Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Without her permission? (Score 1) 367

by Fnord666 (#46592805) Attached to: Minnesota Teen Wins Settlement After School Takes Facebook Password

The summary said she gave them her password. That sounds like permission.

The summary also says that she is now 15, implying that she was younger than that when this happened. At that age she has is a minor and has no legal standing to give them permission, even if she wanted (or was coerced) to. The school district needed to get the parent's permission before taking action and they learned a valuable lesson. The court system worked correctly for once.

Comment Re:This (Score 1) 109

by Fnord666 (#46592699) Attached to: Weev's Attorney Says FBI Is Intercepting His Client's Mail

When someone in the government violates Constitutional Rights in America, two things happen: First, evidence that comes from that violation is inadmissible in court. Second, the person whose rights have been violated can sue the pants off the government.

The US constitution only protects individuals from actions taken by their government or appointees.

It is more complicated because of a massive fraud on the part of the prosecution to pretend that the information is not based on that violation.

Citation needed. What constitutional violations are you referring to here?

It is also more complicated because juries, as a whole, care less about the government having violated your constitutional rights when you are a criminal.

US Juries have no authority to determine whether or not a person's constitutional rights have been violated or not. A judge determines whether any evidence obtained is admissible or not and the jury deliberates based on that decision and the evidence.

It is also more complicated because when they get caught doing something bad enough, cops usually offer a deal where you won't sue and they won't prosecute.

Citation needed please.

Comment Re:Banks are responsible too (Score 1) 87

by Fnord666 (#46589067) Attached to: Target and Trustwave Sued Over Credit Card Breach

The banks ARE making moves here.

All card terminals in the US need to accept chip & PIN by 2015 because the banks will be mandating it.

The banks are not mandating anything. The credit card networks dictate the conditions by which a merchant or a bank can participate in their system.

One issue that hampers the conversion is the replacement of the card accepting terminals. The US has retailers that have more terminals in a single region than most OECD nations. That's a lot of hardware to replace for merchants who have not been held responsible for anything that happens when they don't.

Comment Proposed Modification (Score 1) 301

by Fnord666 (#46575803) Attached to: Researchers Find Problems With Rules of Bitcoin

âoeIf your mining power is more than a third of the system total, this always works,â says Ittay Eyal, who did the research with colleague Emin Gün Sirer. âoeYou may be able to do it with much less,â Eyal adds.

Eyal proposes a modification to the mining protocol that would ensure that only someone controlling at least a quarter of all mining power could profit from selfish mining, and says the Bitcoin community should also make efforts to limit the power of mining operations.

Wait, what? So right now it takes 1/3 of the mining power for selfish mining to work but Eyal is proposing a change that reduces the power needed? I don't get it.

Comment Re:They want to be paid three times! (Score 1) 466

by Fnord666 (#46567923) Attached to: AT&T Exec Calls Netflix "Arrogant" For Expecting Net Neutrality

They are already paid by the end user and by the distributors like Netflix, who pay for their bandwidth usage. What the carriers want is to be paid three times.

Unfortunately stories like this just highlight how little even self-declared tech people know about how the "Internet" works.

Comment 10 Character Key? (Score 1) 70

Where did the submitter get the quote that says this uses a 10 character key for the HMAC?
From the article:

The dongle (Scrambler) uses 4 keys / passwords.
1 - 10 characters long is used to identify clusters (when more than one dongle is used to boost throughput).
2 - this is the actual key for SHA1-HMAC
3 - this is used for initialisation vectors.
4 - encryption key for remote commands ENSCRAMBLE and ENGETID. This key is shared with the client (Wordpress in our case) to provide end-to-end encryption of passwords sent for scrambling.

Here are the details from the article about key lengths, etc.

S-CRIB Scrambler Design Basics We use the same hardware as for our Password S-CRIB and only re-implemented the firmware to add required functionality. The keys / passwords now have 32 characters so they can be directly used with AES-256. Each password can give provide up to 199 bits of entropy as we use 76 different characters. The source of passwords is a combination of a "dongle key" (unique for each Scrambler) and a random SHA1 key generated using microsecond timer applied on communication between Scrambler and the host PC.

Comment Resides in a Raspberry Pi? (Score 1) 70

University of Cambridge's S-CRIB Scrambler resides in a Raspberry Pi...

No it doesn't. The S_CRIB Scrambler is a trusted hardware component implemented as a USB dongle that just happens to be plugged into a Raspberry Pi as a host server.

The current implementation uses Raspberry Pi as an "untrusted" host for web service. It is an inexpensive but sufficiently powerful platform for our password scrambling system.

This could just as easily be plugged into a server or any other PC. My point is that the device has nothing to do with and has no dependency on the Raspberry Pi and to imply otherwise is disingenuous.

Comment Re:hack the planet (Score 1) 66

by Fnord666 (#46454547) Attached to: CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk

By keeping your mouth shut about these holes, you are pretty much guaranteeing that they will remain open for exploitation. People in positions with the authority to make decisions about patching the holes will remain oblivious, because let's face it, very few of said people have a fucking clue.

Security by obscurity does not work. I believe that we can all agree on that. On the other hand, responsible disclosure means talking to the people who can do something about a discovered issue should be the first step. Once the issue has been addressed, then a wider disclosure is reasonable.

Comment Re:Non-story (Score 1) 268

He really did a convincing work on the montage and the voice-over, but NPOV must agree the majority of the video came from the deniers. Now I don't know how far fair use goes, but maybe they really have a case there. How did MST3K handle that?

None of which is any concern of Youtube. They have absolutely nothing to say about fair use or not. They follow the letter of the law as written and preserve their Safe Harbor protections under the DMCA. Youtube's actions are out of their hands on both sides unless they are willing to jump into the fray and assume liability.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close