Yes you can. There are many types of cryptographic weakness (Eg: an attack that reduces the effective key space) but specifically regarding RC4, there are weaknesses which make it difficult to use properly in common scenarios.
This summary is complete misrepresentation, from the very start of the article.
YouTube will remove music videos by artists such as Adele, Arctic Monkeys and Radiohead, because the independent labels to which they belong have refused to agree terms with the site.
With the rise of deniabilityfeatures in data-at-rest encryption products, I'm not sure how this is going to work in the real world. Wouldn't be hard to use these technologies for communications too.
The article is rubbish so, with that in mind, here are some excerpts:
The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions.
The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
Where issued to a service provider, such notices would formalise existing arrangements....
When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.
...issuing authorities should be able to authorise an agency to issue ‘intelligibility assistance notices’, requiring a person to provide information or assistance to place previously lawfully accessed communications into an intelligible form, as discussed by the PJCIS at Recommendation 16...
Recommendation 16 The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations....
The Department’s preliminary view is to support recommendation 16 in principle.
No. This is simply wrong. If "Metlink were simply following their IRP" then they would have started investigating and taking action last month when their gaping security violation was first reported. Instead they did nothing until exposure of their incompetence was threatened by mainstream media.
It all depends on the IRP, most Australian transport organisations do not have a incident response plan for this report from a member of the public (I.T. or otherwise), but they do have them for various PR issues such as public disclosure of security issue (I.T. or otherwise). I'm not saying it's right I'm just explaining how it occurs, and given the public profile of the incident, I'm not sure I'd want to be the one deviating from the established IRP even if it wasn't written with this in mind.
The system is run externally by the warehouse and separately to the ATO," a spokesperson told SC....It is unable to access taxpayer information or their details. There are no financial or bank account details stored on POS.
A case of not reading the article, it's blatant FUD.
A committee like this is usually asking the question "What's so different about Australia that prices are so much higher than else where in the world? What is causing it?". It's to determine what the cause is so the government can implement measures into the marketplace to make it more attractive for suppliers to reduce their prices.
Slashdot Mirror
I can't believe more people on Slashdot aren't recommending HSMs, it's somewhat sad.
What is this shit? Minitel? Private selling on Usenet? The summary even has an earlier example...
Improved privacy and reduced attack surface, sadly enough.
Actual jetpack tested from JetPack Aviation. Endurance of currently 10 minutes.
There are no such thing as "burner phones" in Australia, you must have 100 points of ID in order to activate a mobile phone service.
This is probably the dumbest thing I've seen published by Slashdot.... isn't this simply some sort of redefinition of "libraries" or "modules"?
Then use the word "Credentials"?
The Curse of Competency.
My point is, it's not black and white like you were saying.
Yes you can. There are many types of cryptographic weakness (Eg: an attack that reduces the effective key space) but specifically regarding RC4, there are weaknesses which make it difficult to use properly in common scenarios.
Just like the Leaning Tower of Pisa has never fallen down!
YouTube will remove music videos by artists such as Adele, Arctic Monkeys and Radiohead, because the independent labels to which they belong have refused to agree terms with the site.
Whoever wrote that summary clearly has an agenda.
With the rise of deniability features in data-at-rest encryption products, I'm not sure how this is going to work in the real world. Wouldn't be hard to use these technologies for communications too.
The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions. The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
...issuing authorities should be able to authorise an agency to issue ‘intelligibility assistance notices’, requiring a person to provide information or assistance to place previously lawfully accessed communications into an intelligible form, as discussed by the PJCIS at Recommendation 16...
...
Where issued to a service provider, such notices would formalise existing arrangements....
When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.
Recommendation 16
The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations.
The Department’s preliminary view is to support recommendation 16 in principle.
- Comprehensive revision of the Telecommunications (Interception and Access) Act 1979, Submission 26
Only if it's turned on.
Why not follow the same interface standard instead of defining your own?
Have they never seen a PKCS#11 device?
No. This is simply wrong. If "Metlink were simply following their IRP" then they would have started investigating and taking action last month when their gaping security violation was first reported. Instead they did nothing until exposure of their incompetence was threatened by mainstream media.
It all depends on the IRP, most Australian transport organisations do not have a incident response plan for this report from a member of the public (I.T. or otherwise), but they do have them for various PR issues such as public disclosure of security issue (I.T. or otherwise). I'm not saying it's right I'm just explaining how it occurs, and given the public profile of the incident, I'm not sure I'd want to be the one deviating from the established IRP even if it wasn't written with this in mind.
He has not yet been arrested and Metlink were simply following their IRP for a security breach which doesn't discriminate based on intent.
Too much focus on the articles, who on earth comes to Slashdot for the articles these days with the awful editing?
This Ask Slashdot has to be in the top 10 worst Ask Slashdots...
The area where is happened was north of the 60th parallel south, which is outside the jurisdiction of the ATS.
The system is run externally by the warehouse and separately to the ATO," a spokesperson told SC....It is unable to access taxpayer information or their details. There are no financial or bank account details stored on POS.
A case of not reading the article, it's blatant FUD.
A committee like this is usually asking the question "What's so different about Australia that prices are so much higher than else where in the world? What is causing it?". It's to determine what the cause is so the government can implement measures into the marketplace to make it more attractive for suppliers to reduce their prices.
What is this garbage?