Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Wi-Fi Router Attack Only Requires a Single PIN Guess

Ingenium13 Re:Wireless security (84 comments)

I've actually found that a lot of devices just ignore an invalid (ie not from a trusted CA) certificate for this. Android in particular will happily continue with no prompt to the user that the cert is not trusted. I even had it somehow forget the CA that I specified with the network credentials. I'm not 100% certain on this, but I vaguely remember having an issue with Network Manager also not validating the server certificate with TTLS.

It's just too risky where a device could decide either for "convenience" or incompetence not to notify about an invalid server certificate and go on to divulge that device's login credentials to the MITM. Or a user not configuring a device properly. I don't have to worry about that with regular TLS, it's enforced on the server and if it's invalid it won't connect, period.

about three weeks ago
top

Wi-Fi Router Attack Only Requires a Single PIN Guess

Ingenium13 Re:Wireless security (84 comments)

Many devices don't support VPNs (Chromecast for example), and the ones that do don't usually have openvpn as a built in option. Not to mention the increase in battery usage on mobile devices due to keepalives. This mostly restricts your wireless devices to laptops and select tablets or smartphones. If you really don't trust WPA then just make some LAN resources accessible by VPN only (over WPA), but allow internet access without it. Any sites with sensitive data should be using TLS anyway.

Also, WPA2-Enterprise is pretty secure if you only use TLS auth, not TTLS where you use a username/password combo (too easy for a MITM), but regular TLS auth that uses client certificates. It's less effort to setup than a VPN, and you get VPN level authentication, plus support on a much wider range of devices out of the box. This is what I use, and I have a second SSID that uses WPA2-PSK for the few devices that don't support WPA2-Enterprise.

about three weeks ago
top

New Raspberry Pi Model B+

Ingenium13 Re:So they update it, but... (202 comments)

I completely disagree. I've been using a Model B with xbian for over 6 months now and it plays everything I throw at it flawlessly, even high bitrate 1080p h.264 videos. Sometimes the navigation can have a little latency, or transitions from one category to another (like switching from TV Shows to Movies on the main screen) can stutter or not be smooth, but I partially attribute that to my huge library and the underpowered CPU. The actual video playback itself is always flawless though. I was impressed when I first set it up, I didn't expect it to work as well as it does.

about 2 months ago
top

Over 300,000 Servers Remain Vulnerable To Heartbleed

Ingenium13 Re:As expected (74 comments)

13.04 wasn't an LTS release. LTS releases come out every 2 years and are supported for 5 years (12.04, 14.04, etc). The non-LTS releases can be thought of as betas for the LTS releases.

about 3 months ago
top

Kids With Operators Manual Alert Bank Officials: "We Hacked Your ATM"

Ingenium13 Re: Not surprising. (378 comments)

There was a post on here several years ago about this same issue on Tritan and Tranax ATMs where the operators never changed the default passwords. What they would do is change the denomination that's in the drawer, so the ATM thinks it has $1 bills instead of $20 bills. They would then use a prepaid credit/debit card (like the Greendot ones you can get pretty much anywhere) to withdraw say $200. Rather than giving 10 $20 bills like it's supposed to, the machine would spit out 200 $20 bills.

about 3 months ago
top

How MIT and Caltech's Coding Breakthrough Could Accelerate Mobile Network Speeds

Ingenium13 Re:A better explanation (129 comments)

It might be possible now with IPv6.

about 4 months ago
top

Heartbleed OpenSSL Vulnerability: A Technical Remediation

Ingenium13 Re:Is OpenVPN affected? (239 comments)

I think if you had enabled the tls-auth option it prevents the attack.

about 5 months ago
top

Google Chrome 34 Is Out: Responsive Images, Supervised Users

Ingenium13 Re:Memory usage? (115 comments)

Wow, that's surprising. Chrome eats memory on Ubuntu 12.04. Using version 34, with 19 tabs open, I'm using 2.9GB of private memory and 1GB proportional. This page is using 150MB for me. Maybe it's a 64-bit thing? After a day or so memory usage will approach 6-8GB.

I've found gmail to be particularly bad. My gmail tab is at 400MB right now, but within 24 hours it will balloon to 1GB and then keep growing. I think it usually ends up around 2-2.5GB after a few days, but I've seen it higher. I think there must be some kind of JS memory leak or something.

That said, it's not usually that big of a deal for me. I have 16GB of RAM, most of which is just cache unless I load a VM. Chrome's memory leaks do force me to close the browser and restart it though when I need to free up a few GB for running multiple simultaneous VMs.

about 5 months ago
top

Speedier Screening May Be Coming To an Airport Near You

Ingenium13 Re:I saw faster screening at Orlando (163 comments)

Except when they deny you without telling you why, with no real appeal process, because you can't JUST get pre-check, you have to get one of the other certifications instead. The most common one is Global Entry, which allows expedited customs. Have you ever forgotten to declare something small coming back into the country and they find it (even if it's not prohibited)? Then you're permanently banned from this program. Ever had someone ship you something from overseas and accidentally misdeclare customs (outside your control)? Banned. I found out I was banned after paying the $100 non-refundable fee for the latter reason because a seller didn't fill out the customs form properly.

They need to offer a way to only get pre-check without going through one of the other programs.

about 7 months ago
top

Sniffing and Decoding NRF24L01+ and Bluetooth LE Packets For Under $30

Ingenium13 Re:What security does Bluetooth have? (46 comments)

It used to suck battery on my older phones, but on my last 2 phones (current being Galaxy S4) it doesn't even register most of the time. Bluetooth is integrated into the same chip as wifi, so if you leave wifi on then it shouldn't really use any extra power.

about 8 months ago
top

GPUs Dropping Dead In 2011 MacBook Pro Models

Ingenium13 Re:Warranty Shouldn't Matter (359 comments)

No they don't. I had Power Mac G5, 3Ghz. I got it as soon as it came out. It was liquid cooled. I never put serious load on this system, I used it as a workstation but rarely was it ever running at 100% CPU usage. One day I noticed it shut off and wouldn't turn back on. Turns out the coolant had leaked out over the logic board, frying it. I had paid $3500 for the setup, it was 2 years old. Did some research and apparently the o-rings in the first few runs were known to be defective, and they silently switched to a different supplier later on because of it. They still refused to fix it unless I paid $1500 for a new logic board (maybe more depending on if more needed replaced). Not only that, the monitor I bought for it had the proprietary Apple connector, so was useless on any non-Apple computer.

I had been a huge Apple fan before this happened, but that was the last time I bought anything Apple.

about 7 months ago
top

Barcelona Will Be a Big Test For HotSpot 2.0 Wi-Fi Connections

Ingenium13 Re:Open Wifi AP FTW! (18 comments)

The system is basically automated WPA2 Enterprise. I read that a few airports in the US (Chicago) are starting to have this through Boingo. Normally Boingo is pay, but it's free for use through this service, so I'm guessing the carriers are paying a fee to them. It makes sense to authenticate the devices to make sure it's "allowed" to be on it.

about 9 months ago
top

Ask Slashdot: Best Laptops For Fans Of Pre-Retina MacBook Pro?

Ingenium13 Re:Lenovo. (477 comments)

Agreed. I had a Thinkpad T400 and now a T430. I love them. Everything is user replaceable, and they don't look out of style after you've had it for 2 years since the design barely changes.

That said, the speakers are lacking. On Linux I have to crank the volume up to 200% often. I don't know of a way to do this in WIndows (partner has a T410 with WIndows).

about 10 months ago
top

Tor Now Comes In a Box

Ingenium13 Re: Make it easy? (150 comments)

You can use Whonix in virtualbox. It basically replicates this setup, where you have a gateway VM and a workstation VM. The workstation can only access the Internet through the gateway. So if the workstation is compromised it still can't leak your IP.

about 10 months ago
top

Should Google Get Aggressive About Monetizing Android?

Ingenium13 Re:Already bad both ways (168 comments)

Why can't you install Google Apps on AOSP? Can't you just flash the gapps zip?

about a year ago
top

NSA Scraping Buddy Lists and Address Books From Live Internet Traffic

Ingenium13 Re:Raspberry Pi to the rescue! (188 comments)

Just add your self-signed root CA to the browser. I have a root CA I use to sign all my certs, and I add the root to my laptop, servers, and mobile devices. That way they validate.

about a year ago
top

Sorm: Russia Intends To Monitor "All Communications" At Sochi Olympics

Ingenium13 Re:Didn't the NSA attack take advanage of a bug? (193 comments)

No, the browser in the Tor Bundle used to have NoScript enabled by default. They sometime since then changed it to be disabled by default. Last I checked it's still disabled by default.

about a year ago
top

How The NSA Targets Tor

Ingenium13 Re:TAILS (234 comments)

The solution to this is to run Tor (specifically the Tor bundle) in a combination VM (or container, such as Docker) and AppArmor/SELinux profile. So no changes are stored; it reverts to the original image each time it's run. Furthermore, you can the restrict access of everything other than the tor daemon to only be able to access the tor SOCKS port on localhost, and block all UDP (no DNS).

That way even if rooted with a 0-day, it can't really give up your identity and it won't persist. Sure, they could probably chain 0-days together to try to escape the VM/container and sandbox, but it would certainly make it quite a bit more difficult for them.

There are pre-made Docker containers and AppArmor profiles for the Tor bundle already. They just need modified/combined to let you use both at once.

about a year ago
top

Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks?

Ingenium13 Re:Not much worry with a source build (472 comments)

I don't think Chrome uses my Ubuntu keystore. It never asks for a password when opening Chrome, and it never requested access to the keystore. I'm using 12.04.

1 year,9 days

Submissions

Ingenium13 hasn't submitted any stories.

Journals

Ingenium13 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>