Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re: So, it's not only the Russians that hack, huh! (Score 1) 113

Chromebooks (specifically the Asus c201) can be safer if the firmware has been replaced with Libreboot. The rest of the c201 hardware has open source drivers for Chrome OS. So, in theory, that would be the most up-to-date hardware capable of entirely running FOSS, including the firmware, without BLOBS.

(no tails support though, argh)

Comment Re:Destroy code? (Score 1) 520

The US gov can detect the use of hidden volumes

It's important to state that if the hidden volume within an encrypted container has been created correctly and is used correctly (see below) on a machine that does not have compromised OS or firmware, the presence of a hidden volume cannot be proven. The encrypted free space remaining after the main volume's data ends is as random as any other encrypted data (including hidden volume data).

Care must be taken with backups. If two copies of the same volume exist (main plus backup) and the hidden partition of one has been altered while the other has not, then this can reveal the existence of a hidden volume.

Comment Re: Rubber-hose cryptanalysis (Score 1) 520

Sometimes hidden volumes are called 'inception volumes' because they don't have to stop at the second level. There is an argument that if there's free space on the drive, or no incriminating files, that is somehow suspicious.

But in my view, free space can be explained as not inherently incriminating in the same way that free space on a regular hard drive is not incriminating ('I created a big encrypted container because I wasn't sure how big it needed to be'), and important personal files that would be useful to an identity thief (bank records, accounting records, passport scan etc) can be placed in the higher decoy volume.

Comment Re: Rubber-hose cryptanalysis (Score 1) 520

7.1a:

Source code audit and formal cryptanalysis led by Matthew Green showed no catastrophic weaknesses. Bruce Schneier claims he's still using it.

The various security services revelations indicate the weakness is a compromised operating system or firmware not the encryption itself. Peronally I favour TAILS and LUKS, running on a computer with Libreboot, although that can also read TrueCrypt containers.

Comment Re:The New Normal (Score 1) 337

It's a bit like saying that buildings that only have steps and no wheelchair ramps or lifts must remove the steps. Even if they're an historical building.

But, how could the historical building architects have foreseen the future requirement to provide wheelchair ramps or lifts? Maybe there just isn't enough space in the building. Nobody would propose to tear down historical buildings, just because they can't be made wheelchair accessible.

Comment A truly FOSS laptop (Score 5, Interesting) 220

A truly free and open-source software laptop... which allows a FOSS BIOS or UEFI replacement, FOSS drivers. No Blobs, or Intel ME.

Journalists, activists, and anyone who must have a secure, trusted computing device, need a modern alternative that be purchased off-the-shelf and supports Tails.

Comment Re:Perhaps a better method... (Score 5, Interesting) 1001

USA Airport Immigration has recently started putting programming questions to travellers who claim to be software engineers. In one case they asked the traveller Python questions.

(Not to be confused with the Monty Python questions the UK immigration authorities ask.)

Comment Re:who the hell uses a search engine for piracy is (Score 1) 104

In the UK we're not too worried about the FBI and CIA, but the recent Investigatory Powers Bill does mean all our communications are under surveillance by GCHQ and the Police.

But if they're also censoring search results, well that's just jangles. We'll switch our VPNs to search google from a different country.

Slashdot Top Deals

U X e dUdX, e dX, cosine, secant, tangent, sine, 3.14159...

Working...