Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

No, there is no guarantee that the user will not use a mobile phone to access his online banking (and the idiocy of some banks pushing out mobile apps for online banking doesn't actually improve security in that area either).

You can't make the user secure. You can only offer it to him and hope that he's intelligent enough to accept it.

6 hours ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

Opportunist 80s movies? Really? (486 comments)

So it's also the 80s movies to blame that women are not interested in careers like soldier, spy, pilot, policeman (apology, -woman), archaeologist, exorcist, karate fighter,...

Has anyone ever looked closer at the 80s? The 80s were not a geek decade. The only movie I can remember where geeks were not just the comic foil (ok, even in that one they were) was "Revenge of the nerds". The whole "engineering geeks" were no role model in 80s movies, and even less so in TV series. Whenever they were in some prominent role, they were the little sidekick of the actual hero. Be it Automan's creator Walter, who was mostly a comic sidekick (ok, the show wasn't that memorable, but the special effects were great for its time) or Street Hawk's Norman who was some timid, beancounter-ish scaredy-cat. The geek roles were at best meant to make the hero shine some more.

Actually, the only engineer role I can remember that was allowed to be superior in areas to the hero and be more than a nuisance to him was that of Bonnie in Knight Rider.

A woman.

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

The second channel will not secure a compromised channel, but it will make it easier to detect it.

There are various defenses against replay attacks, most of them relying on keys being tied to the current time and only being valid NOW but neither before nor after. But that is only good against a replay, it is quite useless when the attacker is manipulating your own communication. That has been the staple of attacks against banking software since the advent of the OTPs, and the only sensible defense against that is actually a two channel communication. Out of band one way transmission (i.e. sending a OTP to the customer to use in the transaction) doesn't help here.

There is very little you can do to combat malware infections unless you are willing to use a second channel. At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time. And if nothing else, this is where it will be manipulated.

And it's heaps easier to do if the interface used is a browser. You can literally pick and choose just where you want to mess with the data.

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

By promising him dancing pigs if he just presses it for me...

Seriously, don't overengineer it. You'll only hate yourself for investing too much brain power when you learn that all it took was the promise of cute kittens of bouncing boobs.

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

The system you describe has been implemented often. Most often I've seen it with online games and the like where the main threat is the use of credentials by a malicious third party (i.e. some account hijacker stealing username and password, logging into your account and doing nefarious things with it). For that, you don't need a dongle. You need two synchronized devices that output the same (usually numeric) key at the same time. Basically you get the same if you take a timestamp, sign it using PKI and have the other side verify it. If you have two synchronized clocks, transmitting the signature (or its hash) suffices. That doesn't really require plugging anything anywhere, although it probably gets a lot easier and faster to use if you don't have to type in some numbers and instead have a USB key transmit it at the push of a button.

But that's no silver bullet. All it does is verify that whoever sits in front of the computer is supposedly who they claim to be and entitled to do what they're doing. It does NOT verify what is being sent, or that the content being sent is actually what this user wanted to send.

If anything, it protects Google rather than the user. Because all that system does is making whatever is done by the user of the account non repudiable. Because whatever is done, it MUST have been you. Nobody else could have done it, nobody else has your dongle.

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist Re:How does it secure against spoofing? (109 comments)

Technically, "real" two factor authentication, with two different channels involved, require an attacker to infect and hijack BOTH channels if he doesn't want the victim to notice it.

As an example, take what many banks did with text message as confirmation for orders. You place the order on your computer, then you get a text message to your cell phone stating what the order is and a confirmation code you should enter in your computer if the order you get as confirmation on your cellphone is correct. That way an attacker would have to manipulate both, browser output on the computer and text messages on the phone, to successfully attack the user.

In other words, it does of course not avoid the infection. It makes a successful attack just much harder and a detection of the attack (with the ability to avoid damage) much more likely.

8 hours ago
top

Google Adds USB Security Keys To 2-Factor Authentication Options

Opportunist How does it secure against spoofing? (109 comments)

What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

11 hours ago
top

How Lobby Groups Rejected the Canadian Government's Plan To Combat Patent Trolls

Opportunist Re:Who are these patent lobbyists? (51 comments)

I was thinking more along the lines of torches and pitchforks.

yesterday
top

Google Changes 'To Fight Piracy' By Highlighting Legal Sites

Opportunist Yay! (150 comments)

Let's just hope you can filter for those legal sites.

yesterday
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

Opportunist Re:Censorship (109 comments)

The problem is less that people think they're anonymous. The problem is more that it's usually not they themselves that post "incriminating" content but their peers, and with the internet this means it's here to stay.

For reference, take Star Wars Kid and all the other involuntary internet celebrities.

2 days ago
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

Opportunist Re:As expected from google (109 comments)

While I agree that this would be the best way to deal with it, you seem to forget what most politicians also conveniently ignore: Their laws don't mean jack in Generistan. Slander isn't really a crime in some countries. At least countries that have real problems instead of first world problems are usually a wee bit, let's say, sluggish when it comes to your request to take down some article you don't like.

For a time I was busy trying to fight malware. Part of that fight included trying to take down command&control servers. You have NO idea how much trouble it can be to convince the executive in some far east countries to cooperate in something like shutting down such a C&C server. Even if said country does actually have laws against computer crime. Now take a wild guess how easy it may be to convince a provider in said country to do something against an article the content of which is possibly not even violating their local law (but is violating EU laws).

The EU can only policy the territory it controls. Some countries may think they own the world and can enforce their laws anywhere, I'm kinda glad the EU doesn't follow that train of thought. And I am DAMN glad they try to control it that way instead of the "Chinese firewall" approach!

2 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Opportunist Re:"fun" (122 comments)

Nobody said it wasn't way more efficient for the ad companies. The claim was that it was more efficient for the company advertising.

3 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Opportunist Re:Nope. (122 comments)

Not really. Most ads I get to see are for products that you can get either free or at least cheaper elsewhere.

3 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Opportunist Re:Nope. (122 comments)

It's through his enemies, not his friends, that man learned to build walls.

And it was ads that taught me how much fun it is to manipulate the content before displaying it.

3 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Opportunist Re:The first one is always free (122 comments)

As perverted as it may sound. yes. Your watching is being sold to the one that wants you to see the commercial.

3 days ago
top

Snapchat Will Introduce Ads, Attempt To Keep Them Other Than Creepy

Opportunist Re:The first one is always free (122 comments)

The main reason ads are a viable business model is that most people don't mind them and those that do know how to get rid of them.

3 days ago

Submissions

top

Bush shoe attack beneficial for its maker

Opportunist Opportunist writes  |  more than 5 years ago

Opportunist (166417) writes "You might remember how Bush was attacked by a reporter with his shoes. Now, some people wondered why. Some wondered how he got through security with his assassination devices. Some wondered whether his bodyguards were having a field trip day and how this was possible.

Others wondered "what shoes are those". And they found out. It was the Ducati Model 271, now redubbed the Bush-Shoe. And sales are skyrocketing. The Turkish company making them can't keep up with the demand. Who said that a personal visit of a politician couldn't be beneficial for the economy in the country?

How to interpret this is maybe up for debate. Personally, I think some people took "voting with your feet" and showing their political view with them to a new level."

Link to Original Source
top

Stupidfilter: The end of Trolling on /.?

Opportunist Opportunist writes  |  more than 6 years ago

Opportunist (166417) writes "What would /. be without "FRIST POST!", In Soviet Russia memes and a confirmation of netcraft? Well, if Stupidfilter becomes what it claims to be soon, we might find out. The makers of this OSS claim that they can (soon) filter out stupidity, ignorance and trolling from boards, making the life of moderators and administrators worldwide a lot easier. Currently it relies mostly on the amount of CAPS in a text, the mix of letters and some statistics. Soon it shall become able to sense typos and grammatical errors, which shall hopefully increase the chance to catch dumb postings. Of course, the implications are that non-native speakers (like me) might get caught in the filter due to a (possibly) higher rate of misspelled words and a (likely) smaller vocabulary. And of course it can be used as a "content filter", to keep out unwanted opinions. So whether this technology will bring us less trolling or less freedom to discuss (or whether it brings us anything at all), only time will tell."
Link to Original Source
top

When Amazon sells Audiophile cables...

Opportunist Opportunist writes  |  more than 6 years ago

Opportunist (166417) writes "...comments go berserk. Now, I certainly don't want to decide whether audio equipment that costs 10k is worth it, or at least improves sound quality in any way. I even don't want to judge whether cables that only transmit digital data can have a positive impact. Personally, I don't see why a "better 1 or 0" makes better sound.

But what I know is that when Amazon sells such a gem, people go berserk with comments. Some even found Jesus in their BBQ sauce.

The first Audiophile vs. Anti-Audiophile war on Amazon. Truely a good laugh.

(to be honest, I just submit the story hoping to find out whether it's possible to create a /. effect on Amazon...)"
top

Large Hadron Collider - The doomsday device?

Opportunist Opportunist writes  |  more than 6 years ago

Opportunist (166417) writes "We're all going to die! The LHC (Large Hadron Collider), the big underground donut in Genf that shoots little particles onto each other, is going to create a black hole that is going to swallow us all alive!

Or so Mr. Walter Wagner claims on his homepage. He demands in no uncertain terms that this project is to be put on hold until the dangers can be assessed, after all we only have one Earth, and no backups to restore from.

A bit of insight from people who know more about those things would be interesting. Can energy that could possibly heat a cup of coffee create a tempest in the teapot? And more important, what motivates people to prophesy doom? I mean, when you're wrong, you're ridiculed, when you're right, you're dead... how do you win?"

Link to Original Source
top

Amazon delists music after battle with MI

Opportunist Opportunist writes  |  more than 6 years ago

Opportunist (166417) writes "It all started with Amazon buying music cheaply abroad and selling it expensively in the EU. Now, the music industry did not like that of course, deemed those imports "illegal" and sent a cease and desist letter. Amazon decided to bend to the MIs will. And do more than that. They not only delisted the CDs required, they pulled almost everything from Sony and Warner (and a few topsellers of Universal and EMI) from their range of products. In the meantime, after a quick talk, it seems the problem has been resolved. For now. Neither side really considers it settled, it just seems both agree that such a battle should not be fought right now, in the week before the big spending event. Though one has to wonder: Who is actually in the stronger position when they canot find an agreement?"
Link to Original Source

Journals

Opportunist has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?