bowlinearl - Slashdot User

Comment Re:Just use secure DNS for Certificates (Score 1) 97

by bowlinearl on Sunday July 05, 2020 @11:26AM (#60263682) Attached to: Ask Slashdot: Could We Not Use DNS For a Certificate Revocation Mechanism?

True, to really make revocation distribution work via DNS you also need DNSSEC, but unfortunately DNSSEC deployment is not widespread and registrars discourage adoption (FULL DISCLOSURE I'm on author on these).

Comment CRLite (Score 5, Informative) 97

by bowlinearl on Sunday July 05, 2020 @11:23AM (#60263672) Attached to: Ask Slashdot: Could We Not Use DNS For a Certificate Revocation Mechanism?

The idea of using DNS to distribute revocations has been explored in the academic literature (no, I'm not an author on this paper). The idea of distributing revocations through DNS is related to the idea of distributing TLS key material through DNS, which is the goal of DANE.

CRLite is a system that preemptively pushes all revocation information to TLS clients such as browsers (FULL DISCLOSURE, I'm on author on this). CRLite works because all valid TLS certificates are publicly known in the Certificate Transparency logs, which means all revocations can be crawled. CRLite crawls them, packages the information in a highly compressed data structure, and then pushes that to clients. Mozilla has announced that they are adopting CRLite in Firefox (see here, here, and here). CRLite is a better solution than CRLs and OCSP, at least until (1) we settle on a world where all certificates are extremely short-lived, say 1 week, or (2) OCSP Must-Staple is widely deployed by certificate owners and supported by TLS clients (but don't hold your breath, we're not there yet, FULL DISCLOSURE I'm an author on this too).

Comment Re:Wait, wait, let me get this right (Score 1) 270

by bowlinearl on Tuesday March 27, 2012 @05:06PM (#39489803) Attached to: Why Gay Men Are Worth So Much To Facebook

Paul Francis is quoted because he's studied this exact phenomena. The relevant paper is here: Challenges in Measuring Online Advertising Systems Internet Measurement Conference 2011 Saikat Guha (Microsoft Research) Bin Cheng (MPI-SWS) Paul Francis (MPI-SWS) http://conferences.sigcomm.org/imc/2010/papers/p81.pdf Part of the paper focuses on how Facebook ads are targeted. Experiment 8, page 5, looks at the impact of sexual preference on ads. The result is that gay men on Facebook are targeted with ads that 1) target them exclusively, and 2) don't mention that they are gay related. The example given is an ad for nursing school. The problem is even if a person isn't publicly revealing their sexual preference, an advertiser can infer user's preference based on clicks. The user has no idea that they are implicitly disclosing the information, because they have no idea they are being targeted by a very narrow segment of ads. I would agree though, if you're really, really worried about your sexual preference leaking, then Facebook isn't a wise organization to entrust the information to...

Comment Re:Interesting, explains the trolls on Facebook I (Score 1) 2

by bowlinearl on Monday December 12, 2011 @08:24PM (#38350186) Attached to: Million Dollar Crowdturfing Industry Dupes Social

You are very right: Facebook (and Twitter, etc) are already being targeted by this. We're currently trying to quantify the scope of the problem on Facebook.

Stopping crowdturfing is an extremely hard problem. Traditional anti-spam techniques all assume a certain amount of automation on the part of attackers. Mass e-mail spam can be detected by using statistical methods and machine-learning to assess content similarity and look for templates. CAPTCHAs and other Turing tests can hinder bots from logging into social networks, and thus quash the flow of spam. However, when spam is generated by humans, these assumptions are totally shot. Turing tests don't work, each piece of spam content can be tailored to be unique, etc.

Legislation will probably need to be part of the solution, but it won't be 100% effective. Currently, crowdturfing sites operate in the open. Criminalizing them will push them underground, which will hopefully reduce their attractiveness to workers (and thus reduce the amount of spam that is generated). The ban would need to be global though (good luck with that...), otherwise crowdturfing operations can just move offshore.

Submission + - Million Dollar Crowdturfing Industry Dupes Social (technologyreview.com) 2

Submitted by

bowlinearl

on Monday December 12, 2011 @03:32PM

bowlinearl writes: "Three weeks ago Slashdot featured a story on the Chinese Water Army. A new study from researchers at UCSB delves even deeper into the problem of crowdturfing (full disclosure: I am one of the authors of the study). The study reveals that evil crowd sourcing services in China are a multi-million dollar industry, and that the number of jobs and the amount of money are growing exponentially. Hundreds of thousands of workers are involved, including a small contingent of career crowdturfers who each manage hundreds of accounts on social networks. The researchers observed the behavior of workers and the unwitting users who click on the generated spam by infiltrating the two largest crowdsourcing sites in China. However, crowdturfing isn't confined to China: the researchers discovered crowdsourcing sites in the U.S. that are 95% astroturf, as opposed to Amazon's Mechanical Turk which actively polices itself, and is only 12% astroturf."

Augmenting Reality With Your Mobile Phone 111

Posted by CmdrTaco on Thursday August 27, 2009 @12:02PM from the evolve-no-neck dept.

blackbearnh writes "With the release of the 3.1 iPhone OS, application developers will finally be able to develop augmented reality (AR) apps. In other words, Terminator Vision is right around the corner. O'Reilly Media recently talked to Chetan Damani, one of the founders of Acrossair, about how they developed their new AR application, Nearest Tube, which displays the closest London Tube stations over a live video overlay on an iPhone 3GS. According to Damani, developing AR applications on the 3GS is dead easy, and the real trick will be developing good augmented reality apps. 'It's all about who's going to have the most amount of data and the most valid data. So there's the obvious types of apps which you're going to launch and those are the find me my nearest bar, find me my nearest event, find me the nearest tube stop, find me the nearest ATM. And those sorts of apps are all going to be around. But they're only going to be useful for when you're trying to look for things. So if we want to get users to use augmented reality a little bit more, we have to start introducing other bits of functionality, things like show me the offers available in a particular high street. Show me when I'm walking down a high street if there's a table available at a particular restaurant. And it's that sort of interactivity and providing that real-time data in this augmented reality view which is going to start getting people to use it a lot more rather than just for show me where the nearest area is.'"

In Response To Restraining Order, Real Networks Pulls RealDVD 193

Posted by timothy on Tuesday October 07, 2008 @10:22AM from the corporate-masochism dept.

eldavojohn writes "RealNetworks' product that allows one to copy a DVD containing a movie has been pulled. You may recall us discussing RealDVD and its legal implications." According to the linked BBC report, "RealNetworks — the firm behind the software — has responded to restraining order issued by a US court stopped selling the RealDVD software [sic]. Six major movie studios jointly sued the company on 30 September — the day the software was launched."

Software Backs Up Human Memory 172

Posted by timothy on Friday August 01, 2008 @01:53AM from the where'd-I-put-my-pda dept.

CWmike writes "Ever try to remember who you bumped into at the store a few days back? Well, you're not alone. And IBM researchers are working on software that just may help you better recollect all the forgotten pieces of your life. This week, the company unveiled Pensieve, software that stores images, sounds, and text on everyday mobile devices, then allows the user extract them later on, to help them recall names, faces, conversations and events. IBM's project is akin to one that Gordon Bell and other scientists at Microsoft Research have been working on for the past nine years."

The Doctor Will See Your Credit Score Now 464

Posted by ScuttleMonkey on Saturday January 19, 2008 @01:30AM from the what's-up-doc dept.

mytrip writes to mention that the same people who invented credit scores are working to create a similar system for hospitals and other health care providers. "The project, dubbed "MedFICO" in some early press reports, will aid hospitals in assessing a patient's ability to pay their medical bills. But privacy advocates are worried that the notorious errors that have caused frequent criticism of the credit system will also cause trouble with any attempt to create a health-related risk score. They also fear that a low score might impact the quality of the health care that patients receive."

The 5 Coolest Hacks of '07 145

Posted by samzenpus on Wednesday January 02, 2008 @08:47PM from the still-no-pencil-hack dept.

ancientribe writes "Nothing was sacred to hackers in '07 — not cars, not truckers, and not even the stock exchange. Dark Reading reviews five hacks that went after everyday things we take for granted even more than our PC's — our car navigation system, a trucker's freight, WiFi connections, iPhone, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions."

Joel and Original Cast of MST3K Riding the Cinematic Titanic 185

Posted by CmdrTaco on Wednesday October 31, 2007 @11:18AM from the dear-god-please-no-mike dept.

AugstWest writes "Unfortunately it's in separate projects, but just after Jim Mallon (the man who owns all things MST3K) announced that he would be bringing back Tom Servo, Crow and Gypsy in animated Flash shorts on the web along with Paul Chaplin (a writer from the original MST3K), Joel Hodgson, the series creator, has announced that he will be launching a new venture called Cinematic Titanic. It will feature horrible movies riffed by the original cast of MST3K, including Josh Weinstein (the original Tom Servo), Trace Beaulieu (the original Crow), Frank Conniff (TV's Frank), Mary Jo Pehl (Pearl Forrester) and, of course, Joel himself. They've already got the rights to 12 movies, and will be releasing one a month starting in December for DVD purchase or download."

Do We Really Need a Security Industry? 297

Posted by CmdrTaco on Thursday May 03, 2007 @04:11PM from the only-if-software-had-no-bugs dept.

netbuzz noted that Bruce Schneir's latest column discusses the security industry where he points out that "The primary reason the IT security industry exists is because IT products and services aren't naturally secure. If computers were already secure against viruses, there wouldn't be any need for antivirus products. If bad network traffic couldn't be used to attack computers, no one would bother buying a firewall. If there were no more buffer overflows, no one would have to buy products to protect against their effects. If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure."

Censoring a Number 1046

Posted by kdawson on Tuesday May 01, 2007 @03:44PM from the you-can't-copyright-that dept.

Rudd-O writes "Months after successful discovery of the HD-DVD processing key, an unprecedented campaign of censorship, in the form of DMCA takedown notices by the MPAA, has hit the Net. For example Spooky Action at a Distance was killed. More disturbingly, my story got Dugg twice, with the second wave hitting 15,500 votes, and today I found out it had simply disappeared from Digg. How long until the long arm of the MPAA gets to my own site (run in Ecuador) and the rest of them holding the processing key? How long will we let rampant censorship go on, in the name of economic interest?" How long before the magic 16-hex-pairs number shows up in a comment here?

Alternatives To SF.net's CompileFarm? 186

Posted by kdawson on Sunday March 11, 2007 @03:07AM from the in-search-of-iron dept.

cronie writes "Not long ago, SourceForge.net announced the shutdown of the Compile Farm — a collection of computers running a wide variety of OSes, available for compiling and testing open source projects. SF.net stated their resources 'are best used at this time in improving other parts' of the service. I consider this sad news for the OSS community, because portability is one of the strengths of OSS, and not many of us have access to such a variety of platforms to compile and test our software on. As a consequence, I expect many projects dropping support for some of the platforms they can't get access to. Are there any sound alternatives with at least some popular OS/hardware combinations? Any plans to create one? (Perhaps Google or IBM might come up with something?)"

Submission + - Another Hit on AACS: Device Key Found

Submitted by henrypijames on Saturday February 24, 2007 @06:09PM

henrypijames writes: The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to located the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now.

Slashdot Top Deals