Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:hit zero (Score 1) 479

The error message is stupid no matter the reason for the check. With the old Macs it was similar, if no mouse was connected, it would say "No mouse found. Click on Ok to continue." Of course, there was no way to acknowledge the message with the keyboard, and the Mac was unusable without a mouse.

Also, the error says that the keyboard was not found, not the keyboard controller. The computer, even with the hack, should have run fine without keyboard (and in fact there was a setting in most computer's BIOSes of that time to disable this message).

Comment Re:codeword (Score 1) 479

My ISP changed their subscription system and I got a new login. It didn't work right away and with the help of the ISP I managed to finally connect with a temporary login. A week later I got a new login and it didn't work. When I called support, I thought that her name sounded familiar. I checked my call log and saw that I talked to her last time. When I told her so, I heard her typing, then she confirmed and passed me on to a technician, without me asking for it or saying anything else. The problem was fixed easily, and this was my quickest support call ever.

I couple of years back we had a special offer for Sun Blades at university. The machine I got didn't work, and so I called their support. When they asked to explain my problem, I described everything I did and why I concluded that the hard drive controller must be faulty. The lady on the phone did not interrupt me, and at the end of my description she just said that yes, she agreed and she would send a technician over. Not ever did she ask to reboot the machine or anything like that. And the technician came the next day and replaced the backplane - in my student dormitory (and yes, it worked afterwards).

Comment Re:even more interesting (Score 1) 155

Just an idea on how to work around potential weaknesses in the random number generator:
1) Set up a trusted and isolated system.
2) Use the system to generate key pairs
3) Some smart cards allow to import keys, including the private key (but do not allow to re-export the private key)
4) Dispose of private key after programming the smart card, and dispose of the system when replaced

This would not get around other weaknesses of the smart cards, but at least you can ensure that the card uses properly generated keys.

Comment Re:even more interesting (Score 1) 155

The SIM cards come with the keys preconfigured. As the GSM standard uses symmetric cryptography, the key has to be known and thus is stored somewhere outside the SIM card.

With smart cards, you can (and should) generate the keys yourself, or rather, let the card do it. The card normally uses asymmetric cryptography and will then store the private key internally and never disclose it, thus making it impossible for spy agencies to recover the keys*.

* There could be weaknesses, either as bugs or explicitly introduced by spy agencies. For instance, the card could use a weak random number generator (I remember an article that some ID cards used IDs that were not so random after all), or the card could have a back-door to extract the private key. In any case, the attack described, where an employee would be bribed to disclose a database of keys would not work for smart cards, but that does not mean that another attack is not possible.

Also note, just because we know that Gemalto has been compromised does not mean that other companies are more secure.

Comment Re:Where the fuck is the EU? (Score 1) 194

Well, there are actually multiple parts to any serious reply to your "wake-up call":

1) you might not hear/see people from the EU complaining because they might not do it on Slashdot (hint: not everybody speaks English).

2) What can realistically be done against the NSA?I mean, the US interferes almost everywhere, and if someone does not agree, there is a lot of political pressure. Besides, what exactly are Americans doing, other than complaining on Slashdot? (I am really glad for the EFF and a few other such organisations)

3) Please also consider that when Europeans complain, they are labeled as anti-American (or anti-Israel). So people might shut up because it's difficult to have a real argument. But the US might not have as much support outside the US as Americans like to believe.

I would also argue that Europeans (and other countries) really do a lot already. Maybe they don't complain that loudly, they just vote with their wallet (look at what is happening to Cisco or the military airplane deal from Barzil that went to Saab). Or they change laws to mandate having communications that are terminated on both ends in the same country stay in this same country instead of taking the cheapest route (often through London). In fact, I get the impression that Americans complain and European (and others) work hard on overcoming the problems.

If you have any useful ideas on how to tackle the issue efficiently, I (and a great many others, I am sure) would very much like to hear them.

Comment WebArchive (Score 5, Informative) 273

The Google cache was taken down. The original author seems to have agreed to take down the information on his site as well, even without having been contacted him-self:

However, they were too late. The web archive has already archived their pages. Here are the relevant links:

(not modified)

Comment Re:this is great news! (Score 1) 94

No mod points, sorry. I totally agree!

10s forward and backward jumps (with the keyboard, so no point-and-click delays), or 1 minute and 10 minutes jumps are really great.

The mandatory ads on DVDs are annoying on stand-alone players. It would be easier and faster (no waiting for mail deliveries) to just download the movies. Why do I have to watch piracy warnings on a leagally-bought DVD when I could skip them on an illegal download?

Also, as I travel between North America and Europe, region codes are a real PITA. I actually have a stand-alone region-free DVD player, and I never had to update firmware, but I had to enter a secret number to activate the region-free feature. On my Linux laptop this worked out of the box. Do region-free BlueRay players exist? Is it really necessary to update the firmware? Both questions are potential deal-breakers by themselves!

I buy movies on DVD, then rip them to watch on my mobile devices. I would buy BlueRays and a stand-alone player if I could use them with my high-quality but non-DRM monitor.

Comment Re:That's a nice technical solution you have there (Score 1) 277

Actually, to prevent "look[ing] for the hashes of those texts amongst the password" salted hashes are used. I believe password tables would already be reasonable sure if web sites would adopt salted hash algorithms, such as BCrypt.

This scheme is still vulnerable to to weak passwords, as you can just try the most common password (if restricted to a length greater or equal to 6 characters, it would probably be "123456") for randomb combinations of users until you get a combination that works. Once you have a set of user/password matches, you can then bruteforce other passwords. For large sets of passwords and a small number of correct passwords required, this scheme would hardly be better than standard salted hash approaches, not because the scheme is mathematically weak, but because of the lazyness of users (including me).

Comment Re:Rediculous (Score 1) 277

Thank you for pointing out one of the real flaws of the system! (sorry, no mod points)

There is another one: Since most people still use weak passwords (such as "password" and "123456"), if you have access to a password store, you can try a combination of user logins with the most likely passwords until you get a combination that is validated (I didn't run the numbers, but I bet it would hardly slow you down). Once you have that, you can use this to crack the rest of the passwords. So you wouldn't need to create fake accounts at all.

Comment Re:Proof read? (Score 1) 46

Well, the document (from which TFS is extracted) was written by a non-native English speaker (Ralph Langner, who is German). Interestingly, I note that as a non-native English speaker myself I make a number of mistakes that Americans find particularly annoying (this post is probably full of them), while at the same time I have difficulties reading comments with typical American mistakes (theirs / there's, then / than, he's / his, etc.). I think that native-English speakers rely more on how it sounds, while non-native English speakers tend to analyze the structure more and thus make different types of mistakes.

Anyway, I appreciate people pointing out mistakes as this allows me to learn.

Comment Change of tactics (Score 4, Interesting) 46

I know I shouldn't have, but I read the whole document and it's really interesting. Langner thinks that the tactics (and probably the team as well) changed over time. Based on his observations I propose the following (conspiracy) theory:

The attacks on the enrichment plants have been going on much longer than anyone so far claims, maybe since the beginning. That's why Iran's progress was so much slower than what the Pakistany managed to do (the first generation centrifigues are supposedly extremely tricky). Instead of discovering the initial attack (described in the document), the Iranian's compensated for the seemingly random problems by including additional control measures not present in the design from Pakistan: shut-off valves to quickly isolate a malfunctioning centrifuge and over-pressure valves. It took them ten years instead of the two years of the Pakistany, but they still managed to get enrichement started. Maybe with their added failure-tolerant design the original attacks didn't work anymore, or there was a leadership change (as Langner speculates). Maybe the Iranian's suspected something and changed procedures also for contractors and workers (Langner thinks that the initial attack was with direct access to the system while the later attack had to somehow find a way in). Maybe then the initial team was the Israelis who wanted to remain hidden, and when their approach didn't work anymore they asked the Americans for help who used the NSA's attack library for a way accros the air gap. The Americans would probably also be less worried about remaining hidden and maybe actively wanted to send a message.

Altought admittely pure speculation, I think this scenario fits the known facts and observations. I'm curious to see what you think of this ;-)

Comment Re:Use in driving tests? (Score 1) 233

It's similar in Switzerland. If you pass your driving test with an automatic car, you still get the same license, but with a mention that you are only allowed to drive automatic (similar to the mention that one is only allowed to drive with glasses).

As for enforcing this system, wouldn't it be the more fancy cars (with lots of automation) that could actually enforce this, while the old cars (where you would actually need a better license) would not? You could still use biometrics, etc., to determine in a fancy car whether you're allowed to turn off the enhancements.

Comment Routing Connections from Point A to Point B (Score 5, Interesting) 199

The article mentions that a connection from one point to anohter within Europe would likely stay within Europe. Maybe technically... On a recent trip to Paris I did a traceroute to an e-mail server in Switzerland, and essentially what I saw was: Paris (F) -> London (UK) -> Paris (F) -> London (UK) -> Paris (F) -> Lyon (F) -> Geneva (CH). There might be good reasons why the connection would go through London, but twice, and then come back? Considering that the UK is closely collaborating with the US in its data gathering, I have a feeling that this routing was not entirely by accident.

Slashdot Top Deals

Your code should be more efficient!