Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:hmmm.. (Score 1) 355

Not all cars have a trunk. About half the vehicles I've owned didn't.

I don't know how it is in Canada, but in the US having good reason to think the statements true is a defense against libel. I'd probably post that stuff was posted from a stolen laptop myself, but that's me.

Being a real security expert isn't a matter of going through a one-size-fits-all procedure. Don't be too quick to say what a security expert would do. A security expert, for example, might allow a guest login for a variety of reasons.

Comment Re:What happened to slashdot? (Score 1) 355

Every single comment is however calling out that someone who leaves their laptop in an unlocked car can not in any way be called a "security expert".

In the first place, this is like telling the owner he shouldn't have worn that dress. In the second place, you're implying that one mistake revokes your security expert card forever. I don't have the rules to hand here, but I think it takes more than that. Also, security experts don't necessarily encrypt what the average /. poster expect them to.

And just like that poor thief who's so quick to vilify an unknown person in possession of his laptop and slander them as a thief,

In most places, it isn't libel (you can't slander someone by posting on their Facebook account) if it's true. In the US (and I know this incident happened in Canada, but I don't know Canadian law), it isn't libel if you had good reason to think it true.

Comment Re:Er right (Score 1) 355

I'd rather hear a lawyer's opinion on this. In the US, privacy rights on a computer are pretty scanty, and I have even less idea what Canadian law would say about this. There's also the question of what the user's legal expectation of privacy on someone else's computer is, which I'd also run by a lawyer if I needed to know.

Comment Re:The dam is valuable, the parking lot crack not (Score 1) 355

The point is, if you think throwaway accounts at gaming sites, etc. are not valuable to hackers,

Let's do some threat analysis. Who's after your stuff? Let's try getting more specific.

How adept are these hackers? The more adept are probably going to be going for high-value targets, which really doesn't include me. If the NSA is after me, I'm not even going to try to stop them, but they have no interest in me.

What are they going for? Are they targeting you in particular (in which case you have to outrun the bear), or accounts in general (so you just have to outrun your hiking companion)? If they're after accounts in general, they're probably looking for people who don't have good passwords on their bank accounts, a set of people that I am not a member of. Somebody wants to break into my bank account and its $2-5K, they're going to have to do some work. It's almost certainly going to be easier to break into the account of the guy who uses his Slashdot password for his online banking.

There seems to be a tendency to give out security advice based on the idea that there are competent people interested in hacking the target specifically, but not so competent that they can't be stopped. This may be suitable for the average guy, but someone who thinks security is going to come to more individualized conclusions.

Comment Re:Security 102, chapter 1 - Risk Analysis (Score 1) 355

A long time ago, I had a company-issued laptop with full disk encryption. They did an overnight download of software I needed to do my job, and something got hosed, and it wouldn't boot up. Suddenly, there was absolutely no way to get the data off the drive. As a complicating factor, it was at a financial institution, and they couldn't discard a computer or drive without positively destroying the data on it, so they couldn't just wipe and restore.

Last week, my son's laptop drive failed and he couldn't boot up. He had the important stuff backed up, but realized that there was gaming-related stuff on there he wanted to have back. He removed the drive from the laptop and stuck it into, I really don't remember what it's called, but it's a USB device that fakes being an internal drive mount, and was able to get all the data he wanted and set up his backups better. If that would have been possible if he'd had full-disk encryption, we would have at least had to figure out how rather than plugging in the disk and copying.

So, full-disk encryption does have its downsides.

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll