Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Submission + - Obama's promise to "Protect Whisleblowers" disappears from the web

An anonymous reader writes: The Obama administration's campaign site Change.gov has been removed, a possible reason Sunlight Foundation comments may be that a statement from the Administration that outlined the protection of Whistleblowers, "Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government." when the exact opposite has occurred and Obama is threatening trade sanctions against countries who give Edward Snowden asylum.

Comment Re:Sigh. (Score 1) 339

Sorry, no.

http://www.serendipity.li/wot/other_fires/other_fires.htm

Here's one example:

In October 2004 in Caracas, Venezuela, a fire in a 56-story office tower burned for more 17 hours and spread over 26 floors. Two floors collapsed, but the underlying floors did not, and the building remained standing.

See http://www.cbsnews.com/stories/2004/10/18/world/main649824.shtml

Comment Re:I hope they ask SpiderOak for mine (Score 1) 339

But... how do you KNOW they're doing what they say they're doing? Really? Without an intentional MiTM machine you can use to analyze what is ultimately being sent upstream to SpiderOak, you can't be sure.

Remember too, peeling apart and masquerading SSL/https sites is VERY easy to do, including certificate forging. Many companies do this today to decrypt (yes, decrypt) SSL traffic to then scan the plaintext content of the request. Heck, you can even set up Squid to do that if you want.

http://blog.blackfoundry.com/2011/06/02/break-open-dropbox-ssl-traffic-with-squid-proxy/

http://www.squid-cache.org/Doc/config/ssl_bump/

Comment Re:Companies shouldn't have this anyway (Score 1) 339

His point was that the system maintainer might be forced by a spy agency to alter the code so that the password variable is not temporary, but instead logged in persistent storage.

That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.

Businesses

Hallibuton Pleads Guilty To Destroying Simulation Data From 2010 Gulf Oil Spill 104

An anonymous reader writes "Oilfield services giant Halliburton will plead guilty to destroying computer test results that had been sought as evidence in the Deepwater Horizon disaster, the Justice Department announced Thursday. Company officials threw out test results that showed 'little difference' between the number of devices Halliburton said was needed to center the cement casing in the well at the heart of the disaster and the number well owner BP installed, according to court papers. The issue has been key point of contention between the two companies in hearings and litigation ever since the April 2010 blowout. BP and Halliburton are still battling over responsibility for the disaster in a New Orleans federal courtroom. BP had no comment on the plea agreement Thursday evening."

Submission + - Don't like a patent? Help kIll it.

Camael writes: When Joel Spolsky spotted an undeserving Microsoft patent application, he didn't just let it be granted — He killed a in just a few minutes. In short, he found prior art and submitted it, and the USPTO examiner rejected the patent because of it. From TFA :- "Micah showed me a document from the USPTO confirming that they had rejected the patent application, and the rejection relied very heavily on the document I found. This was, in fact, the first 'confirmed kill' of Ask Patents, and it was really surprisingly easy. I didn't have to do the hard work of studying everything in the patent application and carefully proving that it was all prior art: the examiner did that for me." This is all under the umbrella of Ask Patents'.

Submission + - Long Range RFID Hacking Tool to be Released at Black Hat (threatpost.com)

msm1267 writes: Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well.

Slashdot Top Deals

Staff meeting in the conference room in 3 minutes.

Working...