AnonymousDot - Slashdot User

Submission + - Obama's promise to "Protect Whisleblowers" disappears from the web

Submitted by Anonymous Coward on Saturday July 27, 2013 @01:51AM

An anonymous reader writes: The Obama administration's campaign site Change.gov has been removed, a possible reason Sunlight Foundation comments may be that a statement from the Administration that outlined the protection of Whistleblowers, "Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government." when the exact opposite has occurred and Obama is threatening trade sanctions against countries who give Edward Snowden asylum.

Comment Re:Sigh. (Score 1) 339

by hacker on Friday July 26, 2013 @07:48PM (#44395919) Attached to: Feds Allegedly Demanding User Passwords From Services

Sorry, no.

http://www.serendipity.li/wot/other_fires/other_fires.htm

Here's one example:

In October 2004 in Caracas, Venezuela, a fire in a 56-story office tower burned for more 17 hours and spread over 26 floors. Two floors collapsed, but the underlying floors did not, and the building remained standing.

See http://www.cbsnews.com/stories/2004/10/18/world/main649824.shtml

Comment Re:I hope they ask SpiderOak for mine (Score 1) 339

by hacker on Friday July 26, 2013 @07:41PM (#44395859) Attached to: Feds Allegedly Demanding User Passwords From Services

But... how do you KNOW they're doing what they say they're doing? Really? Without an intentional MiTM machine you can use to analyze what is ultimately being sent upstream to SpiderOak, you can't be sure.

Remember too, peeling apart and masquerading SSL/https sites is VERY easy to do, including certificate forging. Many companies do this today to decrypt (yes, decrypt) SSL traffic to then scan the plaintext content of the request. Heck, you can even set up Squid to do that if you want.

http://blog.blackfoundry.com/2011/06/02/break-open-dropbox-ssl-traffic-with-squid-proxy/

http://www.squid-cache.org/Doc/config/ssl_bump/

Comment Re:Companies shouldn't have this anyway (Score 1) 339

by hacker on Friday July 26, 2013 @07:37PM (#44395835) Attached to: Feds Allegedly Demanding User Passwords From Services

That's fairly easy to subvert: Don't ever use the same salt. Ever.

Look at something like PFS for where this is heading:

https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Google is already using this today.

Comment Re:Companies shouldn't have this anyway (Score 1) 339

by hacker on Friday July 26, 2013 @07:36PM (#44395821) Attached to: Feds Allegedly Demanding User Passwords From Services

https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Google is already using this today.

Comment Re:Companies shouldn't have this anyway (Score 1) 339

by hacker on Friday July 26, 2013 @07:34PM (#44395811) Attached to: Feds Allegedly Demanding User Passwords From Services

His point was that the system maintainer might be forced by a spy agency to alter the code so that the password variable is not temporary, but instead logged in persistent storage.

That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.

Comment hmmm (Score 1) 200

by lkcl on Friday July 26, 2013 @11:40AM (#44391425) Attached to: How Are You Celebrating National Sysadmin Day?

rm -fr /*

Hallibuton Pleads Guilty To Destroying Simulation Data From 2010 Gulf Oil Spill 104

Posted by samzenpus on Friday July 26, 2013 @04:03AM from the who's-to-blame dept.

An anonymous reader writes "Oilfield services giant Halliburton will plead guilty to destroying computer test results that had been sought as evidence in the Deepwater Horizon disaster, the Justice Department announced Thursday. Company officials threw out test results that showed 'little difference' between the number of devices Halliburton said was needed to center the cement casing in the well at the heart of the disaster and the number well owner BP installed, according to court papers. The issue has been key point of contention between the two companies in hearings and litigation ever since the April 2010 blowout. BP and Halliburton are still battling over responsibility for the disaster in a New Orleans federal courtroom. BP had no comment on the plea agreement Thursday evening."

Comment Re:normal people can probably do it too (Score 1) 347

by buchner.johannes on Thursday July 25, 2013 @11:06AM (#44381269) Attached to: Psychopathic Criminals Have "Empathy Switch"

It starts by de-humanising people by calling them something inferior (cockroaches, rats, ...), and scapegoating. Then you don't emphasize with how they are treated and their suffering, because they are not like you, and probably deserve it.
Be aware if you want to prevent the next Holocaust ...

Submission + - Don't like a patent? Help kIll it.

Submitted by Camael on Thursday July 25, 2013 @05:59AM

Camael writes: When Joel Spolsky spotted an undeserving Microsoft patent application, he didn't just let it be granted — He killed a in just a few minutes. In short, he found prior art and submitted it, and the USPTO examiner rejected the patent because of it. From TFA :- "Micah showed me a document from the USPTO confirming that they had rejected the patent application, and the rejection relied very heavily on the document I found. This was, in fact, the first 'confirmed kill' of Ask Patents, and it was really surprisingly easy. I didn't have to do the hard work of studying everything in the patent application and carefully proving that it was all prior art: the examiner did that for me." This is all under the umbrella of Ask Patents'.

Comment verisign or godaddy (Score 1) 276

by Twillerror on Wednesday July 24, 2013 @05:44PM (#44374629) Attached to: Anonymous Source Claims Feds Demand Private SSL Keys From Web Services

Have they been asked? Do they keep a copy?

Submission + - Long Range RFID Hacking Tool to be Released at Black Hat (threatpost.com)

Submitted by msm1267 on Wednesday July 24, 2013 @08:22AM

msm1267 writes: Next week at the Black Hat Briefings in Las Vegas, a security researcher will release a modified RFID reader that can capture data from 125KHz low frequency RFID badges from up to three feet away. Previous RFID hacking tools must be within centimeters of a victim to work properly; this tool would allow an attacker or pen-tester to store the device inside a backpack and it would silently grab card data from anyone walking close enough to it.The researcher said the tool will be the difference between a practical and impractical attack, and that he's had 100 percent success rates in testing the device. Schematics and code will be released at Black Hat as well.

Comment Re:A Better Option (Score 0) 391

by Bruce Perens on Tuesday July 23, 2013 @08:20PM (#44366803) Attached to: A Radical Plan For Saving Microsoft's Surface RT

Aren't these units similar to the ASUS Transformer Infinity, which sells just fine at $400 or more?

I guess that's why you won't see them with an Android load and a discount. MS has probably contracted with ASUS not to do that.

Comment Re:Play Nice (Score 1) 238

by Bruce Perens on Tuesday July 23, 2013 @07:59PM (#44366687) Attached to: Apache OpenOffice 4.0 Released With Major New Features

No.

Comment Re:Wildly confusing subject line (Score 1) 33

by lkcl on Tuesday July 23, 2013 @10:11AM (#44360617) Attached to: EOMA-68 Based KDE Vivaldi Tablet Engineering Boards Ship

I mean, does a tablet with a removable CPU card make any sense whatsoever?

ah you've heard of the openmoko and the openpandora, then? how long did their designs take, and did the components go end-of-life in one case before they'd completed the design? :)

Slashdot Top Deals