×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

kyoko21 your basic password of abc123 (280 comments)

your basic password of "abc123" could be just AlphaBetaCharlieOneTwoThree.

Easy to remember, hard to type, and pretty hard to brute force your way through.

about 5 months ago
top

Oculus Suspends Oculus Rift Dev Kit Sales In China

kyoko21 Time for #cardboard (131 comments)

Time for #cardboard to get resold.

about 5 months ago
top

China Deploys Satellites In Search For Missing Malaysia Airlines Flight

kyoko21 Where is the US effort? (142 comments)

So the US isn't repositioning its satellites? It seems to me that China these days are doing the things that America used to at the drop of a hat without a whim...

about 9 months ago
top

Report: Valve Anti-Cheat (VAC) Scans Your DNS History

kyoko21 Beware of iframes (373 comments)

I guess the next thing to do is to start making websites with hidden iframes that loads pages of "questionable" content so that it will posion your DNS history. You may not have actually seen the "questionable content" in question, but your browser certainly loaded the content which in technical terms would fall in-line with the profile of this "anti-cheating" system.

It's as if you are assumed guilty of any sex crime simply by walking through the red-light district.

about 10 months ago
top

The NSA Is Collecting Lots of Spam

kyoko21 The internet white noise generator (159 comments)

This is what I have been saying all along for the last 10 years. Fighting privacy by making yourself more private is not the solution. The current premise of all surveillance programs that are being operated today assumes that it is generated by a human being. The easiest way to counter this assumption we can go back to the Aesop's Fable "The boy who cried wolf".

What did the boy do? The boy cried wolf so many times that in the end when he told the truth, no one believed him. If that boy was alive today and wanted personal privacy, he would be crying wolf all the time. How would that work?

Automate the process and make it easy that everyone else can do it, too. If everyone cried wolf, who would you believe? We change the assumption and accept the fact that surveillance isn't going away. However, by burying the would-be listener with unlimited content and for someone/something to groom through all that data to figure out what is relevant, what is the truth and un-truth, it is a daunting task and it opens a new set of problems. How can you assess the threat if everyone was saying the same thing all the time, became friends with everyone else? Do you really know that person? Or is everyone really friends with Timothy McVeigh because he is such a cool guy until he pull that crazy stunt in OKC in 1995. What if sleeper cells weren't so sleepy but were outright public being a sleeper cell?

about a year ago
top

ACLU Wins, No Sexting Charges For NJ Teens

kyoko21 civil disobedience (406 comments)

One way to make a point, why not just have all your friends sexting to each other, make a facebook page, make it a facebook group, twitter about it, chose a day, and everyone participate in an act of civil disobedience. What are they going to do? Prosecute every single teenager that has a cell phone? This forces the law to react because clearly the law has been applied incorrectly because someone decided that it was easier to punish the few but the will of the masses to demand common sense will prove just in the end.

So my question is, when is the National Sexting Day going to take place?

more than 5 years ago
top

Cold Boot Attack Utilities Released At HOPE Conference

kyoko21 This is what we do in our shop... (113 comments)

The following is we implemented in our shop to prevent cold-boot attacks. Our shop is a Panasonic Toughbook shop, so keep that in mind as some features in the Toughbook line of laptops may not be available, but most of them are.

1.) Establish a system administrator password in the BIOS. Also establish a user password in the BIOS as well.

2.) Enable the feature to require password entry in order to boot the system.

3.) Hardware lock the hard drive to the system using the system administrator's password established from step 1.

4.) Remove all boot devices with the exception of the hard-drive as the only device allowed to boot the system.

5.) Use your favorite encryption software, i.e. TrueCrypt, PointSec, PGP. Our shop uses the PGP WholeDisk encryption with FIPS 140-2 operation enabled.

6.) As an option, enable the fingerprint reader on the CF-30 as an alternative means to the system administrator boot password requirement.

So you are wondering what does all this procedures and passwords buy you?

The cold boot attack aims its attack at the hardware, specifically the trace memories that are left on the DRAM when a system is powered down (via safe or simply brute force by removing the power supply, i.e power blug or battery). Yes, there are software that can extract the data from the DRAM memory modules, and they have been demonstrated to work quite well for several months now. However, there is a catch with this attack as this attack assumes that while you have the ability to gain access to duplicating a set of cryptographic keys, you also have access to the actual locks and door that are safeguarding the data.

By establishing the BIOS passwords and enabling the feature to tie the hard drive to the actual laptop via the BIOS password, the attacker would need to make the attack directly on the laptop by having the hard drive attached to the system. To prevent the attacker from gaining access to hard drive, you enable the feature to require end-users to enter a password or biometric readers to scan in finger-prints. At the same time, you also disable all non-essential boot devices from the ability to boot the system from alternative devices by removing the boot devices with the exception of the hard-drive. Providing end-users with a user password for the bios password, authorized end users are allowed to boot the system but will not be able to gain entry to the BIOS to alter system boot orders.

With these combinations of provisions in place, if the DRAM modules were compromised, the data is inaccessible because the attacker has no means to launch the attack against the data. Simply removing the hard-drive and connecting it to another system will not be useful because the hard drive is at this point tied to the motherboard and without it, it is useless and will not be accessible at all without knowing the system administrator's password.

You have a copy of the keys. But if you have no means to use the keys and you can't find the lock or door, the keys are useless to you.

more than 6 years ago

Submissions

kyoko21 hasn't submitted any stories.

Journals

kyoko21 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?