Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Russian Army Spetsnaz Units Arrested Operating In Ukraine

AJH16 Apparently Tom Clancey was a fortune teller... (623 comments)

Anyone else notice this sounds suspiciously like the start of the plot of Command Authority happening in real life?

about 6 months ago
top

RadioShack To Close 1,100 Stores

AJH16 Re:No place for 'almost', 'not quite' and 'nearly' (423 comments)

The bigger problem was the loss of knowledgeable staff. They should have expanded in to cameras not phones, they would have had more of a chance there. Now all the staff that knew what they were doing are gone though and instead of "You've got questions, we've got answers." It's "You've got questions and our stares are even more blank than the idiots at Best Buy."

about 6 months ago
top

Ask Slashdot: Anti-Camera Device For Use In a Small Bus?

AJH16 Control the light spectrum (478 comments)

Your best bet would be to black out the cab and have the only lights me lacking the red, green and blue wavelengths used by the majority of cameras and then using custom filters and image processing on the cameras inside, however that means that no external light can get in without also being filtered to exclude the red green and blue spectrum used by a normal camera. This will most likely end up resulting in a weird and possibly uncomfortable color cast to the light and still won't be 100% effective.

Rolling down any windows would defeat this though, as would opening a door.

about 7 months ago
top

Comcast To Buy Time Warner Cable In $44.2 Billion All-Stock Deal

AJH16 Re:ogahdno (303 comments)

Or the 2012 presidential election?

about 7 months ago
top

Massive Storm Buries US East Coast In Snow and Ice

AJH16 Re:Ironically (290 comments)

Shh!!! Let me have my moment.

about 7 months ago
top

Massive Storm Buries US East Coast In Snow and Ice

AJH16 Ironically (290 comments)

While my parents moved to NC to avoid the winters, they are getting hit hard and in upstate NY we are barely getting a dusting.

about 7 months ago
top

Comcast To Buy Time Warner Cable In $44.2 Billion All-Stock Deal

AJH16 Re:SEC block? (303 comments)

I would have to say I'm firmly the opposite of this. My experience with TimeWarner for Internet access has been phenomenal. Decent speeds, no stupid caps and reasonable enough value. My friends with Comcast on the other hand are faced with bandwidth caps, stupidly overpriced prices and horrible support. As a very satisfied user of TimeWarner's Ultimate internet service, I'm quite honestly terrified of the implications of this take over. I would give TimeWarner cable a 7 or 8 when it comes to Internet access in my area, but I'd give Comcast a -3 based on what I've heard from numerous friends.

(Now when it comes to TV and Phone service, they don't hold up as well, but I don't use them for either of those.)

about 7 months ago
top

Comcast To Buy Time Warner Cable In $44.2 Billion All-Stock Deal

AJH16 Re:SEC block? (303 comments)

Ironically, Verizon buying Time-Warner would be a good thing because FiOS and Time Warner combined would actually have a small prayer of giving Comcast a badly needed run for their money, instead I get to watch Internet options in my neighborhood vanish.

about 7 months ago
top

Comcast To Buy Time Warner Cable In $44.2 Billion All-Stock Deal

AJH16 Re:ogahdno (303 comments)

All I can say is SHIT!!! Need FiOS available to my area NOW!!!

about 7 months ago
top

Majority of Young American Adults Think Astrology Is a Science

AJH16 Re:And in other news... (625 comments)

Note that after Bush's second term I gave up completely and vote third party now.

about 7 months ago
top

Majority of Young American Adults Think Astrology Is a Science

AJH16 Re:And in other news... (625 comments)

In fairness, I didn't want to vote for Bush, but Kerry wasn't a serious candidate. I would have taken just about anyone over Bush, but Kerry wasn't it.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

That's a fair point, but I think you underestimate how accessible it is to get the IMEI wiped. Average Joe Clepto may not be able to do anything with it himself, but he can sell it on the black market to someone who can. All you need is a criminal clearing house of sorts that can handle that kind of thing and it becomes an ineffective measure. It's a slight deterrent as the initial thief can't make as much, but not as effective as being able to actually disable the device entirely.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

Yeah, that was part of what I was saying. The physical key should be able to be used to lock and unlock it. The consumer needs to have some critical part of the process so that only they can cause it to be disabled and re-enabled. I would suggest that the manufacturer should also have a key piece though too, that way simply losing the key doesn't mean you can get locked out of your own phone.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

You don't need PKI around this though. You just need key pairs, not key storage, so PKI isn't a problem. You have a few private keys for the manufacturer to be able to verify they are signing off, this is easier than existing SSL concerns. Then you have the public key embedded in each device for which the consumer has the private key on the separate dongle. This isn't inherently all that different from the way electronic car keys work when they are actually using a secure exchange.

You don't need a trust delegation system since the devices are assigned the keys to trust at creation and you don't have a large number of keys to secure since the public key information doesn't have to be secure for each phone and only has to be accessible to customer service at the manufacturer.

You bring up a valid point about revocation concerns for the manufacturer's portion of the validation, but the worst case scenario of a compromise is that attackers could lock phones once and then the phones would be unlocked and the lock disabled to avoid future problems. If the manufacturer themselves is compromised, they the revocation list could be faked too anyway since it would effectively be a compromised CA.

I would suggest that to have the phone locked down, the customer would have to supply the private key associated with their device or answer some local challenge. The USB key that came with their device would provide the public key and device ID information needed.

Cost shouldn't be substantially more than the cost of the USB dongles and TPM hardware. It would still be an additional cost, but probably not much more than a few dollars per device. Note that I'm not even saying I agree with it being a legal requirement either, I'm just pointing out that it is not as complicated or risky as it might initially seem.

about 7 months ago
top

Wozniak To Apple: Consider Building an Android Phone

AJH16 Re:They can't give up control (249 comments)

Yes, but until they can no longer get content to sell to their customer base at ridiculous margins, it will still be more profitable to keep whatever % of the market they have on their platform than to risk losing some to their own Android platform. By the time it breaks down significantly enough, the market share won't be big enough to matter particularly much as they will have lost relevance.

Not that they couldn't surprise me and do that now that Jobs isn't behind the wheel any more and so there isn't a trend to look at for them, but until a lot of factors change, it isn't in their best interest to make an Android device (which demonstrates yet again why Woz is not a business guy.) It still amazes me he managed to stay around Apple as long as he did given how juxtaposed Jobs desire to control was to Woz's desire to make technology work.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

We also don't know that the NSA doesn't have sharks with lasers on their heads that can make your phone explode in your hand while you are using it. How is this relevant to the topic being discussed? The possible presence of some (probably minor) cryptographic weakness in asymmetric cryptographic systems doesn't have any impact on the ability of it to secure a device from theft when the useable lifespan of the device is only a few years anyway. And if a break for asymmetric crypto did make it in to the wild, it would be used to compromise banking transactions rather than to unlock stolen smartphones.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

This is why I said it should be able to be turned off by the consumer (with a verified identity) and should require verification by the consumer to unlock as well. A good two factor system would be to have a code that needs to be supplied by the manufacturer to prove their signoff as well as a USB key that would come with the phone that must be plugged in to it for the unlock or disable of unlock to proceed.

This would allow you to prevent the feature from being used on you (as long as the company is willing, which if they weren't, they could simply put a kill switch in you couldn't disable and not mention it) and also puts you in direct control of the ability to re-activate your device after triggering it .

If you look at my example above, I would suggest that the private key of the device be on the USB stick and the company be required to sign it plus a challenge in order to get it loaded on to the device.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.

The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.

To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.

This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.

about 7 months ago
top

Wozniak To Apple: Consider Building an Android Phone

AJH16 Re:Alleged Apple patents on Android (249 comments)

The point is that participating with an open source project doesn't make it so things that aren't part of that contribution are covered by the license. You can't modify the code without giving out a patent license for your contributions, but just because someone else decides to contribute something that violates your patent and you happen to make unrelated contributions doesn't mean that you authorized someone else's abuse.

about 7 months ago
top

California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

AJH16 Re:What could go wrong? (341 comments)

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

about 7 months ago

Submissions

AJH16 hasn't submitted any stories.

Journals

AJH16 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>