×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Mozilla Dusts Off Old Servers, Lights Up Tor Relays

TheCarp Re:Why make enemies of goverments? (80 comments)

Because when the state makes its enemies based on whether or not their legitimate use of technology annoys them, then the state deserves enemies.

You are evaluating the situation in a vacuume. If everyone took that approach then the government just gets whatever it wants out of fear. Giving in to that and making decisions based on it, encourages such rule by fear attitudes.

3 days ago
top

"Mammoth Snow Storm" Underwhelms

TheCarp Re:jessh (397 comments)

Yup, I cleared about 4-6 inches of snow off our walkway/sidewalk/driveway at 1 am, and when we woke up at 8, the only evidence that I had even been out there were some slightly higher mounds where I had tossed snow.

Normally it takes several storms over the course of a week or two to pile it up like this and the streets were just kind of wet as of 5 pm yesterday. This has been a good one.

5 days ago
top

Dish Network Violated Do-Not-Call 57 Million Times

TheCarp Re:Cardholder services (247 comments)

> Likewise, when scammers call me up about my [insert model year] [insert make] [insert model] and how my
> warranty is up, I ask them to name my warranty company

I had fun with these guys once. I was tired of hanging up on them so I decided to hang on the line and try to get info out of the guy after they thought they might have me. So I get put on with this guy who....asks about my car!

Lol the audacity to claim my warranty was expiring then to not even know what kind of car I have? wow. So I told them.... a 1992 bucik lesaber (this was about 5 years ago so almost a 20 year old car, and one I never owned). and I ask "oh btw what company is it you work for" I forget now, but I wrote it down and then told him, thanks for the info now you can add me to your do not call list. :)

Despite that, he saved the car info, and I started getting calls about my 1992 buick lesaber!

about two weeks ago
top

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

TheCarp Re:Well, the king wouldn't abuse it, so... (290 comments)

Sure while it is strictly correct that it can happen and does happen, it certainly doesn't happen with nearly the frequency which it should, which is, every single time. These events are such a rarity that we really may as well ignore the few times it happens since its not significant compared to the magnitude of the problem.

about two weeks ago
top

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

TheCarp Re:Well, the king wouldn't abuse it, so... (290 comments)

Oh I fully agree, in no way did I mean to imply that throwing out the evidence was wrong..... its the best thing you can do under the circumstance and the only proper way to handle in within the context of the original case.

My comment is 100% aimed at the lack of followup and the lack of any even attempt to prevent the issue beyond hiding the truth of the matter and avoiding dealing with it.

Its correct to toss out such evidence, its incorrect to not treat the criminal searches as a crime.

about two weeks ago
top

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

TheCarp Re:Didn't we have this discussion... (290 comments)

Honestly, dogs shouldn't even be used except in certain situations, for the post part, their findings should be as inadmissable as a polygraph because; and I want to be clear IN THE WAY THEY ARE COMMONLY USED they are little more than a prop.

The reason for this is while, they have excellent snouts, they are even better at playing clever hans.

So if you have an endless line of luggage to check, or lines of random cars waiting.... that is, situations where the handler himself has no reason to suspect anything in any particular place, dogs perform quite well, they are excellent sniffers.

However, its been shown that in cases where there is any suspicion at all on the part of their handler, that a dogs false positive rate goes through the roof to the point that they actually "hit" on nothing more than their handlers pre-existing suspicion more often than not.

Essentially maning, dogs are worst than useless in the most common use cases, and really work best in the rather uncommon cases of tracking and large scale checkpoints; and have little to no place at all anywhere else.

about two weeks ago
top

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

TheCarp Re:With taxes you buy civilization, remember? (290 comments)

> Huh, controversial use of tax dollars (and a very small percentage of tax dollars) implies that all taxes are bad? I
> didn't realize we took the worst reported use as the standard use.

Not sure standard case works either. Non-controversial uses of tax dollars should not be allowed to justify or excuse the less standard and more abusive ones. If taxes pay for abusive uses then taxes are bad. This is a standard that is appropriate and every single person whose actions are representative of the people who take taxes should be reminded of it and should feel the full force of that dire responsiblility.

Yes an illegal search in some way invalidates taxes because.... it is a violation of the very rights that this government was founded to uphold, and ALL other functions are secondary to imposing those limits on itself.

about two weeks ago
top

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes

TheCarp Re:Well, the king wouldn't abuse it, so... (290 comments)

> I expect to see hundreds of law enforcement officials going to jail.

If that is what you expect, then you are going to have a very bad time. Police only occasionally go to prison and it really takes extraordinary circumstances. We know incidents of illegal searches happen, we know that because evidence gets excluded at trial, yet, only 10% of people who are convicted actually even go to trial.... yet in that sampling, we find illegal searches.

Now, do police get charged with a crime for an illegal search? The constitution itself garauntees us freedom from searches without due process, not freedom to have the evidence tossed out in court, so far, only part of that is being upheld....where is there ANY attempt being made to ensure that illegal searches NEVER EVEN HAPPEN IN THE FIRST PLACE?

I see no attempt being made. If anything, all I see is attempts to do end runs around our rights and limit exposure of the truth.

about two weeks ago
top

FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN

TheCarp Re:Locked Homes are Next? (383 comments)

> And what proof do you have of that? What assurances do you have they don't abuse this?

Yup and, what evidence would exist if they did abuse it? None at all. This is something that, if they have it, the ONLY protection we have for our privacy is to hope they don't abuse it; or if they do abuse it, that they meticulously log their abuses.

How would you ever know that a legitimate warrant was not proceeded by other scans, which were then used to manufacture a believable story with which to gain the warrant? Hell, with police actually defending the practice already as "Parallel construction", we can't really trust them at all.

about two weeks ago
top

Researchers Use Siri To Steal Data From iPhones

TheCarp Can you say stingray? (55 comments)

> On the other hand, it only works on jailbroken devices and attackers somehow need to be able to intercept the
> modified Siri traffic.

So basically, its useful if you can run a stingray and most effective against more sophisticated users who jailbreak their phones (yet still use siri). Nice, real nice.

about two weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

I know I am a little late to the reply but...

> I prefer a wireless keyboard with a USB dongle that acts as a standard keyboard, thank you.

which is exactly what I prefer too but, which is why I say, ditch the driver. The driver is just one more place your scheme can be compromised, clearly the solution is to have the dongle capable of pairing without PC participation beyond, (possibly) providing power.

about two weeks ago
top

Google Finally Quashes Month-Old Malvertising Campaign

TheCarp Re:SOME visitors (56 comments)

Yes this would help a lot, especially for videos though, a lot of times, I just give up and move on, or put up with finding the text in the middle and reading it with no formatting.

about two weeks ago
top

Google Finally Quashes Month-Old Malvertising Campaign

TheCarp SOME visitors (56 comments)

That shit doesn't happen to me because I run requestpolicy. When I load up site X.Y.Z and it says "Here load content from a.b.c" It....doesn't load unless I manually approve it. For all sites all the time, and google....almost NEVER gets the approval unless absolutely required.

about two weeks ago
top

Man Saves Wife's Sight By 3D Printing Her Tumor

TheCarp Re:This could be fun.... (164 comments)

Often I think it comes less down to the FDA and more to the interpretation. If you are a hospital using a device that comes with a certification from a vendor saying that you have to buy their drives to maintain certification, a few hundred bucks extra isn't worth the risk of it not being a bluff.

When I was working for a hospital we had a box running an ancient version of rhel (AS 2.1 if I remember) that the vendor swore could not be upgraded or security patched because of fda certs. What did we do? We made an exception.

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

Which is all the more reason why system designers really should consider themselves as having a duty to care for them. The vast majority of users are not experts and any risks they expose themselves to in using the product really are things they can't be expected to understand. So products intended for non-professional markets especially; should really be designs to not expose inexpert users to risks as much as possible.

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

> Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means
> you need enough logic to run the LCD screen and the pairing stuff.

oooh I have been thinking about this.... I think it can be done even easier and cheaper.

Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing. Just plug the dongle into the device, and press a button, they can do a key negotiation over their local USB connection. No LCD needed, maybe.... an LED and a button.

That should put an easy end to easy sniffing. Course if someone is coming into your house and plugging shit into the wall, maybe they can just replace your whole keyboard too.... fake the dongle and keyboard into each pairing with his device and MiTM you? or wholesale replace yours with his lookalike.... but, its certainly not casual sniffing at that point.

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

In the future keyboard designers should make the protocol more configurable so that on casual observation it is not so easy to determine what packets are data

Thats a very common misconception, but the fact is that is pretty exactly what they should NOT do.

Specifically that is, they should not even attempt to design their own method of securing the data. They should use fairly standard, well tested, modules produced by professional cryptographers. Full stop. These are solved problems, and there are several very well researched and well designed techniques for solving these issues.

There is always room for more such techniques but, to think that some engineer working on a keyboard is going to design one that is even as good as what we have as just....a submodule of his project is just not realistic.

Choose a solution for authentication/key negotiation....choose a cipher. Go back to designing the keyboard itself. That really is the best part.... since its a solved problem.... it really isn't a huge level of effort to fix correctly.

Plus its a keyboard...a "pairing" could be as simple as flipping a switch into pairing mode, then typing some text that shows on the screen of the device pairing with it. Its not like its some headset with only 2 buttons.

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

DoD are not the only people who require FIPS 140-2. I have worked at shops with various mixes of FERPA, HPAA, and PCI requirements for various parts of their operation, and I have run into it a couple of times; though I can't tell you (because I don't know) whether any of them have been strictly due to a regulatory requirement or a place where local policy simply adopted the recommendations from it.

In short, if such a device existed, it might actually end up on several companies prefered purchasing lists for their employees, or even cause other competing products to get disqualified as just the existence of one could call the others into question.

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

The thing is, the cipher doesn't do the job alone, once you have a good cipher, you then need good key generation/negotiation, which pretty much requires some sort of authenticated pairing step which requires user interaction to complete.

Still pretty reasonable but, everyone wants "plug and play" and thats hard to reconcile with "safer play"

about three weeks ago
top

Wireless Keylogger Masquerades as USB Phone Charger

TheCarp Re:Dewhat? (150 comments)

I would say this is pretty close to how I look at it now. I got a cheap wireless keyboard sure....but anyone sniffing the traffic is going to be bored to tears as I don't ever type anything the least bit confidential on it. Best you are getting is a bunch of youtube URLs and a whole bunch of wwwwwwwwwwwwwaaaaaaaaaaaaaaaasssssssssssssssddddddddddddddddddddddddfff

about three weeks ago

Submissions

top

TheCarp TheCarp writes  |  about 8 years ago

TheCarp writes "I was on my way home from work today using the good ole MBTA. I saw my bus come, and the line form, and then I saw something quite shocking; a sign declaring "This Bus is equipped with a security system". Sure enough there was a camera on the top outside of the door, one pointing down the length of the bus, two at right angles crossing by the back door, and another in the back. There was virtually nowhere to go and not be video taped. Of course, with all the upgrades recently, I don't remember any mention of this decision. Apparently its not enough that we listen to ineffectual "please to report unattented bags and suspicous activity" announcements; Now the week after they nearly doubled the fares, there are cameras on the busses! I don't know if this bothers anyone else, but with all the stories of England and their cameras, it worries me that we have more than started down the path to a police state. I just filed a complaint through their comments page"

Journals

TheCarp has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?