Slashdot Mirror


User: SuricouRaven

SuricouRaven's activity in the archive.

Stories
0
Comments
11,749
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,749

  1. Re:Nonsense on Overly Familiar Sci-Fi · · Score: 2

    "Projecting your own cultural interpretations on ancient texts."

    For a very clear example of this, look at anyone who uses the phrase 'biblical marriage.'

  2. Re:6. Profit, too on Overly Familiar Sci-Fi · · Score: 2

    Compare historical fiction - and note that most historical fiction depicts a culture far more similar to our own than that which actually existed at the time.

  3. Re:A few facts on British 'Porn Filter' Blocks Access To Chaos Computer Club · · Score: 2

    It's a bit complicated. We've got multiple filters.

    First, there's Cleanfeed. This is the most opaque of them - it's purpose is to filter out child pornography. Due to the sensitive nature of the filter, it's highly secretive - the list is secret, the methodology is secret, there's no appeals process, and no requirement to notify sites they have been classified as child porn. This is the one that made news a few years ago when someone classified a Wikipedia page as child pornography.

    Secondly, there's the anti-piracy filtering. This one runs on court orders. The block list is at least publicly known, and there is court oversight. That makes it a lot better than Cleanfeed.

    Thirdly, there's the anti-porn filter. This isn't strictly a government mandate, at least not directly. The government was preparing to mandate it through the usual legislative process, but rather than face the problems of complying with some vague and impossible standards written by MPs with no understanding of technology all major ISPs decided to instead set up filtering voluntarily. The manner in which this is done varies greatly between ISPs. They all contract list maintenance to a specialist provider, but not all the same provider, and they use different categories and different default settings. The 'opt' also differs between ISPs.

  4. Re:Something is dodgy here. on Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger · · Score: 2

    Script kiddies with a little luck can compromise a server here and there. But compromising many servers throughout an organization, in different divisions and under different administrators? Not so easy.

  5. Re:Something is dodgy here. on Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger · · Score: 1

    Then either they don't expect to get caught, or someone has been assigned as 'designated scapegoat.' It might be just one person, acting alone and in desperation - and even if it isn't, it can be made to look that way.

  6. Something is dodgy here. on Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger · · Score: 5, Insightful

    GoP are good. They have to be. The level of pwnage achieved is simply far beyond anything script kiddies could pull of. Not just the scale of the breach in total data, but in variety. Email, employee records, media from production - data from several divisions, and they even leaked it out through computers that host Playstation infrastructure, a completly different part of the organisation. Whoever GoP are, they have a very high level of skill.

    This group then sends some idiotic threats, badly written at that, to low-level employees? I believe I detect the faint smell of fish. It just seems out of character.

    I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation. This would achieve two things they must be much desiring of right now. First, it casts GoP in a bad light - makes sure they are seen by the rest of the world as violent thugs and criminals, rather than being venerated as grassroots hackers who defeated a loathed mega-corporation. Secondly, a threat of physical harm brings a lot more attention from law enforcement - the FBI will devote more resources to aiding in the investigation, as will the corresponding law enforcement agencies in other countries.

  7. Re:Missing info on US Treasury Dept: Banks Should Block Tor Nodes · · Score: 1

    You wouldn't need anonymity, but you may need to proxy for other reasons. Going on holiday, and the local government blocking your bank's site as an agent of western oppression?

  8. Re:clock speeds yes on Orion Capsule Safely Recovered, Complete With 12-Year-Old Computer Guts · · Score: 3, Funny

    When Vista came out, I saw a claim a few times here and there. "The best thing about Vista is the viruses have compatibility issues."

  9. Re:Identity theft on The Sony Pictures Hack Was Even Worse Than Everyone Thought · · Score: 1

    No, I've restricted the individual's granting of permission for identification to 50mm. What they grant that permission to can easily be a payment terminal or computer, which in turn is just relaying the challenge-response between ID chip and a remote server. As it uses a nonce challenge, this could easily be a home computer with a cheap USB interface and it'd still be fine for logging onto a banking site or identifying you on a government service. Would just need a little cryptostuff and an agreed protocol. It could work.

    You could physically force someone's hand up against a reader, but if you're that close to someone you can do far worse than that anyway. As the private key never leaves the implant, there's no possibility of cloning it. It's basically just a smartcard, but one that can never be lost or stolen short of cutting someone's hand open.

    I'm imagining a slight variation upon RFID tags. It'd need a bit more processing power in the chip to handle a simple encryption operation, and bidirectional communication, but it's well within the capabilities of current technology. The chip only needs to allow the reader to call two functions: One to read the public key out, and one to give it a nonce and get back the signed nonce.

    I think I recall an episode of something like The Outer Limits that featured a technology like this. The main theme of the episode was human fallibility in security. The ID chip was described as an unhackable form of identification - and it was. It still failed due to a human error. Some hackers managed to almost activate a self-destruct system, but needed the company CEO to confirm the order by placing his hand against the chip-reader. Rather than hack the ID, they hacked the interface: Spoofing a countdown screen to make him think the self-destruct was already underway, so he'd panic and place his hand against the reader to give what he mistakenly believed was the cancel command. The ID chip worked perfectly in validating his identity, and promptly blew up the building. This isn't far off from how payment terminal fraud still works today: Thieves can't actually break the chip-and-pin authentication system, so they falsify the interface to manipulate the victim into thinking they are authorizing a different transaction to the one actually taking place.

  10. Re:Identity theft on The Sony Pictures Hack Was Even Worse Than Everyone Thought · · Score: 1

    No privacy issue if the chip has a five-centimeter range. It just needs a public key pair (Something post-quantum, these things will be around a while) and enough computing power to hand over the public key and sign a string with the private one. Good for everything from financial transactions to opening the car door.

  11. Re:Are they really that scared? on Why Elon Musk's Batteries Frighten Electric Companies · · Score: 2

    It also needs more sensors to monitor the possibly-reversed flow of power, and equipment to prevent islanding* that could otherwise make it impossible to shut the grid down for servicing. Even if the equipment isn't too expensive, the installation costs are: It means shutting down power for an hour or more while someone disassembles half a substation to wire it in.

    * Your solar system is designed to cease feeding the grid if it doesn't detect power there - so that the company can shut down lines for repair. Unfortunately, your neighbour's solar system does exactly the same - and they each see the other as grid power.

  12. Re:Are they really that scared? on Why Elon Musk's Batteries Frighten Electric Companies · · Score: 1

    It's certainly doable, because youtube Mad Engineer PhotonicInduction does exactly that. He's got a lead-acid bank wired up to an inverter and timer system, runs most of his house off them and charges at the off-peak rate.

    Not everyone is an electrician of his grade (And disregard for wiring code) though. For it to become properly practical on a large scale it would have to come in the form of a pre-packaged solution.

  13. Re:Identity theft on The Sony Pictures Hack Was Even Worse Than Everyone Thought · · Score: 1

    Am I allowed to surgically implant a chip into people?

  14. Re:Identity theft on The Sony Pictures Hack Was Even Worse Than Everyone Thought · · Score: 1

    Which just means that the current methods of verifying identity are pathetic: None of that information is at all secret.

  15. Re:PS4 keys? on The Sony Pictures Hack Was Even Worse Than Everyone Thought · · Score: 2

    I'd agree with you, if not for one thing: The torrent was seeded from a number of Amazon instances that form part of the playstation network infrastructure. That suggests that, while the hack focused on sony pictures, playstation didn't escape entirely. Which means there is hope that the right keys were released too.

  16. Tokens will be lost. Frequently. Daily. on Ask Slashdot: Convincing My Company To Stop Using Passwords? · · Score: 1

    if you're giving your users a token, get the thing jabbed inside their hand so they don't lose it.

  17. Re:Compression: Reduced RF energy on The Cost of the "S" In HTTPS · · Score: 1

    Within HTTPS, is HTTP - wrapped up in encryption. The HTTP still supports transparent compression.

  18. Re:Drop HTTP completely? on The Cost of the "S" In HTTPS · · Score: 1

    I shouldn't need to add, but if you're using certificates properly then HTTPS *does* make it impossible - at least unless the interceptor can reconfigure the clients or coerce a trusted CA, and doing the latter on a national scale is sure to be noticed.

  19. Re:Drop HTTP completely? on The Cost of the "S" In HTTPS · · Score: 1

    It does raise the cost of fiddling with traffic. Altering things with HTTP is really easy. Some things can even be done stateless - the Great Firewall of China works in part on that trick, doing stateless filtering of HTTP for certain forbidden strings and spoofing RST packets to break the TCP connection when it finds them. Altering HTTPS requires tracking stateful connections and doing a lot of crypto. Perfectly practical when you're targetting a few people, or running a company LAN. But much less so when you're trying to tamper traffic for an ISP or an entire country. HTTPS doesn't make it impossible, just many times more expensive.

  20. Re:Network services on The Cost of the "S" In HTTPS · · Score: 1

    It interferes with non-browser-based ad blockers. Which are common still on corporate networks, though rarely at home. You can still block by DNS even then, it's just not so fine-grained. Fortunately you rarely need fine-grained to stop advertising.

  21. Re:what in the actual hell... on The Cost of the "S" In HTTPS · · Score: 1

    I've not seen any patential control software that runs as a proxy server. It's all browser plugin. I'm surprised at this - given that many homes now have several laptops, a few more tablets and a mobile phone each, maintaining one proxy is a lot less hassle than ten browser plugins across four different operating systems.

  22. Re:WTF... on The Cost of the "S" In HTTPS · · Score: 1

    You don't even need to know how to do it - Smoothwall automates most of the process so even an A+ certified tech could figure it out. Probably.

  23. Re:so what? on Comcast Forgets To Delete Revealing Note From Blog Post · · Score: 5, Insightful

    It's the reason that's upsetting people. It's long been known by all that there's no competition in the cable internet market in the US because the major players have an informal agreement never to enter a market region where a rival is already established. The comment is an open admission of this fact. It addresses the FCCs concerns that the new company would have an anticompetative monopoly by just pointing out that there's already an anticompetative duopoly, so it really makes no difference wether people get screwed over by one company or two in collusion.

  24. Re:Please . . . on Comcast Forgets To Delete Revealing Note From Blog Post · · Score: 1

    A non-compete arrangement would be illegal. This is more of a non-compete informal mutual understanding. Nothing official, certainly nothing in writing, but they know what's expected of them.

  25. Re:Huh? What does this reveal? on Comcast Forgets To Delete Revealing Note From Blog Post · · Score: 1

    Except that, broadly speaking, the democrats are the ones pushing for net neutrality regulations, and the republicans opposing.