Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

If You're Connected, Apple Collects Your Data

dunkindave Re:That's absurd, aim your hate cannon elsewhere. (305 comments)

Yes, though there is some debate about it since Apple is now using the newly allowed fast reporting of statistics that allow the number of requests to be given in ranges, but only for regular legal requests and for NSL combined. If they say both zero for NSL (the warrant canary) and the range 0-100 (or whatever it was but it was 0 to something) for the combined number, then they violated the legal provisions of the new rules, so perhaps they dropped the apparent canary to allow the other numbers to be legally reported. Or the canary died.

yesterday
top

FBI Director Continues His Campaign Against Encryption

dunkindave Re:(Re:The Children!) Why? I'm not a pedophile! (281 comments)

I'd like to know how Jim Comey reconciles his position on encryption with the requirements set for in the CJIS Security Policy

Because he isn't saying people can't encrypt, he is saying the keys must be available such that the government can get in if needed, even if the owner would like to block the access. The CJIS Policy allows for escrow as well.

What he doesn't seem to get (though I bet he actually does), and where some of the arguments here are missing the mark, is that if someone else holds a key that will grant access, even if the holder is the government, that provides a path for a bad guy to abuse the ability to access. The bad guy(s) can be hackers/attackers from down the street, on the other side of the planet, employees of our government, etc.

And the issue regarding the 4th amendment is somewhat misleading because he is saying a REASONABLE search is what is being prevented, namely one where conditions like a valid warrant exist or an imminent physical threat is present (I am not going to argue the problem here about anything can be claimed as an imminent threat). So the question is does the Constitution allow a person to use technical means to prevent the government access to data even when a valid warrant is presented? Many here obviously believe the answer is yes, mostly for reasons like those I gave above, but understand that this doesn't appear to be a protected right under the 4th since the 4th only says you and your effects are secure until a warrant is issued, not after.

4 days ago
top

Pro-Democracy Websites In Hong Kong Targeted With and Serving Malware

dunkindave Re:Clearly Western Interference (44 comments)

Who do you think create NSA or DMCA - a king? A dictator? An anarchy? Or a democracy?

A republic, where the authorized representatives have been corrupted by the corporate state. There hasn't been a country operating as a real democracy in over a couple thousand years. Everytime you see a country called a democracy it is really a republic.

about a week ago
top

Pro-Democracy Websites In Hong Kong Targeted With and Serving Malware

dunkindave Re:Not invented there (44 comments)

Not invented there

To be picky, the showing of prior art does not prove the creators of the identified prior art were the original inventors. There are many cases that predate the one you cite. In this case, perhaps the Chinese did invent it and the NSA copied them.

Gee, I crack myself up sometimes.

about a week ago
top

How Spurious Wikipedia Edits Can Attach a Name To a Scandal, 35 Years On

dunkindave Re:Journalists? (165 comments)

The content is obviously left leaning. But it's well researched and quite professional. AFAIK, there's no journalistic ethic that says you need to publish articles for conservative interests along with those for liberal interests.

I wouldn't know Pro Publica from a hole in the wall of a newspaper building, but there is a difference between publishing well-researched articles though only those that favor your leanings, and publishing tripe for the sake of publishing. The first are still informative even if they aren't want you would like the reality to be, while the second makes you question anything such an organisation publishes. This all assumes one really is a critical thinker since too many people who claim to be are not.

about two weeks ago
top

Belkin Router Owners Suffering Massive Outages

dunkindave Re:Ummm - did we forget the obvious? (191 comments)

Many years ago I had a similar problem with Comcast. Their system's DHCP wasn't giving me an address, so I called the tech support number. The person on the phone told me that he couldn't help me with my problem since help with all DHCP issues was only handled through their new online text chat system. I pointed out that I couldn't get to their handy online text chat system because I COULDN'T GET AN IP ADDRESS. His only response was that maybe I could use a neighbor's computer. Sigh.

about two weeks ago
top

Details of iOS and Android Device Encryption

dunkindave Re:containment (146 comments)

Those places use javascript on webpages to upload what has been typed so far so they can do predictions and make suggestions. When you are entering the phone's passcode or phrase it is a very different matter since that isn't being entered into a browser, it is being entered into the phone OS's native interface. Still, as long as the software was created by someone else, in theory they can do anything they want with it, including after using it to unlock the storage, store the passphrase somewhere on the device or upload it to a server. But given people jailbreaking iDevices and tearing the Apple and Google code apart, as well as analyzing all the device traffic looking for security flaws, how long do you think such a backdoor would remain undiscovered? And why do you think Apple or Google would risk being caught doing it since it would be THEIR software, not some non-attributable thrid party? Just being caught once would be devastating to their sales, likely into a death spiral.

Having said all that, I do think these third party keyboards Apple is now letting take over typing on iOS 8 do present a large security risk for applications, website, etc., but not for the device's passphrase since the device won't use it for that.

about two weeks ago
top

Details of iOS and Android Device Encryption

dunkindave Re:So what you're telling me (146 comments)

Billions of Android devices have the encryption capability already implemented. It just isn't turned on by default. Thus, it is not vaporware at all.

No, more like smoke and mirrors. Present but off is an illusion of security.

about two weeks ago
top

Details of iOS and Android Device Encryption

dunkindave Re:If you can't crack the password, then don't. (146 comments)

Presumably, the apps on the phone have access to the encrypted data on the phone, right? So there's a simple solution. The user is happily using their iWhatever. The government sends a Nation Security letter to Apple forcing them to put a backdoor into the phone of the target, such that this app can read whatever data it wants on the phone. So when the user boots up his/her phone, and enters the password, the rougue app should be able to read all the data on the phone.

Can anyone tell me why this WOULDN'T work?

Because National Security Letters cannot be used for that. They can only be used by the FBI to demand the handing over of data in the possession of or passing through the control of the receiver, not the performance of actions (and how the data is produced is up to the company receiving the NSL, not the FBI).

Now what is in the Cloud is a different matter since Apple would have access to that, though again it may be encrypted with a key only the iDevice possesses so Apple wouldn't be able to decrypt it for the FBI.

about two weeks ago
top

Hackers Compromised Yahoo Servers Using Shellshock Bug

dunkindave Re:I can believe it... (69 comments)

No, not random. Today malware will commonly harvest a person's address book (among many things to exploit what it can get off a person's machine), and once the address book has been harvested, sold to spammers. The spammers send emails to people in the address book with the email pretending to be from another person in the address book. The theory is that if both addresses are in a person's address book then there is a good chance they know each other, or they will have received legitimate email from that address before, both with the intention of getting around the spam filter and getting the victim to open the email. Note that the spoofed source email address isn't normally the email of the person whose machine has the malware, but rather others found in the contacts list. All these spam emails mean is that there are people out there whose address book, including "collected" addresses, contain both of your email addresses, and one of those people got infected with malware.

about two weeks ago
top

Hackers Compromised Yahoo Servers Using Shellshock Bug

dunkindave Re:Baaaa! (69 comments)

No, the real problem is this is the same response you would get from a company no matter what happened so it is meaningless. You screwed up but don't want to admit it? Say you are committed to security and it was a fluke. It really was a one time fluke by someone exploiting a near-zero-day? Say you are committed to security and it was a fluke. You deliberately sold out your customers and someone noticed their info was in the wild? Say you are committed to security and it was a fluke. Since it is always the same no matter what happened, what real use is the statement? Yes, I know it is to persuade those who don't know better.

about two weeks ago
top

Hackers Compromised Yahoo Servers Using Shellshock Bug

dunkindave Re:I can believe it... (69 comments)

Did you check the email headers? On multiple occasions I have received emails showing my email address as the From, but the email headers showed the email originated from machines in foreign countries. Spoofing the From part of an email is trivial. This is a common technique by spammers to avoid spam filters since the account's own address is normally considered trusted. Now if the header says the email really did originate from Yahoo or Gmail, then that is a different matter, but again read the headers closely since many of those fields/lines can still be forged.

about two weeks ago
top

Marriott Fined $600,000 For Jamming Guest Hotspots

dunkindave Re:Now if they could only fix... (278 comments)

OK, Econ 102. They get repeat customers using their hotel instead of a competitor's hotel. If the Rewards incentive wasn't there, many of these customers would not use the Marriott properties as much as they do, maybe even rarely or not at all, and so Marriott's gross income would be lower, and therefore presumably net income. This means these customers, by using the Marriott chain hotels as much as they do, are providing a higher revenue stream for Marriott, and it is in Marriott's financial interest to provide benefits, like WiFi at no additional charge. The "charge" for the WiFi is built into this increased revenue stream, since the traveler could at times have chosen a cheaper non-Marriott hotel, and also since the WiFi (or wired) expense is a sunk expense, namely it is already paid for and whether the room is empty or the room has a guest in it using the wire the cost to Marriott is essentially the same, give or take potential future expansion needs.

That explanation wasn't very clean but I have a project due and didn't have time to edit it much, but hope you get the idea.

about two weeks ago
top

Marriott Fined $600,000 For Jamming Guest Hotspots

dunkindave Re:Jamming unlinced spectrum is illegal? (278 comments)

Stomping on a signal to prevent a receiver from being able to correctly receive it is jamming. In the case of a cellular jammer, this is true whether you block all the cellular frequencies, just those used for call setup and signaling, or just a small burst when a phone or tower tries to send a packet. On the other hand, sending all the phones in the area a validly formatted signal saying I am the tower so send any communication to me, and thereby preventing them from making real calls, isn't technically jamming, it is masquerading. You are still sending malicious transmissions for the purpose of interfering with regulated communications, but it isn't jamming. That is kind of like what Marriott did. Their system sent control packets to the clients, pretending to be the wireless access device (hotspot), telling them they were being dropped - an operation called being deauthorized - and the clients therefore stopped talking making the user unable to use their hotspots. When the client tried to connect (authorize) again, the Marriott system would send it another deauth packet. Rinse and repeat. Of course, anyone connected to their wireless system wouldn't receive a deauth packet so those communications worked (rinse, repeat, and profit).

about two weeks ago
top

Marriott Fined $600,000 For Jamming Guest Hotspots

dunkindave Re:Jamming unlinced spectrum is illegal? (278 comments)

They didn't jam the spectrum, they sent de-auth packets to the clients making it impossible for them to use the hotspots.

about two weeks ago
top

Obama Administration Argues For Backdoors In Personal Electronics

dunkindave Re:Update to Godwin's law? (575 comments)

We know what he wants, but he is also saying that making a device or system that the government cannot get into is, or should be, a crime, and that is where people are seeing a problem. People strive for perfect security, and now a government spokesperson is saying to actually possess it is illegal unless a government backdoor is also built in (which means it isn't perfect security). But any backdoor can be abused, hacked, forgotten to be locked, etc., and some of us would rather not trust our security to others when it can be built not to need to require such trust.

about three weeks ago
top

Obama Administration Argues For Backdoors In Personal Electronics

dunkindave Re:Update to Godwin's law? (575 comments)

I wasn't debating whether it made sense, just that there is precedent for the strength of physical protection devices being limited so that emergency personnel can gain access.

But since you mention it, I have seen homes with big, thick bars over the windows that the fireman's ax wouldn't be able to cut through. It would take the jaws-of-life to pry them off. Still, even with a 1" throw, I can install a metal door and a metal frame bolted to my metal stud walls, all legally. No way they are just kicking that door down. They would do better cutting through the wall (which they will do if necessary). Also, just to be precise, I believe the 1" limit depends on the jurisdiction - my state limits deadbolts to 1" but your mileage may vary.

about three weeks ago
top

Obama Administration Argues For Backdoors In Personal Electronics

dunkindave Re:Update to Godwin's law? (575 comments)

We're running into the common problem of what a word technically means versus how people interpret it when used.

Terrorism: the use of violence and threats to intimidate or coerce, especially for political purposes

Believe it or not, when I was in college many years ago (no, I am not going to say how many, and stop asking or I will hit you with my cane), a dorm resident was arrested on the charge of terrorism. He had been phoning in threats to some of the Resident Assistants, threatening violent acts for the purpose of causing fear. This was before 9-11 and how people started using the word differently. The part in the definition about political purposes is how most people interpret the word, i.e. done by groups trying to change governments, but the real definition is broader than that, like in the case of the psycho with which I shared a dorm building. So if muggings are done for the purpose of creating fear, such as to stop a certain minority from using a park or a water fountain, then it would be terrorism. If it is just a mugger taking people's wallets to get the cash, then it wouldn't be terrorism. If vandalism was done to jewish merchants is an upscale section of town with words left behind telling them to leave or else, then that would be terrorism. If it was just gang graffiti painted on the side of all the buildings then it (probably) wouldn't be.

Back to original topic, tell Holder to shove it. People are allowed to be secure in their property, including from the government. Unfortunately there is precedent for his belief, for example deadbolts are legally limited to 1" in throw length so that they can be broken by emergency personnel if necessary, say when a fire occurs. The trouble is in the physical world it is almost always possible to defeat a protection, so if someone refuses to comply, the government can go around the person and access it anyway, which in the virtual world this is no longer the case. This is another case of physical examples not mapping well to the virtual word.

about three weeks ago
top

FCC Rejects Blackout Rules

dunkindave Re:Goes to show (135 comments)

"I would have depend on a company's reputation and their fear of the courts"

hahahahahahahahahahahahahahahahahahahah..

Except without regulations companies would just buy their way out of the courts. Oh wait...

about three weeks ago
top

FCC Rejects Blackout Rules

dunkindave Re:Goes to show (135 comments)

I know I am feeding a troll, but well, think of the children (who may be reading this).

Noah Haders stated his opinion is that the government shouldn't try to regulate things "they only dimly understand", but with the inclusion of saying the words "I am from the government" are "the most dangerous words in the english language", revealed his true view is that ALL regulation is bad.

The AC responded with examples of things where, without some regulation, the population would suffer. Without regulation we would be wearing asbestos-laced pajamas and getting our daily fiber (via sawdust filler) from your local hamburger stand. At no point did the AC poster claim, or even imply, that regulation can fix everything. He was simply responding to the poster who wrote that regulation is always bad by showing that the free market drives businesses to do what makes them the most money, not what is good for the people (sometimes these do overlap, but often don't), and the population can therefore benefit from regulation.

about three weeks ago

Submissions

dunkindave hasn't submitted any stories.

Journals

dunkindave has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?