Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment None of the above. (Score 3, Insightful) 64

"So what will be the impact of this? Will we see cheaper, lower-power encryption devices? Or maybe quicker cracking times in brute force attacks?"

Neither.

It's a method to discover primes using elimination of non-primes up to the square root of the number you're after.

If you can get that far, you can get to the prime itself quite easily. It's not going to help discover new large primes without eliminating BILLIONS of numbers in between.

And from there it has nothing to do with cracking encryption whatsoever.

The impact of this is that a child's method of eliminating factorisable numbers slowly takes up slightly less storage space (i.e. slightly less variables held in RAM) than before. It's not a breakthrough in maths, but a slight efficiency saving in the computer science to perform the algorithm in practical terms.

Comment Control and management (Score 2) 268

Though it doesn't seem to apply to home networks, how can you be an IT professional of any kind and NOT know what's coming into or going out of your network?

If nothing else, precisely because of things like this where your CCTV NVR or your thermostat could be hacked and doing whatever it likes. In fact, DDoS of someone else is the LEAST of your worries if someone is able to coax your devices into running arbitrary code on your local network.

Sorry, but this kind of thing needs management and there isn't a home router on this planet that does things like send you an email when a "new" device connects, or alerts you to unusual activity from your local network devices.

Comment Really? (Score 1) 196

So the US are openly picking battles with Russia AND North Korea now?

Guys, seriously, has the terrorist thing worn thin or something? Or have you realised that piling into other people's countries and "fixing" them achieves fuck-all that people in that country consider "fixing"?

If you want another hundred billion for the military just say so, stop picking fights with people who either do - or may soon - have the capability to fight back once and for all.

And if the Russians are manipulating your election and affecting your candidates, maybe you should look at your election and candidates instead of the Russians. Because, for sure, you'd do exactly the same if you could over in their country.

How about fixing your election system and having news channels that report on real things, like who's taking backhanders, what crappy laws have been slipped into completely unrelated bills, and such-like?

Oh, sorry, that would involve having impartial news channels not already owned by the people in charge, right?

Comment Re:200 Million Yahoo "Users" (Score 2) 169

They should.

It's literally best practice and the way any sensible organistion should do it. An authentication server is just that - it authenticates. Whether that's RADIUS or whatever else, it should do one job and do it well and have the minimum amount of access necessary to do that job.

With someone like Yahoo's money and resources there is no excuse.

And with an auth server farm, how do you get hacked? It has to be deliberate insider intrusion (i.e. someone who works on those machines). Done properly, even sniffing the entire network around it wouldn't do much and certainly wouldn't be able to affect older logons.

If the auth servers were just doing auth, and nothing else, and isolated, and had a single "auth" port exposed that ran a limited-scope protocol that only returns the bare minimum of data, the scope for attack is almost zero. And you literally lock them away and don't let anyone but your most trusted engineers touch them.

So it's quite obvious that all these places that do get hacked AREN'T running proper auth servers at all.

Even Steam, when it had credit card data stolen, the data was encrypted (so nothing ever came of the data leak) but... how did they get that? Why is that not stored on a completely isolated system? Why were they able to get historical records rather than only those flying over the live network (which is, I admit, harder to secure)? It means it wasn't isolated and secured.

Even CA's have had their root certificates compromised and you'd expect that to be the most secure thing in the world. Literally, make them on an offline computer, generate and sign some other root certs that you actually use, and then switch that thing off and never turn it on again unless you need it.

But, in real life, despite all the posturing about security, none of this ever happens.

The curse of general-purpose operating systems, general-purpose computers and even - as could happen in real life if people took your suggestion - using VM hypervisors as the gateway between your data and the VMs running the outside services (nothing wrong with VMs themselves, so long as the entire server farm was completely isolated from all the others - personally, for an auth farm, I'd use physical servers only to reduce the attack area even more).

Comment Re:200 Million Yahoo "Users" (Score 1, Informative) 169

200m user details stored in one place that can get hacked?

I wouldn't hold your breath here.

At most, you'd expect some kind of isolated authentication service, separate from the rest of their servers but I doubt it.

If someone has just sucked it out of a SQL table, the chances of it being properly hashed and salted are minimal. And the chances they used MD5 - which even hashed and salted is cracked beyond belief nowadays - rather than something sensible? Minimal.

Comment Re:how is this still relevant? (Score 1) 382

Because this is new evidence that may show someone lied to the court, or provide new avenues for charges?

If this guy was asked "Did you delete emails?" and said no, this case is wide-open again because he could be found to be lying based on this discovery. If his competency was used as a factor in ensuring the regulations were met, that might be brought into question by experts if the court interprets this evidence in certain ways.

Double-jeopardy doesn't apply if new evidence is brought in most countries.

But then, most countries don't have nonsense laws like that anyway, or prescribe them in such a way that they only stop harassment of a defendant rather than letting murderers get off because the lawyers were stupid but it doesn't quite qualify as a mistrial.

Comment What an oversight. (Score 1) 382

I'm just laughing.

A House Oversight Committee.

To me, that just sounds like a committee that looks and sees what it can forget to check or do, not a committee that watches and manages a set of people.

I know that, technically, the word also means to manage people but... that's not what I think when I read it.

And the summary headline just makes it worse. It makes it sounds like it's happened by accident.

Comment Re:jerks (Score 1) 166

Attributed to:

"use of the wrong type of lead-free solder"

Not "lead-free solder" but using some cheap junk instead.

Lead-free solder, in and of itself, isn't the problem. It's people using cheap junk. Same way you could haved used pound-shop leaded solder and got the same problem.

Or capacitors with stolen-formula electrolyte that failed over time taking out millions of devices (Google "Capacitor Plague"). Nothing to do with "using capacitors". Everything to do with using cheap junk instead.

Comment Re:Can Anyone Explain This To Me? (Score 2) 189

Particle could be anything, probably sub-atomic to actually work, so it barely matters what atom is actually SENT down the wire. Most likely a photon, though, in these cases though you can do it with electrons and similar.

Information is probably not much per attempt. Maybe as low as a bit each time. But that's enough to form a bitstream. Slow, but a bitstream. That means you can send a conventional PKE key or DH exchange using it because they are small but need to be transmitted securely.

You're measuring a property of the photon. Most likely a particular Bell State (google it) that it falls into.

Measuring that is HARD.
Entangling it is harder.

Measuring the state actually destroys the "connection", as such - like ripping open the envelope means you can't reseal it without someone noticing something has changed.

Thus, you can't measure the state AND then pass it on as the original. Which means you can't interfere with a message without people knowing, and then they throw that message / key away and make a new one.

And quantum teleportation is when something is in an entangled state. You send it anywhere in the universe. You measure it. And THAT MEASUREMENT determines what the particle was all along, everywhere, in all the universe, immediately, without care of the speed of light (Quantum stuff is WEIRD).

Think of it as not "putting a message into a particle" but as "revealing what universe you WERE already in". When you measure, you know EXACTLY what universe you are in NOW, for that time of measuring. But it could be any universe and you could end up measuring all kinds of values. But in YOUR universe, for THAT measurement, your special code is whatever you measured. There's no way to determine that before you measure.

But as soon as you know that, you know what everyone else sent too because of the universe you happen to be in.

It's like being at a murder mystery party and not knowing that the murderer was YOU until the very end. when you measure them all. Even though you've already killed the guy, you didn't know until that point.

Quantum stuff is weird. It's never going to be easy to understand.

Comment Sigh (Score 1) 210

Because of many reasons, but one of them is that you stop when the thing says you've hit your target exercise amount etc.

Totally useless.

The other day colleagues were talking about the same thing. I mentioned that my phone is set to "get me fit" on Samsung Health apps.

For context, I do NO exercise whatsoever. I'm a lazy bum who's as skinny as hell, in that respect.

The "target" it set me - I've "achieved" it every single day since I got the phone. Without even trying. Literally just walking around the office each day in normal activity. I'm not trying - I see no need - but literally just ordinary things I do every day make me seem "fit" by the default settings that someone who bought into the fad would probably accept as a LONG-TERM target.

And then I drop my phone when I'm at home so it can't monitor that, so technically I'm probably doing TWICE as much as it recommends. Without doing anything.

Everyone else I asked said the same, even those fitness fanatics. They don't use the apps because the recommendations are so low they "achieve" them every single day whereas they are quite happy to then go on three or four hour runs after work too. If you just relied on the activity trackers and apps, you'll stop midway through the day even if you're constantly upping the recommendations, and then think you're doing something special.

And it just gives you an excuse - "I did better today than yesterday, I might as well stop". If the tracking wasn't there, you'd probably say "I'm still feeling good, I'll give it another half-hour" or whatever.

And, let's be honest, the reason I have the app in the first place is to measure my heart rate for a laugh. I really don't care when it goes out of the recommended box, I just like measuring it as a gimmick. The activity trackers are all the same, so you can "boast" that you've done 10,000 steps today or whatever.

I do 20,000 steps every single day without trying or being in an active profession (I work in an IT office, ffs!).

Slashdot Top Deals

Between infinite and short there is a big difference. -- G.H. Gonnet

Working...