×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Brazil Admits To Spying On US Diplomats After Blasting NSA Surveillance

_Sprocket_ Re:sensational headline (239 comments)

Don't worry - as soon as the proposed requirement for all information systems involved with doing business in Brazil be hosted in Brazil is in full effect, the Brazilian intelligence service agents will have better opportunities. You know - assuming the NSA hasn't poisoned the well and tipped everyone off by then.

about a year ago
top

AOSP Maintainer Quits

_Sprocket_ Re:Google can fix it with a hammer. (221 comments)

Customers don't give a damn if there is an API. Just a tiny tiny % of geeks care. But that tiny tiny % are developers. And customers like what developers create.

Customers don't know how the magic black boxes work. But they sure benefit from the magic created when those who do know can do their thing.

Also - for a company who "doesn't give a damn about open source", they sure do a lot of it.

about a year ago
top

IE 9 Beats Other Browsers at Blocking Malicious Content

_Sprocket_ Re:Who paid? (235 comments)

I am fully confident that it will. Until the next joker either misunderstands the Secunia data or uses it to troll others who don't understand it.

more than 3 years ago
top

Aaron Barr Talks About DEFCON, Anonymous Attacks

_Sprocket_ Re:Fuck Aaron Barr (77 comments)

In my view, that "maybe" is important. Spending more money on "security" may or may not actually improve security posture. Money spent in fear without understanding isn't guaranteed to go towards sane, educated decisions.

more than 3 years ago
top

Essex Police Arrest Man Over Blackberry Water Fight Plan

_Sprocket_ Re:England (158 comments)

Yet either way, the "protest" ends up looking bad in the media. Go figure.

more than 3 years ago
top

4G and CDMA Reportedly Hacked At DEFCON

_Sprocket_ Re:I want to call bullshit... (139 comments)

It should be noted that this particular attack (base station impersonation) was actually demo'd and performed last year during blackhat and defcon.

I highlighted the important part that you should have been paying attention to.

more than 3 years ago
top

Google+ Registers 25 Million Visitors

_Sprocket_ Re:So...google apps folks? (213 comments)

That's because Profiles are no longer available to Apps accounts. Convert and voila - profile goes poof. G+ is dependent on Profiles. Google says they're doing something special with Profiles for Apps users and will be available Soon. Suspect it might be related to G+ Organizational / Business accounts.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

Either way, it's impossible to argue the data collection was accidental. You don't send a van out running software without having RTFM and testing it out in some trial runs.

Not impossible at all. Kismet provides data in various different formats. And even then, if what you're doing is extracting particular pieces of data from the traffic capture but not paying much attention to everything else, it isn't unreasonable to not really notice what else you've captured.

I used to occasionally run Kismet during my commute. I was curious about what access points I could see during my route and what state of configuration they were in (with the expectation to scoff at all the default unsecured - actually surprised that those numbers had fallen out in the real world). After doing this for a few months, I was going back through my directory to clean up. Just for giggles I decided to actually look at the caps I had collected and see if there was anything interesting in the packet payloads. Most of it was junk; driving around isn't a particularly good way to snoop on a network. But I did find one email password from a slice of captured POP traffic. So I did end up with someone's sensitive data sitting on my drive for possibly several months despite the fact that I wasn't particularly interested in it or being aware of it.

I suspect this is more or less what happened with Google. Scanning through the Google van captures might have turned up nothing. But Google was doing this on a larger scale so the odds were in the favor of something turning up due to the sheer amount of unsecured traffic out there.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

Not if your discussion is being done via bullhorn.

Bullhorns imply you want your words heard by many people. The WiFi equivalent of a bullhorn would be either a signal booster or a publicly advertised network (like at a coffee shop).

It's possible to eavesdrop on conversations in your house from miles away, no bullhorn required. But people reasonably don't expect this to happen. The same is true for their WiFi signals. People reasonably don't expect a company going around and logging their information like this.

The problem is that we have people using bullhorns to communicate and don't realize the implications of doing so. Then they're all shocked when people can hear what they're saying just by listening.

I'm not terribly outraged by this, although I do think Google knowingly went well beyond what is reasonable. I mostly find the nerd hypocrisy here to be ridiculous.

Apple gets called "evil" and thoroughly trashed here for *not* recording people's, or even any particular device's, locations, but Google gets a pass for *actually* treading on this territory (definitely logging the location of devices), and even logging actual network traffic!

I expect I'd be upset if I thought Google was actually logging the data in the sense of trying to catalog and use it. The fault that I lay at Google's feet is to not have realized the potential sensitivity of what they were collecting and done proper cleanup afterwards. As for Apple.... unless I'm missing something, Apple was not doing the exact same thing as Google was. The method and intent is likely as important as the resulting data. And so to decode the "nerd hypocrisy", you probably have to go in to the details.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

OK, let me rephrase. If this tool does something you want, but also does things you don't want, then it may not be the right tool for the job. (A hammer will kill pesky houseflies, but it will also leave holes in your walls.) Try it like this:

The tool is perfectly suitable for what they need. The problem is that they didn't scrub the data they collected and then destroyed everything else collected.

The TSA wants to collect information about each passenger (whether or not they are carrying prohibited items). They have a tool that collects that information, but also collects information that the TSA doesn't need, but that has potential to upset people (images of their privates). If the TSA goes forward with using that tool, they can expect blowback. It might be a great tool for collecting the desired information, but that by-product causes problems - perhaps enough problems that it's worth finding a different tool.

If I'm walking past a security camera in a public location and it gets pictures of me naked because I'm wearing no clothes, I have little reason to be upset about my nudity being captured. What the TSA is currently doing is taking steps to expose me beyond what I've chosen to expose in public. The problem here is that there's a large population who think they're wearing the finest new Emporer fashion and don't like the idea that they've been naked all along.

This isn't so much a technical problem as a management problem. I don't think it's intentional or malicious, but it might qualify as dumb. The snark comes in when you've got an ex-CIO pooh-poohing project management at the same time that Google is having a really hard time putting this one to bed.

I don't have much say on the management issue but I'd imagine if I'm a big believer in PM processes, this would irk me. As I noted, I think the real problem here is that Google didn't properly handle the data. Either the people running the project or some layer of management should have realized the potential of the data they were collecting and ensuring it was handled more appropriately.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

So, if you go out and shoot a rabbit and eat it for dinner, you have done nothing wrong. If Hasenpfeffer Incorporated sends trucks around the nation to systematically shoot every single rabbit in the country so that they can sell the meat, then we have a problem.

But the analogy only works in so far as there are a limited number of rabbits to be had and hunting on a systematically large scale depletes the populations. Meanwhile, systematic capturing of broadcasted, unencrypted network traffic does not decrease the availability of that traffic (although if it did - it'd probably be a Good Thing... security awareness).

The analogy would be different if having a large amount of rabbit from various locations easily accessable would be an issue.

Given Google's history, and the fact that no one has tried to do what they are doing before, I would be likely to give them the benefit of the doubt that they did not intend to be evil by collecting more data than they should have. The ignorance excuse does not extend forward though. If in six months, it comes out that they still gathering that kind of data, they don't get to claim ignorance.

I think the real issue here isn't that Google was able to record this information (any wifi device does this as the most basic level). The problem is that Google didn't realize the significance of the junk traffic and systematically scrub / destroy it (where wifi devices differ is comitting data to long-term storage). It appears that Google won't continue that particular behavior.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?

You don't write your own software. You use a common off-the-shelf app that provides a data dump with everything you need. It's called Kismet. You should take a look at it.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

Not if your discussion is being done via bullhorn.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

I've used Kismet to do site surveys before. By default, it's dumping packets for anything it can find. I could probably go through my laptop and find old caps with fragments of data from neighboring networks that had nothing to do with the entity that I was surveying. With that in mind, it's not particularly shocking that Google has done something similar. But do keep trying to push this as an intentional, malicious, or at least "dumb" act. Because everyone likes ignorance if it's packaged in snark.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.

So what you're saying is that you've never used off-the-shelf software to do something and you have absolutely no experience using Kismet.

more than 3 years ago
top

Google Grabbed Locations of Phones, PCs

_Sprocket_ Re:Outrage (230 comments)

So what you're saying is that if I whip out my phone in the streets of NYC, snap a shot of traffic, and fail to then photoshop out all the license plates before posting that shot on the web, I'm being morally indefensible?

more than 3 years ago
top

Advertising Network Caught History Stealing

_Sprocket_ Re:Adsense (143 comments)

Some people use quotation marks for paraphrased quotes.

Right. And some people don't know what they're talking about and like to put words in other people's mouths. If you're going to quote someone, quote them.

What was actually said in the oft-misquoted Schmidt interview:

"I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important to remember, for example, that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities." -- Eric Schmidt

Note that isn't a paraphrase. That's a real, gen-u-ine quote. I don't agree with him that the desire to maintain privacy is any way linked to whether I should or should not be doing something. But what I find even more interesting is that in the same breath, we're being warned about the Patriot Act. We're being told without actually being told (because that would be illegal) that Google is being served with Patriot Act requests. Nobody ever seems to key on that though.

Back on topic - nowhere does Schmidt say that privacy isn't important. I understand and share the concern over how much data and meta-data Google has access to. I'm even more concerned over the possibility of Google changing hands or Government access to data (i.e. Patriot Act). But let's limit criticism and concerns to real issues. The real issues are enough without making crap up.

Unless, of course, making crap up is part of a larger agenda.

more than 3 years ago
top

Advertising Network Caught History Stealing

_Sprocket_ Re:Adsense (143 comments)

I thought it was more interesting when you did this post the first time. But I guess you can now copy and paste this in to anything Google related from here on out, right?

Now I'm wondering. Where does this copy-and-paste come from? When has an agent of Google said "privacy is not important"? And when does Google+, a "social network" service that not only features but stresses limiting communications to user-customizable groups and therefore controlling how public any given communications are, represent an example of privacy not being important?

more than 3 years ago
top

Book Review: Cyber Warfare

_Sprocket_ Re:It's not Cyber "Warfare" ..it's Cyber-Espionnag (24 comments)

It's just espionage with new tools. Look at 1982 Siberian Pipeline incident. No Internet required. We already have some history to work with and extrapolate from.

more than 3 years ago
top

Wired Releases Full Manning/Lamo Chat Logs

_Sprocket_ Re:Should have continued to withhold. (307 comments)

And a traitor. Don't forget that part.

Here's the rub. If we assume that the logs are accurate, Manning seems to feel that he's really uncovered an amazing amount of corruption. Revealing such a thing would not be treason. It would, in fact, be a very heroic thing to do.

My take on it is that he didn't deliver what he thought he had. And if anything, we was an emotionally compromised individual who's clueless actions will have negative impact on people's lives... none the least of which includes his own. That makes him more fool than traitor.

Keep in mind that mistakes are made. Unfortunately, in the military those mistakes tend to cost lives. We don't accuse treason against those who're involved in friendly fire incidents where there is no evidence of intent to kill friendlies (though we may accuse them of negligence if appropriate).

more than 3 years ago

Submissions

_Sprocket_ hasn't submitted any stories.

Journals

_Sprocket_ has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?