Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Tin Foil Hat for your car? (Score 1) 314

Do you turn your phone off when you drive your the car or go about your daily business? Unlikely.

If you leave your battery in your phone, even in the 'off' position, your phone is still on, still capable of receiving and sending, including E911. Just because the screen says it's been turned off, doesn't mean it's been turned off. Pull the battery out.

Soon though, that won't be enough, and your phone and other devices will be able to transmit their location, data, etc. without the need for a battery.

Comment Obligatory Code (Score 4, Informative) 259

...aaaand, here's some code to use to make your own (which I just posted about only yesterday


#!/usr/bin/perl

use warnings;
use strict;
use LWP::Simple;
use XML::RSS;
use HTML::Strip;
use File::Slurp;

my $url = 'http://feeds.bbci.co.uk/news/world/rss.xml';

binmode(STDOUT, ":utf8");

my $hs = HTML::Strip->new();
my @newscanary = '';

my $rss = XML::RSS->new();
my $data = get( $url );
$rss->parse( $data );

my $channel = $rss->{channel};

foreach my $item ( @{ $rss->{items} } ) {
        my $title = $item->{title};
        my $date = $item->{pubDate};
        my $desc = $hs->parse($item->{description});

        # Word wrap the output at 70 characters
        $desc =~ s/(.{70}[^\s]*)\s+/$1\n/xg;

        push @newscanary, "$title\n$date\n" . "-"x70 . "\n$desc\n\n\n";
}

write_file('canary.txt', @newscanary) ;

my $boilerplate = read_file('boilerplate.txt', {binmode => ':raw'});
my $newscanary = read_file('canary.txt', {binmode => ':raw'});

print $boilerplate, $newscanary;

$hs->eof;

Comment Re:Freenet, I2P, Tor - darknets (Score 1) 397

And what happens when those keys are transmitted in the clear, across the two endpoints, when SSL might as well be cleartext at this point, given the computational power, intentional design flaws and other mechanisms of the NSA to break the conversation in real-time.

Still trust the other end? I don't.

Comment Re:Do you trust your exit node? (Score 1) 397

Do you trust your exit node or proxy? Defcon had a recent talk on setting up proxy servers as a very quick way to find people who have something to hide. Now you have their IP address and their destination.

It's not just about exit nodes anymore. The NSA can, and regularly does, de-anonymize users within the Tor network, with or without compromised or 'baddie-controlled' exit nodes.

Tor works only as long as exit nodes are not in the bad guy's control.

Correction: Tor only works (in its current implementation) when there isn't a single bad node in the entire network. IOW, not going to happen.

Let's also keep in mind that 60+% of the funding for Tor, comes directly from the Department of Defense (DoD).

Concerned yet? You should be.

Comment Re:What is Bruce Schneier's game? (Score 1) 397

Then they can make a public and private key for whatever.com. Then they use their fake Intermediate CA Inc.certificate to sign that. Unless you the person visiting whatever.com specifically have an original copy of the real whatever.com certificate public key, and you look at the public key of the certificate every time you visit the website, you'll never notice that the NSA has replaced the real certificate with theirs. As long as they're using the correct Verisign private key, your browser will not detect any problems.

This is precisely why you should be checking site fingerprints and using browser add-ons like Certificate Patrol, in combination with a secure browser (eg: TorBrowser).

If you blindly stumble around the Internet accepting certs, not checking source and destination, you deserve what you get. If you verify the authenticity of your connections, and deny/block/forbid those that don't match, you'll be much closer to the secure environment we're all striving for.

Comment Re:See what I did here? (Score 1) 236

The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.

Actually, no, it can't. You're thinking of i2p, not Tor.

If you're confused, you need to read up on the major flaws and vulnerabilities in Tor that allow the NSA or enough controlling entities to de-anonymize anyone using Tor. In fact, the more Tor exit nodes, the easier it is.

The tremendous spike in users using Tor could be both in reaction to the NSA news, or proactive from the NSA ramping up their use of Tor to more-rapidly de-anonymize the traffic coming across those exit nodes.

Comment Re:Anyhows (Score 1) 186

They don't need to crack the traffic, if they de-anonymize the clients in and out of Tor, it's cleartext on both ends. With SSL and VPNs now being as wide open as cleartext and easily broken, it's a moot point.

http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html

And direct yourself and others to Project Meshnet:

https://projectmeshnet.org/

Comment Re:NSA (Score 4, Interesting) 251

They do not need to do real-time processing of the data: that is only necessary for filtering.

That may be true for passive surveillance (http traffic, emails, IMs), but most-definitely not for VPNs, as in this specific case.

You absolutely need to trap the packets in real time in order to actually break the VPN connection open so you can get at the actual payload (cleartext, post-decrypted) data within the stream. The initial cryptographic handshake has to be captured, in order for them to peel it open and get inside.

You can't do that days later, when all you have is an encrypted stream of bits.

Comment Re:Eighty Nine Percent.... (Score 1) 138

Eighty Nine Percent of New Zealanders oppose new legislation to broaden the powers of the GCSB, the New Zealand Signals Intelligence agency that has tradisionally been used to spy on other countries.

But wait, that also means that at least 51% of the population actually voted for those who put these laws and legislation into effect. Can the same people who voted them into power, also vote them out?

Comment Re:How will they be compensated? (Score 5, Insightful) 382

It doesn't matter if she was searching for 'pressure cooker bombs', because that is not illegal!

She has not committed any crime, nor should she be suspected of one. In fact, she shouldn't have let them in the house, because they have no warrant, nor any valid reason to suspect her of doing anything against the law.

Since when was curiosity or knowledge seeking a crime? Is that where we are now? Living in fear of learning more, because those who think they're holding the power, are looking at everything we do?

Slashdot Top Deals

"There is no distinctly American criminal class except Congress." -- Mark Twain

Working...