Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Wonder if this applies to TMobile (Score 1) 65

All IP traffic is still brought across the network back to your home carrier (Usually in a VPN funnily enough). Local Break Out, or "LBO" is there in 3G/4G land, and while supported in software the mobile network as it was written when the EU wanted to get rid of the roaming charges nobody has ever picked it up. As the business model of a break out gateway (Also requiring a new APN) was limited to before roaming charges were scrapped, nobody bothered setting up a provider for it.

So in your instance as a US customer, yes, your traffic will go back across the carrier's network, either over a VPN as it's cheaper, or over a dedicated line if they've enough traffic back to your home network.

Comment Re:Great! (Score 1) 162

If you could use a government issued ID to sign into Facebook or Google, and identify yourself for email etc, would you use it?

I just think of my parents, their getting SMS two factor codes from Google, Apple, their bank, and SMS is by no means secure.

If I could also use that to auth SSH etc, then yes, absolutely I'd use it, I'd suggest that MS would even get on board for smart card auth for Windows (Making certain default choices to allow for sign in using that tech).

Comment Re:Great! (Score 1) 162

Actually, most EU countries have identity cards, these cards are used for everything from your drivers license to international travel (Within the Union) they've all got certs on them, and they're provided by the government. Most people carry them to buy alcohol / enter clubs (Proof of age) or as a proof of ID when buying mobile phones or other high value items to reduce fraud. So in countries like Belgium and the Netherlands where I'd suggest high 90s in regards to % of people carrying them, I wouldn't call that "Didn't see any uptake"

The CAC is used for everything from computer access to opening doors, so, as an identification card to prove who someone is, I can completely understand from a security perspective why it would be a compulsory for someone to carry it when wandering around a military complex. I wouldn't call that dire, I'd call that common sense.

If there was more usage of these by private corporations, then I think their uptake would hit 100% as there's a day to day requirement to have them. It's just never been financially worthwhile to use someone else's technology when fraud is so low, the banks would rather pay for it, so that they controlled it, as it's their risk. The US is finally ditching mag stripe for Chip and Pin because they can push the fraud back on the consumer as it's now a much more secure device as fraud was becoming that much of a problem.

Most companies push out other things like the Vasco DigiPass products and other devices that the users interact with and enter codes through their keyboard as a second factor as NFC readers and USB ports aren't guaranteed to be available. That's where the problem comes in, in regards to the security / usability argument, the problem is usability.

Now, if the government actually made their certs more accessible and easier to integrate with, and acquiring a card / cert came with as much security as acquiring a drivers license / passport; banks and other web sites *would* start using them as identification devices for users, the problem here again is usability. At that point, white listing device IDs and USB ports / NFC chips in keyboards (More likely as no contact wear) would become a norm.

The process for replacement and what happens when you lose it though is just another thing that's not been tackled. This was part of the whole process thing that had to be tackled by the DOD, it was the process side, and getting people *used* to using the devices which was the problem, not the technical PKI implementation.

Comment Re:Great! (Score 1) 162

How do you get around what Yubikey put as:

"Given these developments, we, as a product company, have taken a clear stand against implementations based on off-the-shelf components and further believe that something like a commercial-grade AVR or ARM controller is unfit to be used in a security product. In most cases, these controllers are easy to attack, from breaking in via a debug/JTAG/TAP port to probing memory contents. Various forms of fault injection and side-channel analysis are possible, sometimes allowing for a complete key recovery in a shockingly short period of time."


Comment Re:Yubikeys (Score 1) 162

SecureCRT also supports PKI based SSH authentication, it's without fail the best terminal emulator around. (Win / Mac / Linux)

I really do feel odd posting this to Slashdot (I feel like I'm going to get crucified for a slashvertisement), but I've used their stuff for years and they're worth a mention.

Comment Re:Great! (Score 1) 162

The fact that they're available at this price point, which puts them in the hands of pretty much anyone who owns a computer is pretty spectacular. PKI environments and their implementations were hard even for the DOD.

While I get the sarcasm, never has so many public sites accepted second factor so quickly and publicly.

Honestly though, I always assumed this would be handled by the government at some point, they issue passports and other identity cards, why not PKI certs?

Comment Re:Missing in summary... (Score 1) 160

If a customer bought a pre-release game that can't be viewed beforehand, the consumer would be protected under the trade practices act, also, the manufacturer isn't the one who has the obligation here, it's the retailer, or seller to the end user.

If a person has a faulty Sony Hi-Fi, they take it back to where they bought it, not back to Sony in Japan.

Comment Re:So, lattitude? (Score 1) 89

This is part of the decomm process of Google+ I think, yes, it looks like they're spinning locations out of G+

They've made no secret about G+ being a failure, but there are a lot of communities that do use G+, a lot exclusively, so it's going to be interesting where they go and how they'll hold up.

Slashdot Top Deals

/* Halley */ (Halley's comment.)