Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:They want to be paid three times! (Score 1) 466

They are already paid by the end user and by the distributors like Netflix, who pay for their bandwidth usage. What the carriers want is to be paid three times.

Unfortunately stories like this just highlight how little even self-declared tech people know about how the "Internet" works.

Comment 10 Character Key? (Score 1) 70

Where did the submitter get the quote that says this uses a 10 character key for the HMAC?
From the article:

The dongle (Scrambler) uses 4 keys / passwords.
1 - 10 characters long is used to identify clusters (when more than one dongle is used to boost throughput).
2 - this is the actual key for SHA1-HMAC
3 - this is used for initialisation vectors.
4 - encryption key for remote commands ENSCRAMBLE and ENGETID. This key is shared with the client (Wordpress in our case) to provide end-to-end encryption of passwords sent for scrambling.

Here are the details from the article about key lengths, etc.

S-CRIB Scrambler Design Basics We use the same hardware as for our Password S-CRIB and only re-implemented the firmware to add required functionality. The keys / passwords now have 32 characters so they can be directly used with AES-256. Each password can give provide up to 199 bits of entropy as we use 76 different characters. The source of passwords is a combination of a "dongle key" (unique for each Scrambler) and a random SHA1 key generated using microsecond timer applied on communication between Scrambler and the host PC.

Comment Resides in a Raspberry Pi? (Score 1) 70

University of Cambridge's S-CRIB Scrambler resides in a Raspberry Pi...

No it doesn't. The S_CRIB Scrambler is a trusted hardware component implemented as a USB dongle that just happens to be plugged into a Raspberry Pi as a host server.

The current implementation uses Raspberry Pi as an "untrusted" host for web service. It is an inexpensive but sufficiently powerful platform for our password scrambling system.

This could just as easily be plugged into a server or any other PC. My point is that the device has nothing to do with and has no dependency on the Raspberry Pi and to imply otherwise is disingenuous.

Comment Re:hack the planet (Score 1) 66

By keeping your mouth shut about these holes, you are pretty much guaranteeing that they will remain open for exploitation. People in positions with the authority to make decisions about patching the holes will remain oblivious, because let's face it, very few of said people have a fucking clue.

Security by obscurity does not work. I believe that we can all agree on that. On the other hand, responsible disclosure means talking to the people who can do something about a discovered issue should be the first step. Once the issue has been addressed, then a wider disclosure is reasonable.

Comment Re:Non-story (Score 1) 268

He really did a convincing work on the montage and the voice-over, but NPOV must agree the majority of the video came from the deniers. Now I don't know how far fair use goes, but maybe they really have a case there. How did MST3K handle that?

None of which is any concern of Youtube. They have absolutely nothing to say about fair use or not. They follow the letter of the law as written and preserve their Safe Harbor protections under the DMCA. Youtube's actions are out of their hands on both sides unless they are willing to jump into the fray and assume liability.

Submission + - Google acquires Israeli security startup SlickLogin (geektime.com)

Fnord666 writes: SlickLogin, an Israeli startup and developer of smart identification technology through user smartphones has been acquired by Google for several million (the official transaction amount remains undisclosed). SlickLogin was founded under a year ago by Or Zelig, Eran Galili and Ori Kabeli. The company first unveiled its technology at TechCrunch Disrupt held last September. the company has yet to launch their product nor have they any customers to date.

Submission + - Incredible 3D GIFs Created with a Simple Visual Effect (mymodernmet.com)

Fnord666 writes: Animated gifs seem to be everywhere these days, but some gif creators are taking the visual experience of viewing quick clips of silent motion to another level. By carefully adding a couple of solid-colored (typically white), vertical lines to the moving images, an incredible three-dimensional effect is created. As characters and objects move into the foreground, they seemingly extend beyond the barrier of the image.

Comment Re:GDP (Score 1) 717

Nothing in your post explains WHY it is a government concern that people get some minimum amount of vacation time. You say that the government should mandate some minimum amount of vacation time because otherwise an employer might not offer any. But that begs the question by assuming that it is a government interest that people get some minimum amount of vacation time.

In the US banking sector the FDIC strongly recommends mandatory vacation time of two consecutive weeks or more for active officers and employees as an effective internal control to combat fraud. This recommendation is even included in their Manual of Examination Policies for FDIC audits. If you allow exceptions you need to have compensating controls in place.

Comment Re:Matter of time (Score 1) 149

How hard do you think it is to have ATM's[sic] scan serial numbers on the bills they dispense so the machine/bank/gov't knows who they were given to, and have the bank scan in the deposits so they know who is receiving the bills?

Off the top of my head it would require

  • - Replacing evey dispenser mechanism in every ATM
  • - Replacing evey depository mechanism in every ATM that accepts cash
  • - Updating the communications protocols between the components within the ATM
  • - Updating the SNMP code for the ATM to central to support the new device
  • - Updating the transaction protocol between the ATM and central to support reporting which bills were dispensed or deposited
  • - Updating all of the protocols used by all of the debit networks to pass that information along
  • - A whole new back end system at the card issuing bank to store and report this information

So really just a week or two then.

Slashdot Top Deals

grep me no patterns and I'll tell you no lines.

Working...