Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Encryption

Submission + - Ask Slashdot: Is TSA's PreCheck System Easy to Game? (wordpress.com)

OverTheGeicoE writes: TSA has had a preferred traveler program, PreCheck, for a while now. Frequent fliers and other individuals with prior approval from DHS can avoid some minor annoyances of airport security, like removing shoes and light jackets, but not all of the time. TSA likes to be random and unpredictable, so PreCheck participants don't always get the full benefits of PreCheck. Apparently the decision about PreCheck is made when the boarding pass is printed, and a traveler's PreCheck authorization is encoded, unencrypted, on the boarding pass barcode. In theory, one could use a barcode-reading Web site (like this one, perhaps) to translate a barcode into text to determine your screening level before a flight. One might even be able to modify the boarding pass using PhotoShop or the GIMP to, for example, get the screening level of your choice. I haven't been able to verify this information, but I bet Slashdot can. Is TSA's PreCheck system really that easy to game? If you have an old boarding pass lying around, can you read the barcode and verify that the information in TFA is correct?
Chrome

Submission + - Google Prepares Fix to Stop BEAST SSL/TLS Attacks (theregister.co.uk)

OverTheGeicoE writes: It was reported yesterday that researchers had found a way to break the most commonly used SSL/TLS encryption in browsers. According to the Register, Google is pushing out a patch to fix the problem. The patch doesn't involve adding support for TLS 1.1 or 1.2. FTFA: "The change introduced into Chrome would counteract these attacks by splitting a message into fragments to reduce the attacker's control over the plaintext about to be encrypted. By adding unexpected randomness to the process, the new behavior in Chrome is intended to throw BEAST off the scent of the decryption process by feeding it confusing information." The fix is supposedly in the latest developer version of Chrome.
Encryption

Submission + - Feds' radios have significant security flaws (wsj.com) 1

OverTheGeicoE writes: The Wall Street Journal has a story describing how the portable radios used by many federal law enforcement agents have major security flaws that allow for easy eavesdropping and jamming. Details are in a new study being released today. The authors of the study were able to intercept hundreds of hours of sensitive traffic inadvertently sent without encryption over the past two years. They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not.

Slashdot Top Deals

All extremists should be taken out and shot.

Working...