authenticity of your connections, and deny/block/forbid those that don't match, you'll be much closer to the secure environment we're all striving for.

Comment Re:See what I did here? (Score 1) 236

The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.

Actually, no, it can't. You're thinking of i2p, not Tor.

If you're confused, you need to read up on the major flaws and vulnerabilities in Tor that allow the NSA or enough controlling entities to de-anonymize anyone using Tor. In fact, the more Tor exit nodes, the easier it is.

The tremendous spike in users using Tor could be both in reaction to the NSA news, or proactive from the NSA ramping up their use of Tor to more-rapidly de-anonymize the traffic coming across those exit nodes.

Comment Re:Anyhows (Score 1) 186

They don't need to crack the traffic, if they de-anonymize the clients in and out of Tor, it's cleartext on both ends. With SSL and VPNs now being as wide open as cleartext and easily broken, it's a moot point.

http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html

And direct yourself and others to Project Meshnet:

https://projectmeshnet.org/

Slashdot Top Deals

Humanity has the stars in its future, and that future is too important to be lost under the burden of juvenile folly and ignorant superstition. - Isaac Asimov

Working...