Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment A climate of really lousy security... (Score 2) 172

(1) Net Centric Diplomacy database
Appears to have been trivially downloadable. Manning used Wget to automate the capture of cables from this database. Manning had access to secure networks (SIPRNet) and it was this, rather than any technical expertise, that allowed him to pull all the cables.It seems as if the Net Centric Diplomacy database and its interface (presumably a web front end) lacked any functionality to inhibit automated / bulk downloads, to track or log downloads or to alert operators to suspicious or anomalous patterns of access.

Contrast this with the logging that was available in IntelLink (the SIPRnet internal search engine) that helped link incriminating keywords (Assange, Wikileaks etc) to the IP address assigned to Manning's computer. The defense cannot refute that, while they may be able to undermine the (very poorly gathered) computer forensics from Manning's computer.

(2) Microsoft Share Point server
Appears, also, to have been wide open to anyone on SIPRnet and to have permitted automated (scripted) bulk downloading of files. And, like (1), appears to have lacked any functionality to alert operators to suspicious behaviour.

Contrast this, also, with the logging that was available in IntelLink.

(3) Manning is no expert
First, he used the same password for both his operating system (presumably, his Windows username/password) as for his encryption. Second, he claims to have "zero-filled" his hard disk but had not done so. Third, he used his own computer for the IntelLink searches thereby leaving a trail of evidence.

(4) Lack of expertise seems quite widespread...
The computer environment at the FOB where Manning worked was risible. In testimony, an officer described how "soldiers would store movies and music in their shared drive on the SIPRnet. The shared drive, called the “T Drive” by soldiers, was about 11 terabytes in size, and was accessible to all users on SIPRnet who were given permission to access it, in order to store data that they could access from any classified computer." In other words, in practise, no distinction between storage for movies and music and the storage for classified materials. While the officer told soldiers not to use it for music and movies (and used to delete same as well as reporting the abuse), the practise was prevalent. And despite the 11 terabytes (that is 11 thousand Gigabytes) available for music and movies, this officer cites lack of storage as the reason that some logs (that may have contained evidence) were not maintained. This officer, Capt. Thomas Cherepko, received a "letter of admonishment" for the lax enviroment at this base.

Has the buck stopped at the Captain? I believe that points 1, 2 and 3 suggest a culture of information security so poor as to merit serious enquiry in its own right. Manning probably did break several laws in gathering and communicating the cables to WikiLeaks and, if convicted, must face the music. But the ease with which he did this ought to be cause for far more concern than we are seeing in the media. The US Army appears to be throwing Manning under a bus, but only a slap on the wrist for Cherepko. That is unjust. Lets see how this unfolds...

Submission + - UK recruiting codebreakers (canyoucrackit.co.uk)

Demerara writes: "http://www.canyoucrackit.co.uk/ CanYouCrackIt is an array of numbers and a prompt to enter a keyword. The numbers are displayed graphically so you have to manually transcribe (or else do OCR with blue-on-black text) to another application for automated analysis.
BBC reporting (here: http://www.bbc.co.uk/news/technology-15968878 ) that the people behind the Can You Crack It website are the UK's GCHQ (one of the UK intelligence agencies) and that they're hiring!
So, let's see if the Slashdot effect holds... ;-)"

Comment Re:Missed the juicy part of the article (Score 1) 108

A reporter from The New York Times, an American of Norwegian rather than Afghan extraction, voluntarily submitted to a test screening with the B.A.T. system. After his fingerprints and iris scans were entered into the B.A.T.’s armored laptop, an unexpected “hit” popped up on the screen, along with the photograph of a heavily bearded Afghan.

The “hit” identified the reporter as “Haji Daro Shar Mohammed,” who is on terrorist Watch List 4, with this note: “Deny Access, Do Not Hire, Subject Poses a Threat.”

Hilarious, until this "hit" is used to trigger a missile strike on your house. this example illustrates why outputs of biometric comparisons should be human-adjudicated when anything other than a parking-space is at question.

Comment Re:What (Score 1) 145

Google has released two phones ever, both of which are easily rootable.

Easily by the average /. reader - but I suspect that HTC would like to see that bar lowered significantly. I imagine that a hardware vendor (HTC, for example, but it could be anyone) wanting to put a serious hand-held device into an enterprise environment would like to make it simple to cut the umbilical chord to Google.

Or just to offer power users more options to rid themselves of the constant sucking noise of Google (and Facebook and Yelp and the rest of the bottom-feeders) eavesdropping on our every action, thought, movement.

This may be FUD, but there's a grain of truth in there somewhere!

Comment What is it with the word "niche"?? (Score 2) 254

FTA: It seems right now that this particular niché is not being served: or is it?

Why do so many people have a problem with this word? I can put up with the US pronunciation (i.e. "nitch") though I grew up in Ireland and England pronouncing it what I presume to be a slightly French way - i.e. "neeesh"

But how in heavens did we arrive at "niché "??

Comment Crap website. (Score 1) 148

For all their guff on http://www.eg8forum.com/en/accessibility/ about making it accessible, you still have to download the PDF via the Flash "app".
It all looks like the sort of shiny UI that is necessary when your key customers are heads of state and the like - frequently clueless about and impatient with technology.

Anyone actually read it? It's still downloading

Comment Shareholder value trumps all... (Score 1) 228

FTA: Somehow, I'm thinking that Steve Jobs circa 1984...would have told U.S. senators sending threatening letters about computer-based info sharing to take a hike.

All companies that go public will eventually drop or morph core values when these conflict with shareholder value (variously defined as profit or share price). Apple are no different.

Comment Lockable, but never locked (Score 1) 274

I have never, ever, bought a network-locked handset. Sure, I pay more, but the freedom to travel the world and pop in a SIM wherever I go, plus the leverage when dealing with telco's at home more than compensates.

The Internet

Submission + - US Gov.t Seeking Inputs on IANA

Demerara writes: As a member of ISOC, I just got this circular asking for inputs on an important review of IANA functions. I though it would be useful to broaden it to /.
The email reads: "Dear Chapter Delegates and Members, As you are probably aware, the Government of the United States released its long-awaited Notice of Inquiry on the IANA functions on Friday last week. I'm attaching a pdf version that is easier to read than the Federal Register version on their web site http://www.ntia.doc.gov/>. The deadline for comments is 31 March 2011, so we need to begin developing our response now. The evolution of the IANA function is an issue of immediate and great interest to all parts of ISOC and our companion organizations. I am seeking views from our membership on this important topic to use as inputs when developing the ISOC response to the NOI. I will also be drawing on the Board discussions of the IANA function that have taken place over the past few years. And finally, I will be coordinating with the other I* organizations. I do not believe we should try to develop a joint response to DoC, but we will want to ensure there are no surprises and, ideally, that there is broad general agreement in what we provide to the decision making process. It is my believe that the US government is sincerely hoping to get a broad range of responses from the US and elsewhere with concrete suggestions for improvement of the way the IANA function is handled. For example, they are hoping to hear clear statements about what this community wants; e.g., whether and why there should be changes to how the .arpa and/or the .int are treated in the contract, what should be the arrangements for the protocol parameters, etc. If the Internet technical community would like to see the US government make changes, we need to participate in this process to build a record of those recommendations. Thus I encourage you to send me your inputs by end of day Friday, 18 March, 2011. The NOI is quite detailed, as you will see. It describes the IANA function, and then goes on to ask questions in six areas. To paraphrase, those are: 1/ Whether the interdependent technical functions performed under the IANA should continue to be treated as interdependent, or if there should be changes to the present grouping? 2/ Recognizing that other Internet technical organizations' policies (e.g., IETF, IAB, RIRs, ccTLDs) impact on the performance of the IANA functions, should those be referred to and specified in the IANA functions contract and how? 3/ Should there be changes in the handling of root zone management requests requests pertaining to ccTLDs to address the concerns of some governments and ccTLD operators? 4/ Are the current performance metrics and reporting by the IANA functions operator adequate, or should there be changes? 5/ Are there improvements that should be made to the IANA functions contract to better address the needs of users of the IANA functions? Here the NOI specifically asks if additional information on the performance and administration of the IANA function would make the process more transparent? 6/ Should additional security considerations or enhancements be included in the requirements in the IANA functions contract? In every case, the NOI requests *specific* information and *specific* suggestions for improvements in the IANA contract. This may be an area where ISOC can contribute to the process in a very positive way. I would especially like to hear from you if you are in some direct way a participant or user of the IANA functions, and if you have any specific experience that indicates a need for improvement or alteration of the contract, and if so, what your specific recommendations would be. That kind of input would improve the depth and credibility of the ISOC response. Of course, as always, you are welcome to make your own direct comments to the process, but I would still very much appreciate hearing about your experiences and views. While I have not prepared text for the submission, in general, I would like to see ISOC explain how important it is to rely on the native Internet institutions to play appropriate roles where their expertise contributes to the smooth functioning of the Internet overall. Thus it is important that the roles of the IETF, IAB, RIRs, and ccTLD operators be recognized in the system, and that there is a need to build international confidence in how the IANA function is operated and administered. That includes the need to be more open, transparent and thus accountable in the administration of the process, to match the openness and transparency provided by the operator's extensive reporting. I also foresee suggesting that the stability of the IANA functions could be improved under different process than the current redrawing and renewing of relatively short term IANA functions contracts. I hope that you will read the full NOI, and I look forward to hearing your views on the questions it asks, your experiences, and your recommendations for improvement. Once again, to make it possible for me to prepare the ISOC input, please send me your inputs before end of day on March 18, 2011 or earlier if possible. Thank you in advance Bill"

Comment Nice, but needs a little connectivity... (Score 1) 132

As pretty as thas is, this is Slashdot and I'd have expected one or more of the following features:

      (1) Internet connection
      (2) Out of circuit, redundant internet connection
      (3) A link to some DHS Threat Level status source with automated update of the status on the device
      (4) some stupid social networking linkage (since it's so bloody ubiquitous...)

But, nice box.

Slashdot Top Deals

You need tender loving care once a week - so that I can slap you into shape. - Ellyn Mustard

Working...