Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:So? (Score 1) 167

I can use my Galaxy S7 with regular gloves. Home button, other physical buttons, capacitive buttons, touchscreen stuff -- whatever. The sensitivity is software-adjustable.

It works fine. And it has a better IP rating than the new iPhone.

It also has a headphone jack, and what seems like a very sensitive barometer.

Comment Re: Tor and VPN weakness is packet size. (Score 1) 89

We're already insecure, and we know it.

The point is to decrease the signal-to-noise ratio so that finding good, reliable data as to whom is doing what is harder, which is pretty much all that encryption has gotten us so far anyway: It makes it harder.

Anyone who believes that their data is secure in transit on a public network is a lunatic to whom I'd like to sell a bridge. I would also like to take this time to draw into question the sanity of anyone who chooses to think that there's no good reason to make the job of spoofing to be as difficult and drawn-out as possible.

Comment Re:IoT (Score 1) 65

I've still got a 386SLC laptop around somewhere which is destined to be an NTP wallclock.

But meh. Until the "IoT" stops having compatibility issues, it's no good. It needs to be at least as reliable as MIDI and DMX between brands, instead of the cacophony of not-standards that manufacturers present today.

Do I want a house full of connected lightbulbs? Yes -- yes, I do! Not so much so that they can light up only the rooms that I am in (dumb LEDs are already crazy-efficient-enough that turning off lights barely matters), but so I can make them red to keep my eyes from adjusting when working on the car outside at night, and modify the color temperature during the day.

Do I want them to all be forcibly of the same brand? Absolutely not.

Comment Re: Tor and VPN weakness is packet size. (Score 1) 89

I'm imagining a typical VPN host (eg airvpn). I'm assuming that an attacker is able to monitor both my encrypted and unencrypted traffic, or at least the metadata therein (which isn't particularly unlikely), at the point where the OpenVPN server connects to the Internet. There's a lot going on with one of these systems.

Suppose I'm sending a bunch of stuff to Wikileaks over this connection using HTTP[S], and it's a pretty steady stream of ~1500 byte TCP packets coming in and going out. Easy enough to correlate who is doing this, even though it's a very busy system.

Now suppose instead that some packets are 234 bytes, some are 1293 bytes, and some are 1023 bytes [...], selected randomly, as encrypted on the VPN. Let us further assume that we're willing to allow some overhead for additional padding, so we'll randomly add between 0 and 500 bytes of random to each of these packets, with random weighting over random time intervals to favor more or less padding.

Now, neither the packet sizes coming in over VPN nor the total transfer-over-time directly correlate any longer with the stuff going unencrypted out of the VPN box.

Efficiency took a dive, to be sure, but it's survivable.

It can still presumptively be figured out, but your "leaky bucket" approach does take care of that neatly enough (even though I don't think that's the correct use of that term), and can be accomplished by also using the encrypted tunnel for other forms of communication at the same time (everyone seeds Linux ISOs, right?) for those who are particularly paranoid -- or who simply do multiple things at one time with a tunnel, perhaps by serving multiple users.

Or, you know, random isolated noise packets sent to the VPN server to be discarded, but that seems dumb (unless it isn't: A lot can be hidden in an unending and constant stream of noise, and this would also mitigate timing-based attacks.)

As I see it, we've made the two streams very difficult or impossible to correlate by comparison of packet sizes at this point. Efficiency is nowhere what it used to be, but anonymity has improved markedly....*especially* if everyone else is doing it, too.

And, AFAICT, we haven't even broken TCP for the unencrypted half of the conversation (yet).

(I used a VPN in this example, but this could be re-written with TOR and an exit node, or just TOR in and of itself in mind just as well.)

Comment Re:"Audiophiles" (Score 1) 99

Ah, boy. It never ends, here.

There is something to be said for directional cables, though they're not common: In some situations, using a shielded twisted pair between RCA jacks with the shield grounded at only one end can improve noise immunity.

Never had noise on an audio system? Well, good. If you had, you'd be looking for solutions.

That said, I've got a $8k CD player plugged into a $4k receiver in my living room. Does this mean that I listen to the equipment instead of the music? Naaah, it just means that I got some good deals on some expensive gear and that I couldn't be bothered with selling it (even though, financially, it would make perfect sense to do so).

Comment Tor and VPN weakness is packet size. (Score 2) 89

Maybe for TOR, and certainly for VPN (as-implemented), is a specific vulnerability for packet sizes.

If sends packets of 9098, 3039, and 3030 bytes, and I receive similar packets of the same size (plus or minus VPN headers), then I am already identifiable.

Is this different for Tor?

Slashdot Top Deals

If bankers can count, how come they have eight windows and only four tellers?