Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:WTF... (Score 1) 105

Office of the Director of National Intelligence

Independent agencies
- Central Intelligence Agency (CIA)

United States Department of Defense
- Defense Intelligence Agency (DIA)
- National Security Agency (NSA)
- National Geospatial-Intelligence Agency (NGA)
- National Reconnaissance Office (NRO)
- Twenty-Fifth Air Force (25 AF)
- Army Military Intelligence (MI)
- Marine Corps Intelligence Activity (MCIA)
- Office of Naval Intelligence (ONI)

United States Department of Energy
- Office of Intelligence and Counterintelligence (OICI)

United States Department of Homeland Security
- Office of Intelligence and Analysis (I&A)
- Coast Guard Intelligence (CGI)

United States Department of Justice
- Federal Bureau of Investigation (FBI)
- Drug Enforcement Administration, Office of National Security Intelligence (DEA/ONSI)

United States Department of State
- Bureau of Intelligence and Research (INR)

United States Department of the Treasury
- Office of Terrorism and Financial Intelligence (TFI)

Source

Comment Not just PCs (Score 1) 729

Motherboard has an article in which it argues that car driving is still way too hard. The author of the article claims that for one to build a car, they need an "unreasonable" amount of disposable income, and also have an unreasonable amount of time to "research, shop around, and assemble parts" for their car. The author adds that a person looking into making one such gear also needs to always have to keep investing time and money in as long as they want to stay at the cutting edge or recommended specifications range for new racing tracks. The author has shared the experience he had building his own car. An excerpt from it:

The process of physically building a car is filled with little frustrations, and mistakes can be costly and time consuming. I have big, dumb, sausage fingers, so mounting the engine into the chassis, and screwing in nine (!) tiny screws to keep it in place in a cramped space, in weird angles, where dropping the screwdriver can easily break something expensive -- it's just not what I'd call "consumer-friendly." This is why people buy from Ford. It designs everything from the steering wheel to the door, which unfolds neatly to reveal everything you need. Ford reduces friction to the point where even my mom could upgrade the rims on her Transit, and it can do this because it controls everything that goes in that automobile.

Comment Re:The solution is horribly obvious (Score 1) 84

The problem is not "trusting" the proprietary crap, the problem is trusting it to improve security in any measurable way.

Android full disk encryption is just as secure as LUKS (in fact, under the hood it's dm-crypt just like LUKS, the key derivation is just different). This doesn't break the FDE. You still need the passphrase. What this does is break the "you need the hardware to access the FDE and we're going to impose additional non-provable restrictions such that you can keep using your 4-digit PIN and it'll be secure, promise" bunch of hot air that vendors like to sell you. Just like the FBI cracked that iPhone's FDE - by bruteforcing the passcode. This lets you bruteforce Android's FDE offline after a one-time attack on the hardware.

I use CyanogenMod on my phone. I have my FDE passphrase set to a long string, independent of my (shorter) unlock code. This attack doesn't affect me because my FDE passphrase is not bruteforceable in a reasonable amount of time. This only affects people who still think using a 4-digit PIN to secure FDE on their phone is a good idea because Apple and Qualcomm pinkie-promise that their secure tamperproof hardware can limit bruteforce attempts enough to make that a reality.

Comment Re:Blantant? (Score 5, Interesting) 181

A security researcher who goes around looking for ATM skimmers should know that the magstripe reader always goes along with a camera for the PIN pad, and that the electronics inside the card reader part aren't the whole story.

It's completely obvious once you look for it, once you know a skimmer was installed on the card slot, especially having another pristine ATM right next to it to compare. Nobody's going to blame someone for not noticing a skimmer in the first place, but once you know one was installed, yes, the PIN pad part is blatant.

Comment Re:Just as well (Score 1) 368

The ARM has nothing to do with game consoles. The PS4 and the Xbox One don't even use the ARM for their secure boot/DRM, they use something else (the PS4 uses the SAMU which is an LM32 derivative core inside the GPU portion, and I think the Xbox One uses more custom stuff). Read this libreboot page; the ARM is required to boot any modern AMD chip. Or this if you want a reference from AMD from last year. The PSP is very much alive and well and required to boot modern AMD chips.

Comment Re:Just as well (Score 5, Informative) 368

... and guess what, AMD CPUs have an extra ARM core in them, as well as multiple little cores of various architectures attached to the GPU. All running proprietary firmware.

Throwing random little CPUs at problems is nothing new. What makes you think the firmware in your PCIe WiFi card also can't access all main memory and be turned into a rootkit? What about the Embedded Controller on laptops, that runs even when it's off?

Yes, the state of firmware auditability of modern PCs is dismal. It's been like this for at least a decade. Yes, Intel does it one way, AMD does it another way, and just about every other peripheral on your board is also an attack surface. GPU? Dozens of little auxiliary cores (unrelated to the GPU unified shaders); Nvidia or AMD, doesn't matter. That USB 3.0 host controller? Probably runs firmware too. Ethernet? Yup, often has firmware these days. That LSI SAS controller? Full PowerPC core with enough oomph to run Linux itself. Your hard drive? 3 ARM cores, you can make them run Linux too. And all of those things can scribble all over your main memory unless you enable the IOMMU (except the HDD, that one can scribble all over your storage instead).

Sleep tight.

Slashdot Top Deals

"Ada is PL/I trying to be Smalltalk. -- Codoso diBlini

Working...