Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Eavesdropping With a Smart TV

wkk2 Re:Simple (93 comments)

Watch out for Ethernet over HDMI bridging one device that has network access to another that you think doesn't have access.

about 3 months ago
top

Target Moves To Chip and Pin Cards To Boost Security

wkk2 Re:If I wandered into the bank.. (210 comments)

Citi sent me a chip card on request. I don't know if it's configured for chip/pin or signature. I've tried readers that have chip slots but I have yet to find one in the US that works. One company asked their supplier and was told the card slots were disabled.

My laptop can read the chip id but I don't want to try anything else since it might lock the card.

about 3 months ago
top

Security Industry Incapable of Finding Firmware Attackers

wkk2 write protect (94 comments)

A good start would be a list of hardware vendors that sell equipment that have hardware jumpers or switches that write protect the BIOS and other flash devices.

about 4 months ago
top

Michaels Stores Investigating Possible Data Breach

wkk2 Re:Chip/PIN (106 comments)

I asked Chase and they didn't seem to know what I was talking about. Citi was able to replace my card with a chip/pin card. Get one before you travel or you might need to leave your stuff a a restaurant while going to an ATM.

about 6 months ago
top

NSA Says It Foiled Plot To Destroy US Economy Through Malware

wkk2 vulnerability is closed? (698 comments)

I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....

about 7 months ago
top

Ask Slashdot: How To Diagnose Traffic Throttling and Work Around It?

wkk2 Re:NSA (251 comments)

It can be used for data logging and collecting stats. An old off-the-shelf method was to use an Ethernet to 15-pin AUI module and break off the transmit pin. Today it's easier to use port mirroring if you trust the hardware.

about a year ago
top

Ask Slashdot: How Do I Request Someone To Send Me a Public Key?

wkk2 Re: This is why encryption isn't popular (399 comments)

Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.

As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?

about a year ago
top

The New Ethanol Blend May Damage Your Vehicle

wkk2 Re:A clear example of how lobbying hurts everyone (375 comments)

Don't put it in small engines either. The 10% stuff caused a leak in a generator fuel tank. It leaked at the shutoff valve/tank seal. The tank was almost empty or I might have lost the house.

about a year and a half ago
top

Behind the Scenes At NASA's Mission Control Center

wkk2 Re:Thank you so much! (38 comments)

A familiar street name. You had a good location. I rented a room, just a few doors down, when I co-oped at JSC during the early 80's. It was a very easy commute.

about a year and a half ago
top

Ask Slashdot: Stepping Down From an Office Server To NAS-Only?

wkk2 Re:They might work for you (227 comments)

Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.

about 2 years ago
top

Ask Slashdot: Equipping a Company With Secure Android Phones?

wkk2 Re:Too expensive? (229 comments)

I suspect that no off the shelf product is secure from the network side. The hardware needs to have two independent blocks: a communications module and a application module. The two need to be linked with a well defined API so that the communications module can't change the application code and there is a good point for an audit. There are probably regulatory issues like GPS to emergency services, not being able to hang up an emergency call, etc. You need to be able to load the application code from a secure interface with signed code etc. A smart card slot for application module key material would be a plus. Good luck trying to find one and good luck getting approval to sell one with these features.

more than 2 years ago
top

Doctors "Fire" Vaccine Refusers

wkk2 Re:Seems reasonable.. (1271 comments)

A lot of people must skip vaccines. I just received an email saying that basketball practice was canceled due to a measles outbreak. It's sad that we could probably eliminate many of these diseases.

more than 2 years ago
top

The Gradual Death of the Brick and Mortar Tech Store

wkk2 Re:Soon it'll be Fry's or nothing (491 comments)

I wonder about Fry's too. Our local store hasn't restocked surface mount resistors in months. Nothing like paying for over night delivery to get a badly needed 470 ohm resistor just because the peg is empty.

more than 2 years ago
top

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

wkk2 Re:Two choices... (385 comments)

Stop the trouble before it occurs: Make sure your service agreements allow you to destroy drives before getting an under warranty replacement.

more than 2 years ago
top

Christmas Always On Sunday? Researchers Propose New Calendar

wkk2 Re:Not a bad idea but... (725 comments)

Metric won't happen without a really big stick. Fuel pumps would probably change in less than 24 hours if there was a 1% tax on sales measured in gallons.

more than 2 years ago
top

Carrier IQ Software May Be in iOS, Too

wkk2 More privacy issues (234 comments)

There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.

more than 2 years ago
top

Did Feds' Use of Fake Cell Tower Constitute a Search?

wkk2 Re:I see opportunity (191 comments)

How about an app that beeps and turns the display red if encryption, as feeble as it is, gets turned off.

more than 2 years ago
top

Ask Slashdot: Does SSL Validation Matter?

wkk2 Re:The scam will always win -- its all about the s (243 comments)

A big improvement would be to require e-commerce servers to protect their private key in a hardware accelerator that won't give up the key. This would protect the certificate if the server is compromised. Someone might be able to use the accelerator, via some type of proxy hack, but the certificate would be safe after a compromised server is reloaded.

Maybe the "scam" factor could be reduced if the certificates were signed by two or more entities in different jurisdctions.

more than 2 years ago
top

RSA Admits SecurID Tokens Have Been Compromised

wkk2 Re:Dear Customers... (219 comments)

Yes, I'm sure we will never find out if the data was given to various agencies. After carefully opening one, I agree that they are tamper evident. It wouldn't be a big step to have two pins (I2C?) for programming from a simple workstation that also loaded the customer's server. A fuse link or finalize command could prevent future changes. I would hope the programming could be idiot proof but they keep making better idiots.

more than 3 years ago
top

RSA Admits SecurID Tokens Have Been Compromised

wkk2 Re:Dear Customers... (219 comments)

I have two questions: Did someone required them to keep the initial values and why wasn't the system designed so that the customer was required to initialize the tokens?

more than 3 years ago

Submissions

wkk2 hasn't submitted any stories.

Journals

wkk2 has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...