Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:It has been known for years (Score 1) 923

Another possibility (though I think yours is more likely): Do you use HTTPS to access Google? If you use the search bar on major web browsers, you do. If you are signed into a Google account, you do. Otherwise, if you're not logged in and you manually direct your browser to google.com and then do a search, the query goes to Google unencrypted.

Assuming Google searches had anything to do with this story (which I doubt), I think it's more likely that non-SSL queries were intercepted.

Comment Re:Did you even RTFA? (Score 1) 923

Except they said they do this "100 times a week". The implications of that are staggering. 100 times a week? That is 5200 raids a year.... if they are not putting terrorists away by the truckload then they have some serious explaining to do.

Even more staggering when you realize this was carried out by a county Sheriff's department. So is this one department carrying out 100 raids per week? Assuming they're not the only PD doing it, we much have hundred of thousands of raids per year. Millions, maybe.

Color me skeptical.

Comment Re:Nature of the Internet: Information exploitatio (Score 1) 923

Just like every other company that does ads, they buy the info from Google.

Google doesn't sell data. Not to advertisers, not to anyone. The only exception is market research data which is aggregated and anonymized and cannot be used to target specific individuals.

Of course, once weak selectors have triggered from the google data, the gov't has other systems (e.g. let's say telco info) to get the location and possibly user of the IP address that google recorded.

I strongly doubt that Google was involved at all. I see two realistic possibilities:

1. The supposition that the content of a Google search was involved at all is simply false. The visit was provoked by something else, and the targets just assumed it was related to Google queries.

2. The search was done over HTTP, and the connection was intercepted at the ISP or any other point in the chain between browser and Google.

That's pretty much it. Google says it doesn't supply data to the government without lawful orders, and that it doesn't supply broad data at all, only specific data about specific individuals given specific legal documentation. You may not believe it, but there's really no evidence otherwise. As a Google employee with some visibility into relevant infrastructure, I have evidence to support it.

Call me a shill, naive, whatever. This is just my honest, and fairly well-informed, opinion.

Comment Re:The "Party of Lincoln," and the Southern Strate (Score 0) 506

I do notice you don't actually address my points directly. You can't argue that the Republicans were form as slavery abolitionists, so you misdirect. You can't argue that the KKK were created by Democrat populace, so you misdirect.

Fortunately, the user "cold fjord" has used his/her excellent knowledge to furnish you with links. At least check them out please, before dismissing them out-of-hand.

Comment Re:Key size not the flaw... (Score 1) 118

WIth physical access and knowledge of the hardware sure it's extractable

With good tamper-reactive hardware? Well... in theory, sure, anything is possible. In practice, good luck getting in without triggering the tamper response, which zeros the master key. Note that freezing attacks don't work, because getting the device outside of a certain temperature range triggers the tamper response, as does physical penetration, exposure to radiation, improper input voltage or loss of battery power or... good FIPS 140-2 level 4 hardware is very touchy.

... this is assuming there's no backdoor in the HSM, always a large assumption.

Actually, I worked a bit on the IBM 4758 and know a bunch of the people involved throughout its design and development, and I'd say it's extremely unlikely that there's a back door. There's a published paper on the 4758 design (Google it); go read that and then come back and we'll talk. I can tell you about all of the code control and layered reviews at every point in the design, implementation and testing process. It would be fantastically hard to sneak a back door in through that.

Comment Server doesn't create the session key (Score 4, Informative) 207

Umm... you should go re-read the SSL/TLS specs. The server doesn't get to dictate the session key.

The session key (AKA master key) is computed from a "pre-master" secret key and two random numbers, one provided by client the other from the server. Both sides perform this computation independently, and the server has no control over the client random -- nor the client over the server random. Also, the pre-master secret is either generated entirely by the client, or else generated through a Diffie Hellman key agreement protocol, which again involves input from both sides.

There may be other attacks, but the one described in the summary doesn't work.

Comment Re:WTF? (Score -1) 506

You do know that the US *Republican* Party was formed to end slavery in the US, right? It was the (Southern-oriented) Democrats whose members formed the KKK and instituted the racial discriminations laws (eg. 'Jim Crow' laws). It was only in the 1960s that the Democrats changed their point of view (kinda: the pictures you see of police with dogs vs black teens come under Democratic presidencies). The Republican party doesn't want to coddle minorities because it believes that minorities are just as capable as the majority, and believes that introducing dependence perpetuates problems. The Democrats want to keep dependency going because they get to harvest votes (instead of the cotton they used to get). Yes, this is surprising news to you that the *Republicans* believe in true equality regardless of race - but that is the history if you care to look.

By The Way - both the Republicans and Democrats suck. Badly. I'm a 'classic liberal' (also called 'libertarian') myself - people should be treated equally regardless of race, and in the US should be subject to the US Constitution (from which all laws must be compliant with - which is not what we see now). Hence, when I listen to the Tea Party their political views make more sense than the corruption of the other parties. Ted Cruz for Prez in 2016 (Hiliary Clinton would be an even worse disaster than Obama has been; they might promise a great deal, but it is the delivery that counts).

Comment Re:Key size not the flaw... (Score 1) 118

The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.

Yeah, but the NIST recommendations suggest that 1024-bit keys aren't adequate any more, so it's just good security hygiene to upgrade, even if they're not actually the current weak point, which I agree is almost certainly at the user's end.

Comment It Depends. (Score 1) 157

First I glance at the title. If it immediately registers as something completely irrelevant to my existence (e.g., anything that sounds like court news or politics), I proceed to the next one. Otherwise, I start reading the summary. If the summary tells me more than I actually needed to know (which is typical when the article is genuinely IT-related but concerns software I do not use, administer, or care about), I proceed to the next headline. If the summary leaves me wanting to know more, I read either the article or the comments, depending on the nature of the subject matter and whether I imagine the source would be more knowledgeable about it than the average Slashdot commenter. (All sources are not equal in this regard.)

Comment Re:Butt ugly and another car designed for CAFE (Score 1) 164

I tend to try to give people the benefit of the doubt, because it makes my life better than if I assumed the worst and walked around angry all of the time, but it's nice to get confirmation that the Volt owner most likely wasn't being rude.

I think maybe I'll print up a little sign to leave under my windshield wiper when I'm parked at the airport, explaining how to interpret the lights. Or maybe I can put it over the charging port; that would be even better.

Thanks for the information.

Comment Re:Butt ugly and another car designed for CAFE (Score 4, Insightful) 164

On the Leaf vs Volt access to the charging station, I think the Leaf owners have a point. Charging is optional for the Volt, not so for the Leaf.

Of course, I own a Leaf, and have had the experience of having a Volt owner unplug my car at the airport parking lot, 15 minutes after I plugged in. When I got back from my trip it was questionable if I had enough juice to get home. Well, to be fair, I don't know for sure that it was the Volt owner who unplugged me, but it was a day trip and the charger was plugged into a Volt when I got home in the evening. On the assumption the Volt owner was uninformed rather than rude, I left a nice note explaining that the Leaf does not have a gasoline engine, and how the blue lights on the dash indicate charge state, pointing out that when you see a car with a single blue light flashing, you should probably leave it plugged in.

Slashdot Top Deals

How often I found where I should be going only by setting out for somewhere else. -- R. Buckminster Fuller