Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment A few obvious corrections (Score 1) 53

First, DES is 56 bit (near enough 60). Triple DES as per first mode (the authorised standard) is 168 bits. The article fails to distinguish, implying the authors are just a little bit naff. 3DES seems to be quite safe, as long as not used in DES emulation mode. And who the hell emulates a mode that was broken in the 80s?

Second, Blowfish was replaced by TwoFish, ThreeFish and Speck. Skein, an entrant to the DES3 challenge, makes use of ThreeFish.

Third, the Wikipedia page states it has been known for a long time that weak keys are bad. This particular attack, though, is a birthday attack. You can find all the ciphers vulnerable or free that you should be using. Anything not on the list is something you are solely responsible for.

http://csrc.nist.gov/archive/a...

In other words, this information is about as useful as telling up that Model T Fords weren't good at cornering at highway speeds. Below are some links, I can't be buggered to HTML-ify them.

https://en.m.wikipedia.org/wik...
http://www.skein-hash.info/
https://en.m.wikipedia.org/wik...
https://en.m.wikipedia.org/wik...

I do not trust most encryption software these days, but that's because programmers these days are sloppy and arrogant.

Comment Re:Yeaaaaaaa (Score 1) 129

A DDOS attack does nothing to attack the integrity or security of the data. The success of a DDOS attack only indirectly calls data safety into question - if they were not able to defend against DDOS, perhaps they're also not good enough to maintain security.

As an aside, I'm currently living in Australia, and the site worked fine for me at about 6pm.

Submission + - ESA wants to take out the trash. The space trash.

The Bad Astronomer writes: The European Space Agency is considering a test mission that will use new technology to help clean up the ever-increasing problem of space debris. The spacecraft, called e.Deorbit, will identify, approach, grapple with, and then dispose of errant space junk by deorbiting it, letting it burn up in Earth's atmosphere. Testing could begin as soon as 2023.

Comment Re:Suicide by politician (Score 1) 1010

A key point here is it was wildly inappropriate for Comey to recommend no prosecution in this case on TV. It is totally not his decision. The prosecutors in the DOJ are the ones who get to decide if prosecution is warranted. The FBI's job was to investigate and generate a report to the DOJ. They do get to make a recommendation regarding prosecution but it is only a recommendation. Comey absolutely should not have announced the recommendation at a press conference before the DOJ has even started reviewing the final FBI report. It reeks of prejudicing the entire case since it places inappropriate pressure on the prosecutor in the DOJ to not prosecute when they may well be inclined to prosecute when they see all the evidence.

Comey s assertion that Clinton and her people had no intent to do harm by mishandling top secret compartmentalized information so they should not be prosecuted is also way over the line. The fact is they did mishandle top secret information, and it is unknowable if that mishandling resulted in the information being accessed by foreign powers or others who were not authorized to see it. You knowingly mishandle classified information in violation of the oath you signed there have to be consequences otherwise why should anyone bother to protect classified information. If Clinton is elected President how can she expect the millions of Federal employees working for her to protect classified information when she knowingly didn't and got away with it.

Thirdly mishandling email is only part of the case against the Clinton. A key reason Clinton may have been using this private server is there may have been email between her, foreign governments and affluent individuals who were donating large sums of money to the Clinton Foundation while she was Secretary of State creating the appearance that she was soliciting bribes in return for favorable decisions from the State department on things like arms deals. Clinton is claiming these are personal emails so she withheld them from the FBI but they may be a trail pointing to public corruption.

It smacks of whitewash to suddenly short circuit these investigations so Clinton will have a clean path to the nomination at the convention which is just a few days away now.

Comment Re:You missed a couple of sections (Score 1) 309

In finding no Fourth
Amendment violation, the Western District of Washington noted that "in order for [] prospective
user[s] to use the Tor network they must disclose information, including their IP addresses, to
unknown individuals running Tor nodes, so that their communications can be directed toward
their destinations." Id. at *2. The Western District of Washington noted that under "such a
system, an individual would necessarily be disclosing his identifying information to complete
strangers."

Sounds like it makes sense to me

Thus, hacking resembles the broken blinds in Carter. 525 U.S. at 85. Just as Justice
Breyer wrote in concurrence that a police officer who peers through broken blinds does not
violate anyone's Fourth Amendment rights, jd. at 103 (Breyer, J., concurring), FBI agents who
exploit a vulnerability in an online network do not violate the Fourth Amendment. Just as the
area into which the officer in Carter peered - an apartment - usually is afforded Fourth
52
Case 4:16-cr-00016-HCM-RJK Document 90 Filed 06/23/16 Page 52 of 58 PageID# 1134
Amendment protection, a computer afforded Fourth Amendment protection in other
circumstances is not protected from Government actors who take advantage of an easily broken
system to peer into a user's computer. People who traverse the Internet ordinarily understand the
risk associated with doing so

Well yeah if you don't patch your system, you know you're going to get hacked right? So, boohoo, you got hacked by the gov should have been surfing kiddy porn

Comment Re:You missed a couple of sections (Score 1) 309

"Furthermore, the Court FINDS suppression unwarranted because the Government did not need a warrant in this case. Thus, any potential defects in the issuance of the warrant or in the warrant itself could not result in constitutional violations".

This language is particularly specific and narrows the ruling to this case and only this case. The fact that the FBI got a warrant to allow them to run remote exploit code on an individual's computers that had downloaded the exploit (which was only available on PlayPen) means that they didn't need a warrant.

The individual was exposing himself to this exploit of his own actions, and thus didn't require a warrant. Let me put it this way, the FBI takes over a drug dealer, and has him continue sale, but under the new watchful eye of cameras that collect identifying photos of individuals who purchase drugs. (Not only that, but the person has to go into a room that specifically says, “illegal drugs” on it in order to even end up on camera.)

Do law enforcement REALLY need a warrant when the person is incriminating themselves?

This is like arguing that law enforcement had no right to put a tracker in the cash bag of a bank that they took. It's BS. It required active agency in acquiring the exploit code, and a clear intent to obtain child pornography.

a) You do not have a reasonable expectation of privacy when you're committing a crime, and b) if you walk into someone else's house and demonstrate direct intent to commit a crime without knowing that you're identifying yourself to police, well, TOO BAD

Comment Re:The message is clear: (Score 1) 309

The site was actually protected by the Tor network (and despite an error in configuration allowing it to be accessed outside of Tor for a bit) was only available through the Tor network.

They then attached the callback program to trigger upon downloading known child porn, and voila your computer happily reports to the FBI that you've just downloaded child porn.

This is actually pretty solid law, and entirely reasonable warrant and execution of that warrant

It looks like (so far, I'm only part way through the actual ruling) one of the chief objections is that the warrant identified the website with the wrong type of logo. The text on that logo, had however stayed the same. This is not a good argument for why a warrant shouldn't be valid

Comment Re:What Constitution? (Score 1) 309

Even though the warrant authorized the FBI to deploy the NIT as soon as a user logged
into Playpen, SA Alfin testified that the Government did not deploy the NIT against Mr. Matish
in this particular case until after someone with the username of "Broden" logged into Playpen,
arrived at the index site, went to the bestiality section - which advertised prepubescent children
engaged in sexual activities with animals - and clicked on the post titled "Girl 11YO, with dog."
In other words, the agents took the extra precaution of not deploying the NIT until the user first
logged into Playpen and second entered into a section of Playpen which actually displayed child
pornography. At this point, testified SA Alfin, the user apparently downloaded child
pornography as well as the NIT to his computer. Thus, the FBI deployed the NIT in a much
narrower fashion than what the warrant authorized.

I dunno, that's pretty compelling reasonable suspicion there for a warrant which is what they actually had

Comment Re:We need a penalty for retarded judges (Score 1) 309

The Court FINDS, for the reasons stated herein, that probable cause supported
the warrant's issuance, that the warrant was sufficiently specific, that the triggering event
occurred, that Defendant is not entitled to a Franks hearing, and that the magistrate judge did not
exceed her jurisdiction or authority in issuing the warrant

So you think supporting the validity of a warrant that was issued prior to the search to be subversive?

Comment Re:What Constitution? (Score 1) 309

To any sane person, if they need a warrant to come through your door to seize the data, they need a warrant to seize the data over the wire.

Let's examine that, let's see

The Court FINDS, for the reasons stated herein, that probable cause supported
the warrant's issuance, that the warrant was sufficiently specific, that the triggering event
occurred, that Defendant is not entitled to a Franks hearing, and that the magistrate judge did not
exceed her jurisdiction or authority in issuing the warrant

Oh, they did have a warrant.

Slashdot Top Deals

"Well, if you can't believe what you read in a comic book, what *can* you believe?!" -- Bullwinkle J. Moose

Working...