Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Former FBI Agent: All Digital Communications Stored By US Gov't

dachshund Re: Jupiter Tape? (621 comments)

There's a huge difference between this claim and lawful intercept on demand -- meaning that a formal request is made to the Telco to intercept such and such number for a period of time, then the calls are re-routed to special recording equipment.

In this case you'd need to have active real-time recording capability for every call made on every switch in the entire national phone network. You'd also have to hide this capability from the techs who work on the switches and/or swear them all to secrecy. That would be tens of thousands of switches, and many thousands of technicians.

Leaving aside the fact that you'd have to re-engineer the switches themselves, since they were not designed to support this kind of logging (no storage capacity, limited CPU, etc.)

All it would take at this point is a single wagging tongue or a Wikileaks dump to break the whole thing open. Since we've seen this happen for much smaller wiretapping deployments, I'm skeptical that you could pull anything like it off without everybody knowing.

What you can do is monitor trunk lines (which is what happened in the case of the Folsom Street tap, mentioned above) and you can certainly build your own wireless interception hardware. But this is a very different thing than what TFA claims.

about a year ago
top

Former FBI Agent: All Digital Communications Stored By US Gov't

dachshund Re:Jupiter Tape? (621 comments)

For the Boston Marathon bombers, this would have been a perfect investigative tool. Once you have the phone number of a target, you simply scan backwards through all of their recorded calls.

When I say nobody needs to mine the data, I don't mean nobody every looks at it. I simply mean that you don't mine it in real time. You simply record the text along with the call metadata, and wait until you have some specific targets to investigate. At that point you construct a graph from that starting point, and go back to listen to the relevant calls.

I think you're overestimating the need for voice recognition. People with burner phones still leave records. After the fact you'd look for obvious connections, paying particular attention to numbers classified as likely disposables.

(I have no doubt that some of this already happens at the metadata level, anyway. The question here is whether they actually record call contents to go with it.)

about a year ago
top

Former FBI Agent: All Digital Communications Stored By US Gov't

dachshund Re:Jupiter Tape? (621 comments)

Nobody needs to actively mine the data. The goal would be to collect it. Once you've collected it, you have the ability to follow leads you wouldn't have been able to follow had you not captured it in the first place.

You become aware that an individual may be a person of interest. Ordinarily you'd begin your investigation at that point. With this technology you can now go 'back in time' and figure out not only who that person spoke with, but exactly what was said in those calls. It would be incredibly useful.

I could even see Executive Branch lawyers convincing themselves that this was legal, provided the communications were not actually accessed without some sort of due process.

Of course, the problem with this theory is that it would be very hard to implement, since it would require massive and detectable changes to local telco infrastructure. On the other hand, intercepting wireless communications could be done without any such tampering, provided that the government could obtain a database of SIM credentials for decryption.

about a year ago
top

Meet the Lawyer Suing Anyone Who Uses SSL

dachshund Re:The real problem (347 comments)

They're patenting a method of exchanging the keys to use for that cipher, and claiming using SSL/TLS to exchange the keys to use for RC4 violates their patent.

Not precisely. Here is Claim 1 of the patent:

providing a seed value to both said transmitter and receiver,
generating a first sequence of pseudo-random key values based on said seed value at said transmitter, each new key value in said sequence being produced at a time dependent upon a predetermined characteristic of the data being transmitted over said link,
encrypting the data sent over said link at said transmitter in accordance with said first sequence,
generating a second sequence of pseudo-random key values based on said seed value at said receiver, each new key value in said sequence being produced at a time dependent upon said predetermined characteristic of said data transmitted over said link such that said first and second sequences are identical to one another a new one of said key values in said first and said second sequences being produced each time a predetermined number of said blocks are transmitted over said link, and
decrypting the data sent over said link at said receiver in accordance with said second sequence.

So note that the keys are already provided (exchanged) in the first limitation. Then there's the issue of deriving the receiver and transmitter keys. This could refer to the pseudo-random function (PRF) used to generate session keys in TLS, but my understanding is that they're only asserting this against RC4 configurations.

That last clue is what makes me think that the "first sequence of pseudo-random key values" is RC4 output, and "encrypting" is XORing the plaintext with those values.

about 2 years ago
top

Meet the Lawyer Suing Anyone Who Uses SSL

dachshund The real problem (347 comments)

Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented.

The problem here is not that the patent was filed before SSL was invented (about 1995) -- that could be fine, if SSL was using a patented technology that pre-dated its own invention.

The problem here is that the attorneys are accusing the practice of 'sending network records over a wire and encrypting them with a stream cipher', where in this case the cipher is (I believe RC4). However RC4 was invented in the 1980s and should pre-date this patent. I'm certain that somebody used it to encrypt network traffic in an almost identical manner, so there should be prior art.

Moreover, stream ciphers in general have been around for much longer than that. Someone somewhere has published/deployed this idea before. It should not be a live patent. Note that the case has never been tested by a court.

about 2 years ago
top

University of Florida Eliminates Computer Science Department

dachshund Re:not eliminated? (628 comments)

50% of faculty would be transferred to other engineering departments (ECE, ISE, and BME)

Just to clarify: The other 50% of faculty will move to better Universities. All of the good ones anyway.

My University is already treating this as a huge hiring opportunity.

more than 2 years ago
top

iTunes' Windows Problem

dachshund Re:Try the Netscape/Mozilla approach (332 comments)

Keeps developers from getting tunnel vision, giving them a larger view of the whole ecosystem.

Or it could be because Apple pays somewhat lower salaries than other Silicon Valley companies, and is consequently less able to get its hands on talent. Who knows.

more than 2 years ago
top

iTunes' Windows Problem

dachshund Re:I like the local backup (332 comments)

written for MacOS and somehow been run through a translation layer that converts MacOS system calls to Windows system calls.

If that's the case, then the Mac version is converting MacOS system calls to Windows calls and then back again. In short: the problem is iTunes, not the Windows version.

more than 2 years ago
top

iTunes' Windows Problem

dachshund Re:Try the Netscape/Mozilla approach (332 comments)

Set-up a separate team of programmers. One working on the original iTunes for one final release (11), and a new one rewriting the whole thing to produce a better cleaner iTunes (12).

And here's where you run into the real problem: Apple never devotes enough coding resources to do this sort of stuff. This is why it took a year+ to get copy/paste on the iPhone, and it's also why iCloud doesn't feel 'quite there yet'.

I'm not at Apple, but people who are tell me that there's basically an A-team of good coders, and they get shifted around to whatever project makes the most sense at the time. Apple probably has the cash to fix this, but they don't seem to want to.

As a more general complaint, why isn't iOS PC-free yet? iCloud cost Apple a fortune and it almost lets me do everything without iTunes -- yet try to put a video on my phone, suddenly I'm looking for my USB cable and trying to figure out which computer has my iTunes library on it (because god forbid I sync with the wrong one, I'll wipe my phone).

more than 2 years ago
top

Medicaid Hack Update: 500,000 Records and 280,000 SSNs Stolen

dachshund Re:So, how did they discover the leakage? (64 comments)

So how, then, do they detect the breach, which is usually far more difficult than protecting the stuff in the first place.

A common approach is to insert 'canaries' into the datasets. These are wholly-invented users whose credentials should never show up in any system, anywhere. If they do start showing up in significant numbers, you have a breach. By measuring which, and how many of these fake users turn up, you get a read on how many records you lost.

Not that this necessarily has anything to do with this case. It's also possible that the thieves were openly advertising their haul on the 'net, and some law enforcement agent happened to be listening in.

more than 2 years ago
top

Tensions Between Archivists and 'Occupy' Protesters Over Preserving the Movement

dachshund Re:Meta-post about social tensions evident on post (153 comments)

Note that I agree with everything the GP poster said, but his comments do have an inkling of truth. We are experiencing an economic change in the United States, and may have been experiencing it for 20 years -- masked only by the 90s stock boom and real-estate bubbles. The change is characterized by lower-than-expected growth, and a difference in the way that growth has been distributed. Much of the growth is occurring overseas, and while Americans are profiting off of it, the profits aren't being equally distributed.

This may or may not have something to do with increasing world population, but in the longer term, we do face real population pressures. Not the Stand-on-Zanzibar strawman, where the country literally gets too crowded. Rather, we're facing huge resource pressures. There's reason to believe that our economy is already being constrained by energy resource limitations (read: oil), and not so much because the world population is increasing (though it is) but because large swaths of it have decided not to live in poverty anymore. There are 2.5 billion people expected to come out of poverty in the next few decades, and nobody has a clue how that's going to work. You could live in the middle of the Mojave desert and still be affected by that. And it's not just oil -- look up 'peak potassium' if you want another reason to be concerned. And of course, there's nuclear proliferation and climate change, which appears likely to happen whether or not you believe that humans are involved.

Many of these concerns can probably be addressed, but not by the economic system we're currently operating. So while I don't think that the Occupy protestors are explicitly looking three to four decades into the future, I hope that they're successful because the only way I see our way of life lasting 50 years is if we all make some dramatic changes to the way our government and economic elites behave. It's going to be a bumpy ride, and our current arrangement is like locking 90% of the population into steerage and driving the ship with abandon through a field of icebergs.

more than 2 years ago
top

Tensions Between Archivists and 'Occupy' Protesters Over Preserving the Movement

dachshund Re:Lol (153 comments)

there is truth to the point that many of the people at the protests didn't even know why they were there. Literally, when asked on camera, they couldn't give an answer. They just wanted to be part of an anti-authority movement.

Preserving and defending the right to peaceably assemble, all by itself is a good enough justification for doing it from time to time. I bet a lot of protestors initially who initially had no, or no good reason, to protest eventually found one when the cops teargassed them or otherwise used excessive force. They also probably learned a lot about our democracy.

And yes, every protest is going to have some bad apples. Welcome to reality. If this is unacceptable to you, maybe we should abandon our constitutional right to do it in the first place.

more than 2 years ago
top

Apple Settles Antennagate Class-Action Lawsuit

dachshund Re:Just another class action suit (130 comments)

Yes. But you're making it as if Apple were Monsanto lying about 3 headed babies because their mothers ate corn in the 3rd trimester.

What I'm saying is that Apple collected a profit by lying to its customers, they should be liable for some or all of that profit.

Has our culture degraded to the point where this thought is shocking? If so, please kill me.

more than 2 years ago
top

Apple Settles Antennagate Class-Action Lawsuit

dachshund Re:Just another class action suit (130 comments)

I don't necessarily think that this is a huge legal issue

Actually, screw that (yes, I'm replying to my own post). It is a legal issue.

If Apple had been forthright about the technical issue -- and had been honest about the fact that they were designing a 'fixed' version of the phone -- then I think they would have been blameless. People would have been properly informed and thus could have made the correct decision in deciding whether or not to return the device.

But instead Apple lied. They lied because they knew if they downplayed the issue, a lot of people would take them at their word and hold onto phones that they knew were defective. Moreover, they didn't acknowledge that they were fixing the issue -- since they didn't really acknowledge the issue in the first place (remember when it was going to fixed via a software update?) So people didn't know that they could return the phone and buy a better one a few weeks/months later.

I think that really forms the core of their legal culpability. I wish that their damages exceeded the $$ they probably made by sticking people with those defective phones, but I really doubt that it does. No doubt the shareholders are toasting the ghost of Steve Jobs right now.

more than 2 years ago
top

Apple Settles Antennagate Class-Action Lawsuit

dachshund Re:Just another class action suit (130 comments)

Of course, in reality, the antenna was only marginal in signal areas beyond that of the 3GS it replaced, so the majority of people never saw the issue. Antennas are susceptible to detuning; that's physics for you

Or for god's sake, this post completely misrepresents the issue. I notice you've posted essentially the same comments twice in this thread -- shill much?

For the record, the problem was not limited to marginal signal areas, unless you define 'marginal' as being any area not directly beneath a cell tower. And this isn't just a question of the antenna 'detuning' more (but similarly to) other phones. The unique design characteristic of the iPhone 4 was the decision to place two antennae on the exterior of the phone with no insulation over them. This made it possible to bridge the antennae and essentially swamp them both with noise. This wasn't something that happened 'some of the time'. It was pretty easy to repeat, and it happened in real usage.

Moreover Apple knew it was a serious problem. If you ignore the PR and look at Apple's technical actions, you see a company moving heaven and earth to rectify a catastrophic engineering screwup and repair the antenna as quickly as possible. The only evidence for the idea that 'this wasn't a big deal' came from Apple's public statements.

I don't necessarily think that this is a huge legal issue -- Apple eventually gave out cases so that people with defective phones could use them. And they offered full refunds. But from a customer-relations point of view it was sickening. They basically lied to their early adopters -- people who had enthusiastically lined up to purchase a defective phone -- and agreed to do nothing but send them a bandaid -- while quietly acknowledging the problem and re-engineering the phone so it wouldn't be broken for their next round of customers.

more than 2 years ago
top

Is Agriculture Sucking Fresh Water Dry?

dachshund Re:YES! (379 comments)

The second problem is the way that agricultural water subsidies work. Since farms can obtain water at vastly below-market rates (and can't resell it), there's little incentive to manage it carefully. Hence the pipeline infrastructure is incredible leaky. I don't recall the statistics offhand, but simply repairing the pipeline leaks could save as much water as is used by one or more large cities.

The proper solution is to either (a) allow these interests to resell their subsidized water for human consumption (not terribly appealing), or to (b) offer them cash subsidies for water used, rather than subsidizing the cost of the water itself. Either solution would create an incentive for agribusinesses to upgrade their delivery infrastructure, and would cut out an enormous amount of wastage.

more than 2 years ago
top

Google Close To Launching Cloud Storage 'Google Drive'

dachshund Yes, but will it last? (205 comments)

Google has a habit of killing services it doesn't believe in. That's (moderately) ok for a service like Wave, or even Google Health. It's not so good for a cloud storage service, where long-term availability is very much a requirement.

more than 2 years ago
top

White House Petition To Investigate Dodd For Bribery

dachshund Re:Lobbying vs Bribery (596 comments)

You think Dodd would have been hired as a lobbyist (after explicitly saying he won't lobby) by MPAA/RIAA if he didn't play ball while back in Senate?

No, the only real solution is to take the power of regulating individual business activity, taxing income/payroll/corporations away from government and return the power to run businesses as they see fit to the people.

Christ, what a good post. You're clearly someone who clearly understands the power that corporations wield, and recognizes their willingness to use that power to advance their own interests -- at the expense of anyone else.

What a shame it all gets spoiled by that fountain of Libertarian fantasy bullshit at the end.

Copyright lobbying is basically a macrocosm of everything that's wrong with modern American corporations -- they have no conscience, they're hugely wealthy, and that wealth gives them enormous power. What you seem to miss is that rampant lobbying is a symptom of the problem, not the disease itself.

Do you really think that the MPAA's power is going to -- *poof* -- disappear, just because you've reduced the concentration of power in DC? (Leaving aside that you won't succeed at doing this, and that copyright power is enumerated in the Constitution.) Even if you did reduce DC's power, do you have any idea how much easier it would be to bribe state and local officials, many of whom aren't even paid?

Or if you're hard-core libertarian, and want to peel back government power altogether, then what the hell do you think is going to hold the corporations back? Think the (elected) courts are going to provide justice? Or do you have some fantasy that corporations are going to self-regulate because it's good for their reputation? I'd love to see that.

The simple fact is that many of our current problems could be solved if people stopped cursing the existence of government, and actually started demanding good government. And as long as people keep fantasizing about Libertarian Utopia, that isn't going to happen.

more than 2 years ago

Submissions

top

Six new OpenSSL vulnerabilities addressed

dachshund dachshund writes  |  more than 2 years ago

dachshund writes "Six new vulnerabilities have been addressed in OpenSSL. The most serious is a timing-based attack against Datagram TLS, capable of completely recover the plaintext from encrypted messages. This flaw was discovered by Nadhem Alfardan and Kenny Paterson at Royal Holloway University. The remaining attacks deal with potential denial of service issues, as well as bug that could potentially leak fragments of memory over the Internet due to the use of an uninitialized buffer. This puts the cap on a year of TLS vulnerabilities headlined by the recent BEAST attack."
Link to Original Source
top

Toyota Sudden Acceleration Report can be Unredacte

dachshund dachshund writes  |  more than 2 years ago

dachshund (300733) writes "You may remember a year or two ago, Toyota vehicles were having problems with sudden acceleration. Earlier this year, NASA and NHTSA systematically reviewed the engine control code and cleared them. Or maybe not. You see, the report they wrote was heavily redacted. However, it appears that the redaction wasn't done right, and the missing pieces can be recovered simply by copying and pasting from the cached versions of the PDF files. These reports are really begging for a crowdsourced reading. Some of the details certainly raise my interest. For example:

Any duty command from the PID controller greater than or equal to 88% will perpetually open the throttle and lead to WOT [wide open throttle]. This also means that any duty greater than 88% will be interpreted by the hardware as a 100% duty command.

"

Link to Original Source
top

Vulnerabilities in Anarchy Online and Age of Conan

dachshund dachshund writes  |  more than 5 years ago

dachshund (300733) writes "The Baltimore Sun reports that security firm Independent Security Evaluators (ISE) has disclosed vulnerabilities in the popular MMORPGs "Age of Conan" and "Anarchy Online". The flaws (which have since been patched) allowed a malicious user to take read files from and take control of another player's computer. The full details can be found here, including a video (hi res) showing how the targeted avatar can be made to strip down and dance."
Link to Original Source

Journals

dachshund has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>