Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - WPA2 wireless security cracked

An anonymous reader writes: Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware.

Read more at: http://phys.org/news/2014-03-w...

Comment Re:How about 2 fast cores instead of 8 slow ones? (Score 2) 173

Ok, but aside from the n% increase over the n% increase over the n% increase over the n% increase, what has Intel done for us?

Intel makes the 2 fast core processor right now, today, and it'll cost you a staggering $120 to $150. It's called the Haswell Core i3 and each of its cores is faster than any of the cores in your $5000 machine from 2007. It will run Dwarf Fortress faster than anyone would have imagined back then.

Of course there's no limit to what you'd like, but if you have a problem with the amazing shit you can buy today, the problem is with you, not the amazing shit.

Comment It's not just the warrants. (Score 5, Interesting) 141

... people fully EXPECT the NSA to be upto nasty secret snooping habits. That is actually the minor part of the story that caused the outrage. The more dangerous fact is that the NSA can demand companies or individuals turn over data to them and impose a gag order thus forcing them to keep it secret.

I agree that the latter IS a big problem. But I don't agree that it's the ONLY problem, or the only BIG one.

National Security Letters are still relatively narrow compared to what the NSA did. They also tapped the fibers Google and others used to communicate with each other, and used these taps to snoop everything that went across them, without Google's knowledge.

I encountered a Google engineer with job responsibilities related to that at a conference last year, and he was LIVID. They'd tapped fibers OWNED BY GOOGLE - trespassing and damaging them (aong with Google's credibility) in the process - with no letters, warrants, wink-wink-nudge-nudge, or what-have-you. Google has since been installing encryption thorughout it's network - not just where it leaves the building, but even from rack to rack.

Maybe they're still stuck disclosing SOME stuff. But at least they're trying to know what it is, do their best to minimize it (and protect their model), and avoid inadvertently firehosing EVERYTHING into the maw of the NSA.

Comment This is ridiculous (Score 2) 103

1. It seems to me that the credibility of the NSA is such that I don't believe much if anything they say. As such I am going to disbelieve this until substantial evidence supporting it is presented.

2. Even if it is true, the fact that many NSA data gathering programs are accompanied by gag orders and other secrecy requirements there is no particular reason for me to believe that the cooperation of the companies was at all voluntary and they could disclose what was happening to my data without peril of extreme and secret legal penalties.

So all in all this is a completely ridiculous thing for him to say, and it has no particular utility for the general public even if it were absolutely true.

Comment THANK you! (Score 1) 409

She is making a dangerous assumption that if tax revenues increased the extra would be spent on schools

THANK you! That is beautifully expressed. It should be instantly understood by anyone hearing pro-tax propaganda by Lewis or others in a debate or comments-allowed-publication setting.

It's a prototype for similar arguments for raising taxes allegedly for other purposes as well.

Comment Actually, that example IS illegal. (Score 1) 246

They made their bathroom walls out of glass and then complained that he was a peeping tom for setting up a webcam from across the street. Scuzzy? yes, but not illegal.

It varies by state. But...

Pointing a webcam at an uncovered bathroom or bedroom window generally IS explicitly illegal. It will get you busted and into the registered sex offender database.

IANAL but if I undersand this correctly the test is whether the peeped-at has a "reasonable expectation of privacy".

In the all-glass bathroom case you might claim that the bathroom user did not have a reasonable expectation. But what if the switch from opaque walls to glass was made by a contractor and the homeowner was blind? That's the kind of situation we have here, and the accused knew it.

Once upon a time, decades ago, the built-in permission systems of computers were also usually considered (by their users and administrators, before the law got involved) to also assumed to be a presumed-valid expression of intent. My preference would be to have this approach recognized in law - if only to avoid slippery-slopes between users and jail, and to put any blame for security flaws like this on the people designingn and deploying the tools. But then things happened (like WiFi access points being shipped with security features off to reduce service calls by new users), and the law has been going a different way.

Comment Re: Ridiculous. (Score 5, Funny) 914

Tests have already been done on countless millions of people. None of them complained about being dead, said they'd rather be doing something else, or petitioned to be made no-longer dead. Zero.

Our common sense (and some very strong instincts) tell us it's an extremely bad thing, but thousands of years of observations suggest that once it happens, nobody really cares anymore.

Comment Re:Not useful (Score 3, Interesting) 914

Bottom line: drugs like this have no place in or penal system, regardless of the ethical ramifications of using them on prisoners.

Our current penal system has no place in our penal system.

What we have now amounts to a mockery of justice-as-rehabilitation, where we give otherwise-good people multi-year "we need to do something" sentences for obvious accidents (involuntary manslaughter, for example, or virtually all victimless "crimes"). They then come out as actual hardened criminals, far more likely to go on to commit real crimes (one well-studied population, nonviolent drug offenders, come out four times more likely to go on to commit a violent crime than the general population).

That said, I have to admit that this woman strikes me as likely a dangerous psychopath herself. Sentencing someone to a thousand years of boredom? "A lot of people seem to get out of that punishment by dying"??? Holy shit, woman, what kind of sick fuck would come up with something like that??? And I say that as someone who supports the death penalty, and personally would rather we use straightforward and effective punishments like caning over merely wasting a decade of someone's life on the taxpayer dime.

But hey, at least you would effectively reduce the cost of prison, since virtually everyone would resort to suicide after their first few "sessions".

Comment Then there are remte admin tools such as Intel AMT (Score 1) 94

The BIOS has bare back access to the hardware. Why cant it log the keyboard and dump it out the Ethernet? Why cant it access the ram directly?

Built-in threats include more than just BIOS. At least one, and probably most, chip makers build in backdoors that do exactly what you describe, and much more. It's built right into the silicon, too.

Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

Hardware-based AMT features include:

amt.feature:Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.

amt.feature: Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.

amt.feature: Protected Audio/Video Pathway for playback protection of DRM-protected media.

Additional AMT features in laptop PCs

Laptops with AMT also include wireless technologies:

michael@shuttle:~/nomad-michael/letters$ cat amt.feature
Modern laptops and desktops come with remote administration tools built into the chips on the board. (The vendors tout this as a feature, simplifying administration of a large company's workstations. It's easier and cheaper to build it into everything than to be selective, so it's in the machines sold to individuals, too.)

One example: Intel Active Management Technology (AMT) and its standard Intelligent Platform Management Interface (IPMI), the latter standardized in 1998 and supported by "over 200 hardware vendors". This is built into the northbridge (or, in early models, the Ethernet) chip).

Just TRY to get a "modern laptop" (or desktop), using an Intel chipset, without this feature.

You can't disable it: Dumping the credentials or reverting to factory settings just makes it think it hasn't been configured yet and accept the first connection (ethernet or WiFi, whether powered up or down) claiming to be the new owner's sysadmins.

If the NSA doesn't know how to use this to spy on, or take over, a target computer, they aren't doing their jobs.

Some of the things this can do (from the Wikipedia articles - see them for the footnotes):

Hardware-based AMT features include:

Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.

                Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.

                Remote power up / power down / power cycle through encrypted WOL.

                Remote boot, via integrated device electronics redirect (IDE-R).

                Console redirection, via serial over LAN (SOL).

                Keyboard, video, mouse (KVM) over network.

                Hardware-based filters for monitoring packet headers in inbound and outbound network traffic for known threats (based on programmable timers), and for monitoring known / unknown threats based on time-based heuristics. Laptops and desktop PCs have filters to monitor packet headers. Desktop PCs have packet-header filters and time-based filters.

                Isolation circuitry (previously and unofficially called "circuit breaker" by Intel) to port-block, rate-limit, or fully isolate a PC that might be compromised or infected.

                Agent presence checking, via hardware-based, policy-based programmable timers. A "miss" generates an event; you can specify that the event generate an alert.

                OOB alerting.

                Persistent event log, stored in protected memory (not on the hard drive).

                Access (preboot) the PC's universal unique identifier (UUID).

                Access (preboot) hardware asset information, such as a component's manufacturer and model, which is updated every time the system goes through power-on self-test (POST).

                Access (preboot) to third-party data store (TPDS), a protected memory area that software vendors can use, in which to version information, .DAT files, and other information.

                Remote configuration options, including certificate-based zero-touch remote configuration, USB key configuration (light-touch), and manual configuration.

                Protected Audio/Video Pathway for playback protection of DRM-protected media.

Additional AMT features in laptop PCs

Laptops with AMT also include wireless technologies:

                Support for IEEE 802.11 a/g/n wireless protocols
 

                Cisco-compatible extensions for Voice over WLAN

This just happens to be one I'm familiar with. I don't know whether (or which) other chip makers (such as AMD) have similar "features" built in as well (though I'd be surprised if they didn't, since they want to sell into big companies, too).

Comment Re:Fuck that guy. (Score 1) 397

racist, narcissistic, caste-based hiring practices to gain jobs they're in no way qualified for in a country thousands of miles from home

Hmm... Iranian? Chinese? Slavic? Israeli? Strange, none of them seem to quite meet your description.


Sounds like you are referring to people of one particular country.

Hmm, yes. Yes, it does sound like you have one particular country in mind. Clearly, one of you has a race card in play, but you might want to check the instant replay before you stick your neck out too far on this one...

Slashdot Top Deals

Heisengberg might have been here.

Working...