They happily issue lots of traffic tickets, while drug dealers, rapists, murderers, burglars, muggers, etc. are not getting caught.
Im pretty sure a given cop does not have a choice on a particular day of whether he will handle traffic incidents or be solving murder mysteries. Im pretty sure when they send you on traffic duty, youre doing traffic duty-- not busting out the X-Files.
My goodness one wonders why I, as an IT guy, dont spend my day solving the IPv6 transition rather than doing what my boss tells me!
Sure. VPN isnt an "encryption method", its a networking technology. That right there tells me whoever penned that paragrahp has absolutely no idea what theyre talking about.
SSL isnt really an "encryption method" either, it is, again, a networking techology, and it can use several different encryption methods. I somehow doubt that the NSA has cracked them all.
That NY times article was rubbish, as it makes no clear claim and provides no clear rationale behind whatever it is theyre alleging. As best as I can determine, theyre saying that the NSA "circumvents" SSL traffic by grabbing it post-decryption--despite having no source indicating that. The article even says as much in the page you linked to, 2/3 of the way down.
The NakedSecurity post refers to issues in specific encryption algorithms, not with SSL itself. Its talking about RC4, which is ancient but notably is immune to many of the recent attacks that hit AES. From the second sentence, its also a remarkably limited attack requiring a significant amount of access to the system you are trying to compromise.
The third is an article by Schneier talking about how the NSA used NSLs to circumvent encryption (it doesnt matter if your connection is encrypted if you are legally compelled to hand over the data post-decryption).
The 4th article just quotes the rubbish NYTimes article you linked to.
The 5th is a content-free speculation piece that grabs a lot of the stuff already addressed here, takes it out of context, fails to understand what it means, and tries to whip up hysteria. For example: The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications. Where is the source? WHAT "types of encryption"-- are we talking DES, or what? Is this just referencing the Snowden leak and failing to understand what it meant?
The 6th article states that the NSA can keep data for as long as it takes to crack. I will happily give them a truecrypted AES-Serpent-Blowfish encrypted drive if they reimburse me, and will bet any amount of money that they will need to keep it for longer than I will be alive.
How is it you pulled up 6 sources, failed to read any of them, and then tried to act like they somehow proved your point (when the first article specifically contradicts your claim)?
The amount of outright ignorance in this thread is staggering-- from faulty assumptions that Dual EC DRBG usage was widespread, to the implication that TuCows somehow has a copy of your private key, to the assumption that SSL can just be "MITM'd".
Do you really think "mysecretdomain.com" certificate from shitty ass low cost certificate provider doesn't have a duplicate key on file at Comodo, Network Solutions, GoDaddy or TwoCows or whatever?
Yes. TuCows, GoDaddy, and NetSol dont have your private key. All they do is sign your CSR, and provide you with a public key.
I would STRONGLY encourage that people who do not understand SSL, refrain from commenting here. There are attacks on SSL, but it seems like noone here really understands what they are or how to mitigate them.
The devices which capture SSL traffic only work because your managed workstation has been made to trust the root CA installed on those devices. If you were to bring an unmanaged laptop into the office network, that SSL sniffer would be unable to capture its traffic.
The security of SSL hinges on trusting the right CAs; but of course the use of CAs (a system of trust) is what allows it to defeat MITMs in the first place.
Chrome renders with Webkit, which is used by multiple browsers. Its also one of the most standards-compliant engines out there; if Firefox / IE arent rendering a page and Chrome (webkit) is, thats probably a deficiency in those browsers' engines' standards support.
And more Jews were killed in Germany in the past 100 years than in Rwanda. Fortunately, we arent stuck in the 40s, or the 60s, or the 80s. We're in 2013, and the current Chinese government, as bad as they are, arent quite on par with Rwanda,.
Yes, and I could cut you an ethernet cable that was so badly cut that it doesnt have proper grounding and generates a ton of line errors. That doesnt mean that a good cable costs any significant amount of money (because they dont).
Better make sure you get those expensive Denon HDMI cables for your 72" TV; why spend all that money on a TV and then scrimp on a $5 digital cable when you can pamper your TV with a quality cable.
Youre right that theres "being cheap", but the other side of the coin is "being foolish with money". Seeing as most small device manufacturers (routers, printers, switches, cable boxes, etc) manage to make wall-warts to go with their $20 gadgets without breaking the bank or electrocuting their customers, it stretches credulity to suppose that Apple cant make a charger for under $30 for a ~10W device.
No, the reason theyre charging $30 for a charger for a $900 device is because they know you already spent $900 and a 200% profit margin on a charger probably isnt going to stop you from buying the device.
Lots of people cared, hell he will never be free again. What more can you do?
We could have a media that doesnt look that sort of thing in the face and try to present "both sides of the story".
but the prosecution failed to prove she did it.
Baloney, the media made a circus out of the whole thing.
I am using the FBIs data on crime.
The FBI does not cover China, Romania, etc etc etc. They also do not get involved at all unless the gross damages for an incident are in excess of $5000; and no local police department has the wherewithal to even deal with the issue. If youre talking about their overall crime rate, a quick bit of research shows that the population of the us has roughly doubled since 1960, but violent crime has gone up 5-fold. I see no cause for thinking people are more moral.
An abortion at a few weeks is just a clump of cells. Claiming that is murder, makes me a genocidal freak for masterbating.
The two are not equivalent, but that aside, I am talking more of the general tenor of the discussion where public figures will have the audacity to argue for third trimester and beyond abortions, and will actively challenge bans on "partial birth abortions". We dont even have to get into the sticky issue of "when is it a human" (which we clearly disagree on).
I brought the exceptional cases up not because of how common they are, but because of how little anyone seemed to care. A clinic where a doctor was murdering newborns with scissors-- and NPR did a "balanced" piece on how he was providing a service to underprivileged locals (that being almost the sum total of the attention paid to the issue). A court case where a woman pretty clearly murdered her child-- and public opinion was on how sad it was that this womans life was being ruined.
THIS is the morality im talking of; the morality where the discussion on abortion isnt on "is it murder", but "is it convenient".
Im not clear what crimes you suppose are on the decline; you might look to homicide rates, and I might remark that abortions performed annually so far outweigh historical homicide rates as to make them insignificant. I might remark that human trafficking seems to be at a high, and is growing annually. Fraud certainly isnt in decline; in the last decade we have had several high-profile, multi-million/billion dollar fraud cases, not to mention the rampant internet fraud.
What exactly are you using as your marker for morality? Petty street theft? What is it that gives you cause to think people are more moral these days?
Even the puritans were okay with abortion until the quickening, which when the child first moved.
Thats from English Common law (in fact thats exactly what I was referencing), not representative of what the Puritans "were OK with". The only clear thing I found in a google search regarding their opinions was from John Owen, where hes pretty clear that its a particularly heinous type of murder. Id be interested to see any source that you have saying they were "OK with it"; even common law frowned upon it-- it just wasnt a crime until the quickening.
It is a simple fact that as we become more wealthy and more secure we are allowed to be more moral.
As we become more wealthy we care less and less about the atrocities overseas, less and less about the morality of wholesale killing of infants (eg Gosnell case, Casey Anthony, et al), and generally less about any sort of self-restraint. The morality of today is "if it feels good, Im OK with it", just as it always has been; however, the mentality of today is rare (seen only occasionally in history) in that society is actively encouraging these vices.
Slashdot Mirror
Since when is it the cop's job to decide whether a law is a good one before enforcing it?
"Getting the low hanging fruit" is a pretty common, and good, strategy in just about any endeavor.
They happily issue lots of traffic tickets, while drug dealers, rapists, murderers, burglars, muggers, etc. are not getting caught.
Im pretty sure a given cop does not have a choice on a particular day of whether he will handle traffic incidents or be solving murder mysteries. Im pretty sure when they send you on traffic duty, youre doing traffic duty-- not busting out the X-Files.
My goodness one wonders why I, as an IT guy, dont spend my day solving the IPv6 transition rather than doing what my boss tells me!
Unless I am mistaken, the DoD root certs are optional and not included by default.
Care to refute Snowden?
Sure. VPN isnt an "encryption method", its a networking technology. That right there tells me whoever penned that paragrahp has absolutely no idea what theyre talking about.
SSL isnt really an "encryption method" either, it is, again, a networking techology, and it can use several different encryption methods. I somehow doubt that the NSA has cracked them all.
From the top:
Where is the source? WHAT "types of encryption"-- are we talking DES, or what? Is this just referencing the Snowden leak and failing to understand what it meant?
How is it you pulled up 6 sources, failed to read any of them, and then tried to act like they somehow proved your point (when the first article specifically contradicts your claim)?
The amount of outright ignorance in this thread is staggering-- from faulty assumptions that Dual EC DRBG usage was widespread, to the implication that TuCows somehow has a copy of your private key, to the assumption that SSL can just be "MITM'd".
Do you really think "mysecretdomain.com" certificate from shitty ass low cost certificate provider doesn't have a duplicate key on file at Comodo, Network Solutions, GoDaddy or TwoCows or whatever?
Yes. TuCows, GoDaddy, and NetSol dont have your private key. All they do is sign your CSR, and provide you with a public key.
I would STRONGLY encourage that people who do not understand SSL, refrain from commenting here. There are attacks on SSL, but it seems like noone here really understands what they are or how to mitigate them.
The devices which capture SSL traffic only work because your managed workstation has been made to trust the root CA installed on those devices. If you were to bring an unmanaged laptop into the office network, that SSL sniffer would be unable to capture its traffic.
The security of SSL hinges on trusting the right CAs; but of course the use of CAs (a system of trust) is what allows it to defeat MITMs in the first place.
I dont think you understand how SSL works. Its entire purpose is to defeat MITM.
Hes doing his job, whether you like it or not. Dont blame the police for laws you dont like.
Chrome renders with Webkit, which is used by multiple browsers. Its also one of the most standards-compliant engines out there; if Firefox / IE arent rendering a page and Chrome (webkit) is, thats probably a deficiency in those browsers' engines' standards support.
Nothing stops you from only writing a webpage thats HTML1 with no JS; just dont be surprised when noone wants to visit it.
Isnt NPAPI just another "de facto" standard anyways? Pretty sure the "N" stands for "netscape", not "W3C" or "IETF" or "RFC".
Of course any Slashdotter knows that once someone has local access anything stored locally is basically crackable anyway
No, we know that if someone has local access to a device, you must consider the device compromised.
That is COMPLETELY DIFFERENT than "being crackable"-- a seized harddrive that has been Truecrypted isnt going to do much good to a national agency.
And more Jews were killed in Germany in the past 100 years than in Rwanda. Fortunately, we arent stuck in the 40s, or the 60s, or the 80s. We're in 2013, and the current Chinese government, as bad as they are, arent quite on par with Rwanda,.
Yes, and I could cut you an ethernet cable that was so badly cut that it doesnt have proper grounding and generates a ton of line errors. That doesnt mean that a good cable costs any significant amount of money (because they dont).
Better make sure you get those expensive Denon HDMI cables for your 72" TV; why spend all that money on a TV and then scrimp on a $5 digital cable when you can pamper your TV with a quality cable.
Youre right that theres "being cheap", but the other side of the coin is "being foolish with money". Seeing as most small device manufacturers (routers, printers, switches, cable boxes, etc) manage to make wall-warts to go with their $20 gadgets without breaking the bank or electrocuting their customers, it stretches credulity to suppose that Apple cant make a charger for under $30 for a ~10W device.
No, the reason theyre charging $30 for a charger for a $900 device is because they know you already spent $900 and a 200% profit margin on a charger probably isnt going to stop you from buying the device.
Because theyd be awful low-rez fingerprints?
OH MY GOSH I just realized that the history of humanity is one of violence, corruption, and death!
I wouldnt put China quite on the level of Rwanda, however.
. You could be making these things yourselves in your own small companies
Are you aware that the US is the leading manufacturer in the world?
Thats WONDERFUL! Say, whats the state of human rights, democracy, etc in Venezuela?
All of these things are connected, you know; the Bill of Rights wasnt drafted for no reason.
Lots of people cared, hell he will never be free again. What more can you do?
We could have a media that doesnt look that sort of thing in the face and try to present "both sides of the story".
but the prosecution failed to prove she did it.
Baloney, the media made a circus out of the whole thing.
I am using the FBIs data on crime.
The FBI does not cover China, Romania, etc etc etc. They also do not get involved at all unless the gross damages for an incident are in excess of $5000; and no local police department has the wherewithal to even deal with the issue. If youre talking about their overall crime rate, a quick bit of research shows that the population of the us has roughly doubled since 1960, but violent crime has gone up 5-fold. I see no cause for thinking people are more moral.
An abortion at a few weeks is just a clump of cells. Claiming that is murder, makes me a genocidal freak for masterbating.
The two are not equivalent, but that aside, I am talking more of the general tenor of the discussion where public figures will have the audacity to argue for third trimester and beyond abortions, and will actively challenge bans on "partial birth abortions". We dont even have to get into the sticky issue of "when is it a human" (which we clearly disagree on).
I brought the exceptional cases up not because of how common they are, but because of how little anyone seemed to care. A clinic where a doctor was murdering newborns with scissors-- and NPR did a "balanced" piece on how he was providing a service to underprivileged locals (that being almost the sum total of the attention paid to the issue). A court case where a woman pretty clearly murdered her child-- and public opinion was on how sad it was that this womans life was being ruined.
THIS is the morality im talking of; the morality where the discussion on abortion isnt on "is it murder", but "is it convenient".
Im not clear what crimes you suppose are on the decline; you might look to homicide rates, and I might remark that abortions performed annually so far outweigh historical homicide rates as to make them insignificant. I might remark that human trafficking seems to be at a high, and is growing annually. Fraud certainly isnt in decline; in the last decade we have had several high-profile, multi-million/billion dollar fraud cases, not to mention the rampant internet fraud.
What exactly are you using as your marker for morality? Petty street theft? What is it that gives you cause to think people are more moral these days?
Even the puritans were okay with abortion until the quickening, which when the child first moved.
Thats from English Common law (in fact thats exactly what I was referencing), not representative of what the Puritans "were OK with". The only clear thing I found in a google search regarding their opinions was from John Owen, where hes pretty clear that its a particularly heinous type of murder. Id be interested to see any source that you have saying they were "OK with it"; even common law frowned upon it-- it just wasnt a crime until the quickening.
It is a simple fact that as we become more wealthy and more secure we are allowed to be more moral.
As we become more wealthy we care less and less about the atrocities overseas, less and less about the morality of wholesale killing of infants (eg Gosnell case, Casey Anthony, et al), and generally less about any sort of self-restraint. The morality of today is "if it feels good, Im OK with it", just as it always has been; however, the mentality of today is rare (seen only occasionally in history) in that society is actively encouraging these vices.
Perhaps I worded it badly if people are thinking im saying "dont try". Im saying "try, but nevertheless it will not be enough to fix humanity".