Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:WTF? (Score 1) 194

I have some experience with self-encrypting drives. Many models of drives, when presented with a request to copy, can do one of several things: (a) return all zeros, (b) return an encrypted stream which is NOT the data or (c) return the true encrypted bytes.
Several drives I have used have resorted to the first strategy. Sometimes you can't make a copy of the drive, barring removing the storage chips from the underlying processor which serves it.

Comment Common Criteria does not imply side channel analys (Score 4, Informative) 32

I am a certified CC evaluator.

In no way does CC automatically imply resistance to side channel analysis. CC is a framework that permits manufacturers to make certain security-relevant claims. Evaluators then use a structured approach to determine whether those claims are accurate. If the product claims resistance to side channel analysis, then the work to get *assurance* of that claim will only be as good as the evaluator.

In short, existence of a Common Criteria certificate means nothing unless you read the claims and determine the rigour employed by the evaluator to arrive at their conclusions. Even then, such conclusions are based on a *single* iteration of the product under very specific deployment configurations and considerations.

Comment Re:Brother in law works at NIST (Score 1) 169

NIST and NSA have all sorts of partnerships (look at NIAP as an example). On the whole, however, they are distinct organizations with some overlapping function. NIST, for example validates cryptography implementations through the CMVP and the CAVP. Also of note is that the NSA has two arms: an offensive arm and a defensive arm. I'm somewhat annoyed with the /. crowd for not recognizing this and realizing that it is the offensive NSA arm which is potentially responsible for deliberate cryptographic weakening.

Comment Re:So that's really why he gave up his citizenship (Score 1) 445

Actually, although your message is clear, the details are not entirely correct. Regardless of how long you are outside of the country, if you have strong ties in Canada (a house, a wife/husband/children/family, bank accounts, etc.) then you are still considered a "factual" resident for tax purposes (http://www.cra-arc.gc.ca/tx/nnrsdnts/cmmn/rsdncy-eng.html). You must still FILE taxes, but you don't (necessarily) have to PAY taxes. You pay taxes only on income received from Canadian sources. Any so-called "Worldwide income" is exempt from Canadian taxation as long as there is a tax treaty with the counterparty country (http://www.cra-arc.gc.ca/E/pub/tg/t4131/t4131-e.html#P201_20183).

If you live outside of the country for more than 6 months (6 months plus one day), then you aren't afforded medical insurance. Hence, snow birds who fly back and forth from Canada every 6 months.

Comment Need to see the criteria (Score 2) 84

I've always been amazed at things like SAS 70 which, as the poster states, is based on self-defined criteria. The most shocking part, if I recall correctly, is that the criteria are not publicly consumable! This is the worst part of it all and the key part which needs to change.

Comment Re:Revenue or Safety? (Score 1) 506

Wow. The multi-target radar system is *more* complicated than your proposal, is it? I'd like to see how you quantify your variables and make it hold up in a court of law.

Look, I'm all for simplicity especially when it comes to rules and laws, but anything that is "relative" is asking for interpretation and hence, more complexity.

Slashdot Top Deals

If graphics hackers are so smart, why can't they get the bugs out of fresh paint?

Working...