Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Re-writing history are we? (Score 1) 487

Prior to massive regulations insurance was affordable.

Um, that's if they're willing to sell it to you. I could not get insurance for epilepsy pre-ACA because the medications I needed were expensive, and also because people always called 911 after every seizure which meant routine ER visits, about two per month. Since insurers wanted to keep their insurance "affordable" for healthy dickheads trying to decide if they even needed it, that meant telling me GFY- which they did because there were no "massive regulations" preventing them.

Comment Re:"glass of wine has heathful benefits" (Score 1) 121

Growing up, my grandparents had a couple of acres of zinfandel.

Each year, a winery would pay to pick & keep them, and my grandmother would go pick the late ripeners about two weeks later.

She juiced them, and canned them in mason jars.

The stuff was wonderful, heavy, and pulpy. It did, however, etch the jars . . .

Today, my father tries to see it to me every year or two, but I live a few hundred miles away. (anyone want to buy a couple of acres of northern californian zinfandel? :)


Submission + - Drupal Project Banishes Long-Time Contributor Over BDSM Claims (reddit.com)

techsoldaten writes: Larry Garfield, a long time contributor to the Drupal project, was banished from the community over his alleged involvement in BDSM communities. Dries Buytaert, founder of Drupal, asked Garfield to leave the project based on his beliefs about equality. The Drupal community has an established Code of Conduct Buytaert feels Garfield violated based on holding beliefs related to gender roles. Thought crime?

Comment Re:This is why i didn't buy day 1 (Score 1) 89

Back in the day, we rarely had these problems with first day console released hardware. And when we had them, it was using bleeding edge technology (original Gameboy LCD screen recall). Where the hard break from this trend ended and began was after the 5th generation and beginning of the 6th generation consoles. It continues to this day. Software follows a similar pattern, but more egregious with the advent of the Internet; with the idea it can be patched later with quick delivery. In fact, auto-update is now expected in apps. But there's no excuse for sloppy electronic engineering and manufacturing; not in the year 2017 FFS!!!

Submission + - SPAM: Quicken Bill Pay is No Longer Safe to Use 1

Bruce Perens writes: I don't usually make security calls, but when a company makes egregious and really clueless security mistakes, it's often the case that the only way to attract their attention and get the issue fixed is to publicize it. This one is with Quicken Bill Pay, a product of Metavante (not Intuit). It's from personal observation rather than an expert witness case, and the company has been unresponsive through their customer support channel.
Link to Original Source

Comment Abandoning Time-Worn Processes Leads to Atrophy (Score 5, Insightful) 158

Scientists determined that those people who made use of machine washing rather than hand washing had diminished hand strength and neurological motor communication necessary for fine motor control. Seamstresses who bought thread rather than using the spinning jenny were similarly impaired. But worst off were teamsters who used the internal combustion trucks rather than teams of horses and used forklifts and other mechanical devices rather than loading their vehicles by hand. Their overall body strength was much reduced.

Comment Re:Contempt of the court... (Score 1) 518

As I said — it is not testimony. The jury will not hear it. The 5th Amendment protects him from being compelled to be a witness against himself

The courts have generally held the 5th Amendment protections to be wider than that. For example, are you denying that people have the right to remain silent when being questioned by police? Why is there a distinction between being questioned by the police and by the court here?

As for encryption passwords, the Supreme Court hasn't ruled on such a case yet, but they have given hints on how they would rule. Maybe this will actually be the case that goes all the way?

I don't know about case law, but there is no "right to remain silent" in the Constitution. You don't have to be a witness against yourself.

Rights do not *only* come from the Constitution. Case law is indeed important, and there's a lot of case law around one's right to remain silent.

Comment Re:Modern HW crypto (Score 1) 518

I'm aware of ATA drive locking and their on-drive encryption, but that's not really what I was referring to.

I was thinking more of organized crime and enemy governments and other well funded and well-planned enterprises -- it would not surprise me if they had custom drive firmware made that was designed to foil the drive being imaged for forensics. I don't know if this is actually being done yet (though I suspect it is), but if it was, law enforcement (well, the better-equipped offices, and especially things like the NSA) would adapt.

And yes, you're right, such countermeasures would be a good deal harder to deal with on SSDs than spinning hard drives. Perhaps even approaching impossible without a lot of assistance from the drive manufacturer themselves.

And no, I wouldn't expect any of this to be done by a guy who's simply got illegal porn on his computer. Really, just keeping it on an encrypted drive probably puts him ahead of most.

Comment Re:In an ideal world (for the cops) yes (Score 1) 518

Even a lab "up to the quality of a guy running a hard disk recovery business out of his garage" is going to work on images of the disks rather than the disks themselves -- anything less will get all their cases thrown out of court by the defense ("how can you guarantee that you didn't alter the data yourselves?") *and* will get caught by "oh, you entered the wrong password? erase everything!" code. Maybe in 1992, but in 2017 ... that's law enforcement computer forensics 101, day 1. They absolutely will not be hooking up his computer and drives and working on that (unless they need to do so to figure something out, and even then -- it'll have copies of his drives rather than the originals.)

If a police department can't even reach that level ... then they're probably either avoiding such cases entirely, or deferring them to some other, larger and better-equipped organization.

Beyond that ... it becomes an issue of how badly they want the data. The local police department probably can't do too much, but the NSA/CIA/etc. can do a *lot* if they are properly motivated.

(That said, this sounds like a case where they won't be going to any extraordinary technological lengths to get at the data. They certainly do seem to have some friends in the courts, however.)

Now, back to "self-destructing crypto" ... if half the encryption key is on some remote server in Russia that self-destructs if not accessed at least every 30 days, then maybe. (That said ... people would lose their data often under such an arrangement.) If such services popped up and were being actively used, I imagine that the NSA and friends would be working on countermeasures (like compromising that box and looking for other vulnerabilities in the arrangement or simply installing keyloggers where needed), but that would probably foil the local police department's attempts to get the keys.

Of course, simply refusing to tell them the password should also foil them, legally and technically. This ruling is bad, bad, bad ... but I guess fighting child porn is more important than the right to not self-incriminate to this court?

Comment Re:Rubber-hose cryptanalysis (Score 3, Interesting) 518

.Perhaps some type of expiry after 30-60 days of non-use for sensitive encrypted drives might protect against this, since there's no way the person could decrypt the drive after that threshold.

You aren't imagining the defendant's computer in a nice neat room with his drives plugged in and a cop sitting at it trying to guess the password, are you?

No, the drives will have been imaged through a hardware device that blocks all attempts to write, and their work will be on their own computers running their forsensic software against the images of his drives, with his original drives safely in the evidence lockup.

And if criminals start using drives with custom firmware to foil this (they've already read the first GB sequentially? return gibberish and erase everything!), the cops will then be removing the control boards and subsituting their own before they do the imaging.

"Self destructing crypto" will just be something else for them to work around. It might foil the local police department, but if the FBI/NSA/CIA/etc. really wants your data, that's not going to foil them any more than straight strong crypto will.

Comment Re:Contempt of the court... (Score 5, Insightful) 518

This is not a Constitutional question — the guy is not asked to testify against himself. What he is to say is not under oath and will not be used against him.

It is indeed a Constitutional question. He's accused of a crime, and he's being asked, er forced to aid the prosecution. What happened to his right to remain silent, his right against self-incrimination?

And yes, I do believe it is the goal of the prosecution to use any passwords he provides to find stuff that *will* be used against him. They are *demanding* that he aid their prosecution of him by divulging secrets ... how is that not testifying against himself? Next, are they going to waterboard him for the passwords?

What is demanded of him is a key to the premises, for which a perfectly valid search-warrant has already been issued.

If they were demanding a physical key, he could refuse to tell them where that is too. That said, without that ... they'll just knock down the door.

Also ... has a search warrant been issued to search his brain?

This stinks to high heaven. I thought that it was already established by case law that you did not have to say anything to aid the prosecution in any way, that your right to remain silent was absolute in a criminal case?

Slashdot Top Deals

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal