Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Opera Mini's deceptive security (Score 2) 85

I loaded Opera Mini on a Jellybean device, and tested it against the best-known SSL/TLS Scanner.

Initial tests passed with flying colors, and indicated that I was using the "Presto" rendering engine, which routes traffic through Opera's server farm for compression.

However, after I reduced the "data savings" parameter in settings from "extreme" to "high," Opera Mini then FAILS with flying colors, because it's using the Jellybean Webkit directly (that lacks TLS1.2, bundles bad ciphers, etc.).

This is deceptive. Don't install this product.

Comment previously-shared keys (Score 1) 282

If I sent you my RSA public.key file several months ago, then you could use it to do this:


#build a session key
openssl rand -base64 48 -out /tmp/skey

#encrypt the session key with RSA
openssl rsautl -encrypt -pubin -inkey public.key -in /tmp/skey | openssl base64 echo +++

#encrypt files with AES
for f
do openssl enc -aes-128-cbc -salt -a -e -pass "file:/tmp/skey" -in "${f}"; echo +++:

Mail me the output, and I'll get the original cleartext back. No key exchange.

Comment chroot /var/empty; suid nobody (Score 3, Interesting) 212

Privilege separation and sandboxing are well-tested mitigation techniques that allow OpenBSD to assert "Only two remote holes in the default install, in a heck of a long time!" - this security record is far, far superior to the Windows OS and the virus scanners that run atop it.

What Microsoft still fails to grasp, even after Gates' force majeur with the XP-SP2 security redesign, is that all applications should default to a strong sandbox. When a developer pushes code outside the sandbox, it should trigger more aggressive audits prior to listing in the Windows store, and user warnings of increasing severity upon installation.

The pertinent question for developers and administrators, especially with regards to network-facing services, is "how strong can we build the cage, and how little can we let out?" Until OS-designers build from this focus, the security tsunami will continue.

Comment GNU Shred (Score 2) 207

Use shred -n 7 /dev/sda - dd is hardly sufficient, especially if my finances are involved.

NAME shred - overwrite a file to hide its contents, and optionally delete it
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
Mandatory arguments to long options are mandatory for short options
-f, --force change permissions to allow writing if necessary
-n, --iterations=N overwrite N times instead of the default (3)
--random-source=FILE get random bytes from FILE
-s, --size=N
shred this many bytes (suffixes like K, M, G accepted)
-u, --remove[=HOW]
truncate and remove file after overwriting; See below
-v, --verbose
show progress
-x, --exact
do not round file sizes up to the next full block;
this is the default for non-regular files
-z, --zero
add a final overwrite with zeros to hide shredding
--help display this help and exit
output version information and exit
If FILE is -, shred standard output.
Delete FILE(s) if --remove (-u) is specified. The default is not to
remove the files because it is common to operate on device files like
/dev/hda, and those files usually should not be removed. The optional
HOW parameter indicates how to remove a directory entry: 'unlink' =>
use a standard unlink call. 'wipe' => also first obfuscate bytes in
the name. 'wipesync' => also sync each obfuscated byte to disk. The
default mode is 'wipesync', but note it can be expensive.
CAUTION: Note that shred relies on a very important assumption: that
the file system overwrites data in place. This is the traditional way
to do things, but many modern file system designs do not satisfy this
assumption. The following are examples of file systems on which shred
is not effective, or is not guaranteed to be effective in all file sys
tem modes:
* log-structured or journaled file systems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
* file systems that write redundant data and carry on even if some
writes fail, such as RAID-based file systems
* file systems that make snapshots, such as Network Appliance's NFS
* file systems that cache in temporary locations, such as NFS version 3
* compressed file systems
In the case of ext3 file systems, the above disclaimer applies (and
shred is thus of limited effectiveness) only in data=journal mode,
which journals file data in addition to just metadata. In both the
data=ordered (default) and data=writeback modes, shred works as usual.
Ext3 journaling modes can be changed by adding the data=something
option to the mount options for a particular file system in the
/etc/fstab file, as documented in the mount man page (man mount).
In addition, file system backups and remote mirrors may contain copies
of the file that cannot be removed, and that will allow a shredded file
to be recovered later.
GNU coreutils online help:
Report shred translation bugs to
Packaged by Cygwin (8.23-4) Copyright © 2014 Free Software Foundation,
Inc. License GPLv3+: GNU GPL version 3 or later
. This is free software: you are
free to change and redistribute it. There is NO WARRANTY, to the
extent permitted by law.
AUTHOR Written by Colin Plumb.

Comment Why the upset? (Score 4, Interesting) 693

This was an advisory referendum only, with no force of law. The United Kingdom is not obligated to leave the EU.

Yes, a pro-separation change in government will soon take place. However, the more forcefully that the new government pushes for a full departure, the more forcefully Scotland and Northern Ireland will attempt to disentangle themselves from the United Kingdom.

Northern Ireland in particular might see a real increase in sectarian violence if EU separation is not handled with great care, so internal security and continental policy will become even deeper-entwined. These forces will certainly blunt immediate impulses towards separation.

The EU bureaucracy has allowed a large, hostile contingent to form in several European nations. Perhaps now an inward gaze, compelled by credible criticism, can form a more perfect union.

Comment Tinfoil versus Face Slim (Score 1) 306

Tinfoil now crashes when you attempt to use messenger, and there is no commentary from the developer if he can/will fix it.

I suggest that you examine the Face Slim client on F-Droid. He has released a recent, new version which solves the messenger problem.

I do need a client that will upload photos on KitKat. If I can find that, then the official Facebook client is history on all of my devices - their code is no longer welcome.

Slashdot Top Deals

Five is a sufficiently close approximation to infinity. -- Robert Firth "One, two, five." -- Monty Python and the Holy Grail