top Eric Schmidt, Jared Cohen Say Google Data Now Protected From Gov't Spying
Governments can indeed ask for some data, using subpoena or in the case of the US "National Security Network." But for that, they have to actually ask, and the request has to be targeted, naming for example a specific individual. The NSA and the GCHQ were not content with that, they wanted to grab "everything," so instead of the legal channels they used a hack. The hack was to spy on the internal network of Google, and of other services as well, because these internal exchanges were not encrypted.
According to Eric Schmidt, now they are. This is absolutely good news. It is also exactly what the Electronic Frontier Foundation is asking web services to do. You can check the relative state of Google and other services according to the EFF at:
top Electric Cars: Drivers Love 'Em, So Why Are Sales Still Low?
I really love the Model S. Beats the BMW every day, and actually not more expensive than a series 7...
top GCHQ, European Spy Agencies Cooperate On Surveillance
End to end encryption is the only answer here. Maybe instead of relying on server certificates, which could be compromised, do the reverse -- the client certificate is used to secure the connection. That way everyone can use a CA (or even issue their own) that they trust.
Have you looked at the work going on in the IETF and other places to deploy "perfect forward secrecy?" The idea is to use a Diffie-Hellman exchange to negotiate a random key, and then only use the server certificate to prove the server's identity and knowledge of the key. Pretty much the same result as client certificates, easier to deploy, and with the added advantage that even if the server's key is compromised, the sessions' keys remain secret.
top Are the NIST Standard Elliptic Curves Back-doored?
Actually, no. There is proof that Dual_EC_DRBG is much weaker than advertised. But the story is about the other elliptic curves that NIST standardized based on "contributions" from the NSA.
top IAB Urges People To Stop "Mozilla From Hijacking the Internet"
Not so long ago, when we heard a reference to "the IAB," what came to mind was the "Internet Architecture Board" (http://www.iab.org/). That was the place were Postel or Cerf contributed... Times have changed.
about a year and a half ago
top Schneier: The Internet Is a Surveillance State
Great idea. I can see that, a "cookie exchange bank." You donate a cookie to it, and in return it provides you with a cookie donated by some random user. There are a few precautions to take, e.g., do not donate your bank's password, but it could definitely be fun.
top Do Patent Laws Really Protect Small Inventors?
He could not in fact patent something as broad as 'a mechanism for generating electrical energy from human input' because such mechanisms have been around for maybe 100 years. The old bicycles, for example, had a little dynamo that powered the head light and back light. It got its power from friction on the wheel, which was powered by the human cyclist...
What this story really exposes is the hubris of the inventor. Say you work a couple of months on an invention, and file a patent. Do you really expect years and years of revenue? Really?
top Turkish Registrar Enabled Phishing Attacks Against Google
Everybody thinks that if an "https" connection is securely established, if the browser displays a green light, then they are good. But it only proves that the other end of the connection showed a "valid" certificate, where "valid" is defined a "signed by one of the hundreds of authorities allowed to do so, or by any entity who somehow obtained a certificate with signing rights from one of these authorities."
We have seen attacks like that before, e.g. the "Comodo" hacker (http://arstechnica.com/security/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached/). My bet is that we will continue to see more of these, because the attack surface is just too large.
top Secret Stingray Warrantless Cellphone Tracking
VOIP will protect the data if the content is properly encrypted, but headers and locations are still exposed. The phone can still be identified and located, which is already great information for the police. The IP addresses can be tracked in the header and voila, pen-register services without a warrant. And if VOIP is not encrypted, or if the encryption is weak, even the content can be accessed.
top Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like?
Another requirement is to pass physical and medical tests. The Legion won't take you if you have poor eyesight, weight too much, or are otherwise unfit. The mythical slashdot readers who spend their days snacking in front of the computer might have a hard time getting accepted.
On the other hand, if you are accepted in the Legion, you will have a fun time in places like Afghanistan, Djibouti or the Ivory Coast, to name a few. If you goal was to escape being shot at, you may want to reconsider.
top ICANN Backflips Again
ICANN was supposed to managed the legacy of Jon Postel. Instead, it is managing the interests of a coterie of Internet parasites. As the parent said, "the new top-level domains (and some of the existing top-level domains) are basically a money grab," effectively allowing the new registrars to levy taxes on trademark owners. Good old fashion blackmail, as in "nice trademark you have here, you would not want something bad to happen, like having it managed by a porn site or a competitor, what about getting some protection?"
top A Few Million Virtual Monkeys Randomly Recreate Shakespeare
Randomness will produce everything indeed. But this experiment is not random. The monkeys are not *producing* the work of Shakespeare. They are *reproducing* it. The master program already know the work, and has it programmed in its tests. There is a big filter here: take this random bit, and decide whether it is "part of Shakespeare's work." Not quite the same as letting the monkeys type a full page, and then have readers decided whether this is "as good as Shakespeare." Prior knowledge killed Schrödinger's Cat!
top UK: Open Standards Must Be Restriction Free
This is a vexing problem because not all patent holders participate in the standard making. If a company participates in the standard making, the standard organization has leverage: guarantee that others can use your patents under reasonable conditions, preferably free, or we will not consider your contributions. But if a company does not participate, the standard making organization has no leverage at all.
Consider for example what happen to Wi-Fi. The IEEE has a fairly detailed patent policy, and the Wi-Fi standards have been very successful. But after millions of cards were sold, CSIRO came out of the blue and asserted a patent on indoor OFDM that they said covered Wi-Fi. The resulting lawsuits have costed millions.
top New Worm Morto Using RDP To Infect Windows PCs
Microsoft's analysis is published at:
The list of password that the worm tries is interesting. Apart from the obvious abc123 and the like, the worm tries "RavMonD" and "zhudongfangyu". Is that a clue? Some Chinese hommage to the bazar?
top Cheap GPUs Rendering Strong Passwords Useless
The problem with NTLM has been known for some time, but it is not just NTLM. It is in fact any challenge response protocol. Check this slide deck presented at the IETF in 2005:
http://www.huitema.net/talks/ietf63-security.ppt. The punch line is simple: don't rely on challenge response protocols! If the attacker can see both the challenge and the hash, and if the password can be remembered by the user, it will probably be cracked.
top Could You Pass Harvard's Entrance Exam From 1869?
The latin and greek questions are actually pretty simple. Latin and Greek were still fairly common options in French high school in the 60's, and I studied all that. The Latin reference text here being Caesar's "De Bello Gallico," which we were studying in the 7th or 8th grade. The Greek reference text is Xenopho's Anabasis, which we were studying in the 9th or 10th grade. Both Caesar and Xenopho are considered "easy" - they use fairly direct language and constructions. Similarly, the grammar questions correspond more or less to your first or second year of language study. The references to roman and greek history, e.g. Actium, Pharsalis, Jugurtha may feel fairly obscure now, but are in fact part of the basic curriculum of "Ancient History." Bottom line, the test was not very hard for a high school who paid attention in class.
I was surprised to see that they would provide the translations of the words as part of the question. We did not have that available when passing exams.
top Beware of Using Google Or OpenDNS For iTunes
I was not so much think of getting the bits from fellow users as getting the bits from several Akamai servers -- or similar. Instead of blindly following some dumb "closest IP" rule, the download could test a couple of candidate servers and get the bits from those with the best bandwidth -- much like torrents do.
top Beware of Using Google Or OpenDNS For iTunes
Load balancing based on the DNS resolver is so 1999! Even when it works, it works by chance, and does not test the actual speed between your PC and the potential servers. Compare that to Bit Torrent, which actually tests the speed of the downloads. You really wonder why Apple, and Akamai, would not use some kind of torrent technology!
top After IPv4, How Will the Internet Function?
Quoting an AC to start the conversation, penning a lead with bold statements that are not much supported in fact... Slow news day, probably.
Pretty much every PC, server or even smart phone OS ships with dual stack. Enable IPv6 on your home gateway and poof, IPv6 in your PC lights up. AT the same time, your PC can keep using IPv4 for non IPv6 web sites, or for that old Ethernet enabled printer in the basement. It works pretty much as expected. Not having unique IPv4 addresses does not change anything to the question -- IPv4 goes through NAT, IPv6 goes direct.
top Once-Darling Ethanol Losing Friends In High Places
Ethanol is a big [problem for boats that often have fuel tanks made of plastic or fiberglass. Some of the plastic gets dissolved by the ethanol, and then ends up clogging various engine parts. The Boat US association has done extensive tests of that:
http://www.boatus.com/seaworthy/fueltest.asp#results. The real worse case comes if ethanol is mixed with diesel, transforming a basically safe fuel into one that can explode. Really not a good idea.
louarnkoz hasn't submitted any stories.
louarnkoz has no journal entries.