Become a fan of Slashdot on Facebook


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:requires physical access to USB port (Score 1) 157

That is a "fix" only if vendors maintain perfect security of their keys. The better solution would be to prevent any modification without a convoluted physical attack on the device innards... using ROMs for instance.

Also, knowing that endpoint security cannot realistically have multiple TCBs acting in parallel (hence, a large attack surface), the best design decision is to make critical peripherals (like keyboards and displays) as dumb as possible.

The complex bits should either be in the CPU or tightly bound to it. Otherwise, if you need to add complexity from other vendors and/or use flimsy security, then such peripherals can be contained in unprivileged contexts.

Comment Re:Mod down (Score 1) 182

Actually, turning something like privacy into a sale-able commodity is known as extortion.

Your assertions are all bogus, BTW. It does affect security for the advertising industry (a major spreader of malware) to have spying ability into basic communication infrastructure. If the ISPs themselves become arms of the ad industry, they become untrustworthy by definition.

Comment Re:WTF is Qubes? (Score 3, Informative) 73

You can think of Qubes as a desktop OS that demotes monolithic kernels (hopelessly insecure) to the role of providing features/drivers within unprivileged VMs. This is similar to the microkernel philosophy, but also recognizes that monolithic kernels are still where all the drivers and apps are to be found.

Qubes also employs IOMMU hardware to contain network and USB controllers within unprivileged VMs to protect against DMA attacks. The admin VM that runs the desktop environment has no direct access to networking, and the user can assign other PCI devices to VMs as they see fit.

The last piece of the Qubes picture is that it departs from how most hypervisors handle graphics, keyboards and inter-VM copying. Each is properly virtualized using a very simple protocol that is highly resistant to attack, so that VMs cannot sniff your clipboard contents or keystrokes, or take screenshots, etc. Copying between Qubes VMs is also probably much safer than copying between air-gapped machines using discs or flash drives because the former is far simpler.

The Qubes Security Bulletin for this Xen vulnerability can be viewed here.

Most Xen vulns either do not apply to Qubes or are DOS, and the Qubes project is skeptical that this one can be realistically used against Qubes. Still, the bulletin also describes how this vuln belongs to a class of memory management bugs that the Xen project has not done a good job in rectifying. This appears to be Xen's "weak spot" that could be a perennial source of vulns. As a result, Qubes will be moving away from PVMs (which use the questionable memory mapping code) to HVMs which employ on-silicon SLAT for VMs.

Comment Re:Why? (Score 1) 70

Remember all the promises Yahoo made about protecting user data from spying? Well you can forget it now-- Verizon is one of the biggest spying corps on the planet and they will get access to everyone's Yahoo email.

Comment Re:They're leving... (Score 1) 621

Both rising *and* falling prices are bad, einstein. Especially if its rapid and involves housing. It makes either buyers or lenders drop out and the pain deters them from getting back in. Or the lenders declare an emergency and hold an economic gun to everyone's head unless the government prints up a nice big bailout for their cozy little class, screwing everyone else and undermining everything from the work ethic to the currency.

More stability would improve things, but the political class has disappeared up the anus of high finance and "US interests abroad". The only thing that will change is immigration. The UK will now be able to pursue further destabilization in other countries alongside the US--but with less human-fallout in the form of refugees. Whether that is "good" for the UK working class is unknown.

Comment Re:As it's been said... (Score 0) 621

Their gov't seem intent on giving democracy a bad name. First the single-vote referendum requiring only simple majority, and now this move to cage the country into that fateful vote.

I don't blame the EU for wanting to be rid of them quickly. Bad faith and arrogance are toxic to everyone involved.

Slashdot Top Deals

% "Every morning, I get up and look through the 'Forbes' list of the richest people in America. If I'm not there, I go to work" -- Robert Orben