Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Encryption (Score 1) 127

You don't physically enter the key, you physically enter credentials that activate the HSM. Even if you have the ability to activate the HSM, getting the key out is (near) impossible. It is limited to doing decryptions with whatever restrictions are on the data (for example, you could require that user password be entered to access user data if the system stores data accessed by user accounts.)

Also, even if you do have to use a network based device, it means that they have to either a) steal the networked device (which could have further security than the entire server room has and could even be remote) or b) have to fake the device into providing the key. Even if they could steal the device that did the remote authorization of the HSM on boot, if that device required authorization to perform the remote authorization then it would be useless. It wouldn't be that hard or inconvenient to require an administrator to authorize a server restart.

Comment Re:Encryption (Score 1) 127

You are mistaken. Security is not something you know, have or are. That's authentication. HSM has nothing to do with authentication. It is key management and secure storage. Your understanding of how an HSM is used is also mistaken. The idea with an HSM is that it does all encryption and decryption operations without ever releasing the key and takes care of requiring proper authorization before performing decryption operations.

When initially configuring an HSM, a key should be created and backed up in a secure manner. The key should be encrypted by one or more additional keys and these keys and final version of the encrypted key should be sent to multiple different secure sites (one key per site). Some redundancy should also be done in case one of the sites is destroyed and each site should only have one key so that all the pieces must be compromised for the key to be compromised.

The final, unencrypted key is loaded in to the HSM. While the server is running, the HSM is authorized from the boot to perform decryption operations. This can be done via a network boot or by direct action when the server boots (the later is more secure but more of a pain). Thus, a running server has access to the HSM and can operate on the data. However, if the server is stolen, the ability the credentials must be entered to unlock the HSM and access the data (credentials which are unavailable) thus the only option is to try and break in to the HSM. Since the hardware is tamper resistant, any mistake will result in the keys being cleared and the encrypted data is protected unless it can be brute forced (effectively impossible as far as we know). If the server is recovered, the backup keys are accessed, the original key is decrypted and reloaded on the HSM and all is back to normal.

Comment Re:Encryption (Score 2) 127

While you are correct about the impact of anything currently running on the server, you are dead wrong about physical theft. An HSM should be hardened against picking the key out of it and should actually destroy the key if tampering is detected. Encryption on the server is still of limited benefit since the data key could probably be abused in most remote exploits on a running system, but for powered down security, such as physical breach, it is very significant, even if the chances of someone breaking in and stealing a server are generally much lower than a remote intrusion (though not as much as you might think since many attacks are internal).

Comment Re:No Shit (Score 1) 442

Right, I'm just saying there is no moral grounds for him being some hero now. When it was exposing illegal surveillance outside the government's jurisdiction, there was perhaps a moral argument that he was doing the right thing, particularly since it could be difficult to make an argument that it truly hurt national security (since anyone that had a working brain would have already been suspect that such things were possible).

While I'm sure that there are countries that are thrilled at what he did revealing spying on US ally governments, it's normal and valid espionage activity, so any moral grounds go out the window. There is no moral imperative to turn traitor on your country (whatever country that may be) and leak information that your country trusted you with that has a damaging impact on them when they were doing nothing wrong.

Comment Re:No Shit (Score 1) 442

He was a US citizen with a US security clearance leaking details of activities that are both valid national security activities and common (and legitimate) practice for all governments. This leak is a direct compromise of national security and doesn't have any moral grounds as a leak to expose wrong doing as there is no wrong doing being exposed.

Comment Re:No Shit (Score 1) 442

Espionage is not an act of war, nor has it ever been. In fact, the penalties for spying in most countries differ specifically based on whether there is a war on or not. It's how countries make sure other countries are being honest with them, whether friend or enemy. It's also some of the most important information for getting at what countries actually want since the political sphere is all bullshit and positioning rather than actually getting things done.

Comment Re:No Shit (Score 1) 442

I'm not sure how that is supposed to relate to my comment, but I don't disagree with you. Russia has absolutely no legal reason to hand over Snowden, though political reasons could still result in him being sent back. I don't think we have any right to blame Russia if they don't send him back though, but politicians have to act angry about it, just like European politicians have to act angry about us spying on them even though everyone knows that spying on allies is what makes allies work. How do you know you can trust another government if you don't know that they are telling you the truth by knowing things they don't know you know?

Comment Re: Surpassing Vista (Score 2) 285

Android isn't a desktop OS, nor is it intended to be. It is designed specifically for high levels of process isolation and low power consumption. These are the opposite of what you want on a desktop where you are looking for power and interoperability. Windows 8 is a huge misstep driven by trying to compete with the vertically integrated dominance than is making Apple so much money. Metro is simply a move to push Windows Market on the world that is failing. If it wasn't for Metro, Windows 8 is actually a very nice step up from Windows 7. If MS realises that Metro isn't the way to get the vertical integration they are looking for, there is still lots of hope for them. They do need to see the error of their ways though.

Comment Re: Surpassing Vista (Score 3, Insightful) 285

That's testing rather than writing code and a Surface Pro isn't really a tablet, it's a laptop pretending to be a tablet. It has an actual full fledged OS on it and runs x86. You could also accomplish the same with a touch screen monitor on a much more powerful desktop that would build faster and give more area to work on your code in. Don't get me wrong, not saying tablets don't have their uses, but they are substandard for many, many activities.

Comment Re:No Shit (Score 4, Insightful) 442

It's only illegal if it is against the law... You do realize that espionage is ALWAYS illegal in the country being spied on right? That doesn't make it illegal in the country doing the spying. It makes it a valid portion of the government's job. Spying has been a part of international relations since, well, when did people first make countries again? It isn't illegal and it isn't going to change any time soon. It's certainly not good for relations when it gets exposed, but everyone really is doing it. If you think that this is A) news or B) a valid leak that has any possible purpose than to hurt the US, then you are sadly ignorant of the realities of the intelligence community for the last forever.

Comment Re:not having read TFA (Score 1) 155

While I'm not sure it is relevant to the article, I do agree with you that private registrations are bothersome though I know I personally don't ever completely trust a site with a private registration. I intentionally leave WHOIS open for the world to see on my sites, but then again, you can actually find my details on the About pages of most of them without even having to go to WHOIS. Anonymity on the web is more or less a myth anyway. A determined attacker can figure out who you are unless you take lots of special precautions, so why not make your info available to those who might actually have legit uses for it too.

Comment Re:Thank Edward Snowden (Score 4, Interesting) 216

This has nothing to do with Snowden. This has everything to do with backlash against the US for blocking use of backdoored Chinese hardware in our networks. Since we blocked them from selling to us, they are trying to match the move by blocking us from selling networking gear to them, regardless of if there is a back door or not. It's Tit for Tat, nothing more.

Slashdot Top Deals

"Life is a garment we continuously alter, but which never seems to fit." -- David McCord