Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Cancer Cluster Possibly Found Among TSA Workers

ekhben Re:This isnt right (487 comments)

I fly into Rome and then do Schengen flights within Europe. Cathay Pacific do flights from HKG to FCO, and while FCO is kind of a pokey little airport, at least they don't have poky security personnel :-)

(Trains out of Rome are a poor option, I've looked into them and it's about a twelve hour journey just to get out of Italy, since the Thalys doesn't run that far south).

more than 3 years ago
top

Cancer Cluster Possibly Found Among TSA Workers

ekhben Re:This isnt right (487 comments)

History says things generally have to get pretty bad before people will sacrifice several other comforts and securities to regain one.

I'm avoiding the US, Germany and the UK, but I know the time will come in the next two years when I'll have to choose between out of control border security countries and my requirement to travel for work. I'm not sure what I'll do, but I don't know that I'd have the courage to tell my boss I won't fly because I don't want to be physically assaulted at an airport again.

(Yeah, it's happened to me, in Germany, and it is a hell of a lot more unpleasant than you'd think it would be before you've had it done to you; I really didn't think it would be as bad as it was).

more than 3 years ago
top

EFF Stops Accepting Bitcoin, Regifts All Donations

ekhben Re:No surprises here (391 comments)

Stock is part ownership in a company, and comes with voting rights and dividends. It has intrinsic value. If you stop trading, and merely hold onto your stock, you still retain the voting rights and still receive dividends.

Bitcoin, on the other hand, does have no intrinsic value, and is a fiat currency. Fiat currencies are based only on belief in the system issuing them. Consider the US dollar, and the effect of the economic condition of the US on the perceived value of the dollar; or the Euro and the situation in Greece coupled with the cooling attitude of Germany towards the currency. The Euro could collapse if Germany pulls out and other countries lose faith in it as a viable currency.

Bitcoins are based on faith in the system that operates the bitcoin economy.

The EFF has declared a lack of faith in that system, in particular, that the legal foundation for it has not been tested, and the potential risk of being a test case outweighs any other value bitcoins may have.

more than 3 years ago
top

ICANN To Allow .brandname Top-Level Domains

ekhben Re:This changes or improves NOTHING (300 comments)

I do tend to argue that DNS is now for systems administrators, to allow for easier renumbering of services, and that Google is how regular folk find websites.

more than 3 years ago
top

More Malware-Infected Apps Found In Android Market

ekhben Re:Selfish idea (195 comments)

It is less vulnerable because Apple does actual reviews. They will not find everything but they will find SOME things.

Yes, true - they'll trivially find blatant stuff, and probably some slightly less blatant stuff, but not stuff that goes to pains to hide from the review process specifically; all of which is more stuff than is caught with no review at all!

more than 3 years ago
top

More Malware-Infected Apps Found In Android Market

ekhben Re:Selfish idea (195 comments)

I don't believe Apple's store is any less vulnerable to malware than the Android store.

The system architecture is a lot less permissive in iOS than Android, though, and that limits the damage that a misbehaved app can do - at the obvious cost of limiting the options for well behaved apps.

more than 3 years ago
top

Tennessee Bans Posting 'Offensive' Images Online

ekhben Re:I'm so confused (372 comments)

If I was a lawyer out to ruin someone's day, I'd argue that a computer renders text into an image for presentation to the user.

more than 3 years ago
top

Court Rules Passwords+Secret Questions=Secure eBanking

ekhben Re:One-time pads (284 comments)

Perfect is the enemy of the good.

It's not impossible to line up a trojan on a mobile and a desktop, but it's not as trivial as getting a trojan on one device. Attacks have been done successfully by social engineering on the phone company to redirect the service, but as someone else said, if someone really wants your money there's always a lead pipe in an alley.

Should two-factor become widespread, and smartphones become as vulnerable as desktops to trojans (unlikely with both major OS vendors using a managed software repository, making social engineering of users harder), and the problem of coordinating devices be solved, then it will be time to find another security mechanism.

And no doubt, plenty of banks will be reluctant to adopt better security again, giving those of us with security conscious banks another decade or so of protection through presenting a significantly smaller attack surface than most others.

more than 3 years ago
top

Court Rules Passwords+Secret Questions=Secure eBanking

ekhben Re:One-time pads (284 comments)

Text message challenge, web response.

In order to subvert a transaction, the attacker would need to own both communication channels - my browser displays which transaction I'm approving, the text message displays the same thing. If they don't agree, one or the other has been tampered with.

If they do agree, it's too late for the attacker to alter the transaction, and my response via web can only be blocked, not used for a different transaction.

It's two channel because an attacker needs to subvert both channels to subvert the transaction; only capturing one will cause an easily detectable change.

more than 3 years ago
top

Court Rules Passwords+Secret Questions=Secure eBanking

ekhben Re:One-time pads (284 comments)

Transactions to unapproved accounts, where "approved" means either the bank knows the recipient and can hunt them down if they commit fraud, or I've explicitly said the recipient is OK by me (which requires external auth to do :-)

more than 3 years ago
top

Court Rules Passwords+Secret Questions=Secure eBanking

ekhben Re:One-time pads (284 comments)

I think you have it the wrong way around. It's an exceptionally hard problem to have a highly secured end user network. It's an easy problem to have stronger authentication mechanisms.

One time pads are not new, or difficult. Two-channel authentication is not new, or difficult. These are not particularly expensive solutions to implement, and would cut down on fraud significantly.

So why do the banks resist the idea?

Personally, I use a bank with two-channel auth, and refuse to use electronic banking that relies on anything sent via my browser alone - the browser is insecure software, and can be taken over without the victim being aware of it, even when the victim is following good security practices.

more than 3 years ago
top

IPv6 Traffic Volumes Are Low, But Nobody Knows How Low

ekhben Re:I'm using it (231 comments)

If your home network has a /64, there are 2^64 possible addresses for a script kiddie to check for a device.

If you use privacy addresses, this means a script kiddie who is able to scan one million hosts per second is going to take around 600,000 years to get through the whole subnet.

If you use link identity addresses, that might reduce to 6,000 years or so.

I run v6 with a trivial firewall: allow established, allow inbound port 22, 80, >= 1024, allow ICMPv6, deny all other packets.

(If you do set up a v6 firewall, make sure you allow ICMPv6; there's no packet fragmentation in v6 so if you discard packet too big messages you'll break your v6 and be part of the 0.01% that gives big vendors like Google the willies about losing).

more than 3 years ago
top

Swiped Tokens Expose Android Devices To Data Theft

ekhben Re:Cloud and Google (162 comments)

I haven't tried using it in any place noisier than the inside of my car with the windows up and no passengers. It doesn't start interpreting sounds as voice until I explicitly tell it to, so I've not pocket-dialled someone by farting yet.

I expect it would not work particularly well in noisier conditions. If that's the use case you'd have for voice recognition, then the technology probably isn't mature enough for you yet, but for my use case, it's good enough to be using now.

more than 3 years ago
top

Swiped Tokens Expose Android Devices To Data Theft

ekhben Re:Cloud and Google (162 comments)

Shrug, goodbye karma, but my iPhone's voice recognition does pretty well. Needs you to tell it to listen, repeats what it's going to do before it does it so you can cancel when it does get it wrong.

100% success rate for the number I call most often, probably around three quarters successful for the other numbers I very infrequently call - so maybe it just seems good to me because of the specific circumstances I use it in.

more than 3 years ago
top

Apple Releases iOS 4.3.3 To Fix Location Tracking

ekhben Re:Fact checking not a requirement for posting? (212 comments)

The HTC Touch Pro 2 uses a Qualcomm CPU with a gpsOne aGPS module. The iPhone 4 uses a Broadcom BCM4750 single-chip aGPS.

The tracking sensitivity on the gpsOne is -160dB, with TTFF of 1s/29s/35s for hot/warm/cold startup. Power consumption data not available; it's always part of the CPU.

The tracking sensitivity on the BCM4750 is -162dB, with TTFF of 0.5s/30s for hot/cold startup. Power consumption is 13mW.

The BCM4750 is a better aGPS chip, but mostly due to its greater sensitivity and independence from CPU choice - there's not a lot of difference in TTFF between the two.

If you get fix times in under 10sec, but over 1sec, the phone is probably providing hints via a cache.

Given I have a 3GS with the much poorer Hammerhead II aGPS chipset, patch 4.3.3 is a pretty big net loss for me; I think I'll just skip it until I'm forced to take this Apple bashwagon generated downgrade as a part of a major release upgrade. :(

more than 3 years ago
top

Apple Logging Locations of All iPhone Users

ekhben Re:ummm (591 comments)

Airplane mode turns off (stops sending power to) all the wireless communications chips in the device: cell, gps, wifi, and bluetooth. You can't get location information while in airplane mode.

You can turn wifi back on while in airplane mode, but the BCM4750 will still be off, and you will still get no location information.

If Apple don't really disable the chips in airplane mode in order to keep tabs on where you are, they'll likely lose their accreditation for it, so I'm pretty sure they really do disable the chips.

more than 3 years ago
top

IPv6 Traffic Remains Minuscule

ekhben Here's the real article (406 comments)

Since neither subby nor the self-serving linkfarm reblog site they submitted bothered to either link to the Arbor Networks article, or read it beyond the first few paragraphs, here it is.

A better summary might be that native IPv6 usage has "more than doubled" in the past six months, while tunneled IPv6 has declined. This is exactly what we'd hope to see, but maybe not as catchy a headline?

more than 3 years ago
top

Asia Runs Out of IPv4 Addresses

ekhben Re:then != than (321 comments)

0.99999... == 1

more than 3 years ago
top

Asia Runs Out of IPv4 Addresses

ekhben Re:NAT to the rescue... NOT (321 comments)

The other big issue with NATs is traversal. You can't run bittorrent at all unless most hosts on the internet can be directly reached; it relies on peers being directly addressable.

When the NAT is on your home gateway, you (or your software) can instruct it to forward certain ports to certain hosts inside the NAT. When the NAT is run by the ISP, shared by hundreds of users, you can't do that - contention for the well known ports makes it impossible.

But clever people have realised that a NAT will often redirect all connections on a particular port back to you if you open up just one connection on that port. So if you can find a willing host to report back what port you've just connected from, you can tell others to use that.

Which breaks if you try to be clever about using the full (host, port, port, host) tuple to identify each connection.

You also have a scalability issue if you try to shove thousands of users onto a single address; storing and searching the state table for hundreds of thousands of mappings requires hardware that hasn't been built yet.

more than 3 years ago
top

China Calls Out US On Internet Freedom

ekhben Re:Hah! (338 comments)

You're quite right. He should be tried immediately for his crimes.

Oh wait, that's what the fucking problem is - he's being held without trial in inhumane conditions.

more than 3 years ago

Submissions

ekhben hasn't submitted any stories.

Journals

ekhben has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?