Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re: Competition (Score 1) 52

Actually, opening up the PSP could mean that someone like Apple take it on. Large companies use the PSP and TPM modules as verification chains and cert sources for remote access.

If the PSP is open sourced, someone the size of Google might put pressure on someone like Apple to change to AMD. That would be a big change in the landscape.

At the very least we might get a model of laptop to compete with Apple (XPS 15 variant perhaps?) out of Dell with this built in.

That'd be a good start for us, and look, Intel might have to open their ME up a bit on security as well to compete. Either way, ultimately, we all win if AMD do go down this path.

Comment Re:But this isn't sexism. (Score 1) 917

They bought jackets for all the male staff, but didn't for the females.

That's blatent discimination and sexism from a company. Who gives a fuck what it costs? Buy them the fucking jackets, they earnt them as much as the boys.

And in regards to a hot pink keyboard spangled with glittery flowers, yes, and the boys can have them too if it makes the employee's work place a nicer place to come to. An employee who considers themselves valued is going to work harder, longer and be worth more to you than whatever you think it might cost for a keyboard.

Comment Re:Ways around this (Score 1) 514

Get your head out of your arse.

A lot of people are fine once they get through the borders, we just feel that violated when going through your security procedures we'd rather go somewhere else and have some dignity left at the end of our journeys. Getting fingerprinted, having to answer questions about how much I earnt and my sexuality doesn't exactly enamour me, and I'm sure others, to visiting your country.

Comment You need to look out for Nathan-K and Bensen Leung (Score 2) 152

This Gizmodo article has for a title "USB-C Power Meter Helps You Spot Counterfeit Accessories Before They Fry Your Gadgets"

but..... FTA

  "What the monitor canâ(TM)t do, however, is protect a device if thereâ(TM)s a detected problem in the power flow. Itâ(TM)s not a surge protector, nor does it have any built-in alarms or warnings because it has no idea what the power requirements are for whatever device youâ(TM)re using it with."

So, really, it does nothing, and by the time you see 40V hitting your phone when it's expecting 12, I think it's going to be too little too late before the magic smoke escapes, and really, who knows what the charging spec on their devices is, really?

The amount of cables that Nathan-K and Bensen Leung test that don't match the spec, don't work to spec, do work to spec with exceptions, melt or any of the above combination is nuts.

Nathan-K has a page up on G+ with more details:

They've a spreadsheet of tested cables:

Personally, my favourite comment regarding USB-C comes from the register:

"it's a design error

An electrical specification which allows multiple, software-controlled supply voltages, but does not require connected devices to tolerate the highest available voltage.

What could possibly go wrong?"

Comment Re:Wonder if this applies to TMobile (Score 1) 68

All IP traffic is still brought across the network back to your home carrier (Usually in a VPN funnily enough). Local Break Out, or "LBO" is there in 3G/4G land, and while supported in software the mobile network as it was written when the EU wanted to get rid of the roaming charges nobody has ever picked it up. As the business model of a break out gateway (Also requiring a new APN) was limited to before roaming charges were scrapped, nobody bothered setting up a provider for it.

So in your instance as a US customer, yes, your traffic will go back across the carrier's network, either over a VPN as it's cheaper, or over a dedicated line if they've enough traffic back to your home network.

Comment Re:Great! (Score 1) 162

If you could use a government issued ID to sign into Facebook or Google, and identify yourself for email etc, would you use it?

I just think of my parents, their getting SMS two factor codes from Google, Apple, their bank, and SMS is by no means secure.

If I could also use that to auth SSH etc, then yes, absolutely I'd use it, I'd suggest that MS would even get on board for smart card auth for Windows (Making certain default choices to allow for sign in using that tech).

Comment Re:Great! (Score 1) 162

Actually, most EU countries have identity cards, these cards are used for everything from your drivers license to international travel (Within the Union) they've all got certs on them, and they're provided by the government. Most people carry them to buy alcohol / enter clubs (Proof of age) or as a proof of ID when buying mobile phones or other high value items to reduce fraud. So in countries like Belgium and the Netherlands where I'd suggest high 90s in regards to % of people carrying them, I wouldn't call that "Didn't see any uptake"

The CAC is used for everything from computer access to opening doors, so, as an identification card to prove who someone is, I can completely understand from a security perspective why it would be a compulsory for someone to carry it when wandering around a military complex. I wouldn't call that dire, I'd call that common sense.

If there was more usage of these by private corporations, then I think their uptake would hit 100% as there's a day to day requirement to have them. It's just never been financially worthwhile to use someone else's technology when fraud is so low, the banks would rather pay for it, so that they controlled it, as it's their risk. The US is finally ditching mag stripe for Chip and Pin because they can push the fraud back on the consumer as it's now a much more secure device as fraud was becoming that much of a problem.

Most companies push out other things like the Vasco DigiPass products and other devices that the users interact with and enter codes through their keyboard as a second factor as NFC readers and USB ports aren't guaranteed to be available. That's where the problem comes in, in regards to the security / usability argument, the problem is usability.

Now, if the government actually made their certs more accessible and easier to integrate with, and acquiring a card / cert came with as much security as acquiring a drivers license / passport; banks and other web sites *would* start using them as identification devices for users, the problem here again is usability. At that point, white listing device IDs and USB ports / NFC chips in keyboards (More likely as no contact wear) would become a norm.

The process for replacement and what happens when you lose it though is just another thing that's not been tackled. This was part of the whole process thing that had to be tackled by the DOD, it was the process side, and getting people *used* to using the devices which was the problem, not the technical PKI implementation.

Comment Re:Great! (Score 1) 162

How do you get around what Yubikey put as:

"Given these developments, we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product. In most cases, these controllers are easy to attack, from breaking in via a debug/JTAG/TAP port to probing memory contents. Various forms of fault injection and side-channel analysis are possible, sometimes allowing for a complete key recovery in a shockingly short period of time."


Slashdot Top Deals

A large number of installed systems work by fiat. That is, they work by being declared to work. -- Anatol Holt