Comcast also limits or eliminates VPN traffic unless you have a business account. I've used it with limited success and finally realized they're going to make you pay the extra $50 if you want complete VPN access
That's news to me. I have been able to use IPSec VPN for years with no issues whatsoever. From around 2002 to the present I have been able to connect to my employers and clients via IPSec or PPTP connections with a residential connection. And that's for hours at a time. In fact for the last 2 months I have been working from home exclusively with no problems at all.
Are you sure it's not a flakey connection and/or a bad VPN config? I do remember having to troubleshoot a Cisco concentrator where the tunnel was constantly dropping and rebonding due to MTU size issues and excessive fragmenting.
Unless they can gain access to your PC and bypass the security, they wont have any idea that its not QWERTY. Any hardware keylogger or bug they insert will produce "garbage" since they have no way of knowing that will produce 'x' instead of 'q'.
And with a large enough sample of this "garbage" (which is smaller than you would think) combined with a *simple* frequency analysis would defeat this in no time flat.
Relying on a substitution cipher for securing information is the equivalent of thinking Kwikset locks will secure your house/apartment/condo. Naive at best.
Dude, I'm not upset because of your opinions on Ubuntu. I could not care less about what you think of Ubuntu or GRUB. What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB. The post you are referring to is talking about design considerations from a security perspective as it regards user access. Specifically Monster.com.
Ubuntu has fuck all to with anything in this context. You thread jacked, so either troll or off-topic is only appropriate here.
WTF does this have to do with anything? This is about Monster.com and data disclosure, not gratuitous bashing of a Linux distro. Yes, we get it, you don't like Ubuntu. If this were an article about Linux, that would be one thing, but this is not the place.
Mods, please rate parent offtopic or troll, it fits either (as it regards this particular article)
That's not what I was saying. I was responding to the OP's point that knowing what algorithm is being used can help you "guess" the password/passphrase (I'm thinking he meant key). It doesn't, and trying to attack an alogorithm like AES or Blowfish is almost always a complete waste of resources and time.
Well , knowing the encryption algo. makes it easier to guess passwords.
Not at all. One of the key features of cryptographic algorithms is that knowing what algorithm is being used has absolutely no impact on the strength. Unless it's one of those snake oil "proprietary" crypts, which is a horse of an entirely different color. However, I can't think of any enterprise class crypto systems that use closed algorithms. Most use AES, Blowfish for block cipher, RSA and ElGamal for async and signing (maybe DSA for signing as well), DH for key exchange and SHA-1, TIGER or RIPEMD for hashing (you'll see 3DES and MD series on older systems).
The algorithm is usually never the vector of attack. With crypto it's things like key exchange, poor coding (caching the key in memory for instance), people, sidechannel, or systems whose *methodology* in implementing crypto is weak. In the case of wireless encryption, I'm guessing they used WEP, which has weak key scheduling (If key discovery is what you meant by "password guessing") instead of 802.11i.
In respect to the TJX incident, they *never* should have wireless connecting to any kind of internal production network that handles financial/personal data. The kiosks should have everything needed local to the machine, or have a dedicated and isolated network for kiosks only. Oh, and lock the damn cabinet that house the kiosks.
The version prior to this announcement is a daughter card for both 802.11x and Bluetooth (they're in opposite corners). I know because I opened mine up to add more memory and a larger hard drive.
Oh and one more thing: I love the Slashdot doublethink: Having a large evil corporation (the ISP) possibly being able to sniff traffic to read some of my emails is a terrible invasion of my privacy!! Simultaneously: Having a large non-evil (because they said so) corporation (Google) actually store all my emails (much easier to get at them then trying to wire-sniff) and index them and use them to generate ads: SUPER!
The doublethink is only second to the kneejerk reaction. If you thought it through for second you'd see that one is by choice and the other, well most don't have any choice. I *choose* to use Gmail and I *know* they index my stuff. However, I only have one choice for braodband (the cable co) as I was informed by the DSL companies that where I live is not wired correctly for DSL. And if they decide they want to scrutinize every bit I send over their wire, I have *no choice* but to drop trou and bend over.
If this were a criminal case, wouldn't one invoke the 5th Amendment? Sorry charley, no keys forthcoming?
No, that would be like pleading the 5th regarding your house keys. "Sorry Mr. Policeman, you can't execute that warrant, because giving you my house keys may allow you to recover incriminating evidence." That would fly like a lead balloon in court.
IANAL (but I do forensics), but legally I believe that encryption keys are considered the equivalent of physical keys. If they have a warrant to search your encrypted drive, you *have* to supply them with the keys. Otherwise the court will assume you are withholding evidence that supports the prosecution. The court will treat it as if that evidence had been found, and rule accordingly. So it's usually in your best interest to cough up the keys.
I do remember I had to put my credit card details when I signed up for the trial, but that's on the euro side. Maybe it's different on the US side.
Weird, I just signed up for a trial account about 15 mins ago (never played before, thought I'd give it a try) and It completely skipped over the CC pages. The account creation gauge at the top had a big green EXEMPT over the grayed out section dealing with payment info. I am in the US, so I guess it is different.
Hey, and you even got one of your mod buddies to perform some moderation abuse by modding my post off-topic instead of doing the appropriate thing by ignoring my post and saving the mod points to mod up those who deserve it! So, now someone who deserves to be modded up can't because some idiot mod decided to waste his points. Smooth move.
Dude, the tinfoil goes on your head.
Take a chill pill, it's only Slashdot. The fate of humanity doesn't rely on whether a post was unfairly modded or not.
I'd have to agree with this. It may be obvious now, but was it at the time? With the information and the current state of the internet, were these patents covering something that just about anyone could have come up with at the time?
There are a lot of times when, after knowing the solution to something, I slap my forehead and go, "Sweet jumping Jesus! That's so obvious!" But it was not obvious before knowing the solution.
Good luck proving that they actually forgot to activate, once you've left the store with it. Especially if you've taken the product home.
What?
Why wouldn't the receipt, which you have from the purchase of the DVD, be enough to prove ownership? There are some good arguments against this but this isn't one.
The author of the original email BCC'd the Consumerist. Somehow I do not think that was overlooked by whoever read the email at Apple.
How could Apple have known it was sent to the Consumerists if the Consumerist was in the BCC field? You know, Blind Carbon Copy. Which means the other recipients don't see whoever is in that field?
So are you suggesting we weren't attacked? Yes, yes, I know you said nation, but that's just sophistry unless you believe a standing military is only for when we are attacked by a formally recognized nation, which would be idiotic in the extreme.
I'm going to assume that you have some modicum of rational thought and are not referring to the "OMG, teh US architected 9/11!!~!1oneone!!" cry of the tinfoil brigade. I'm just going to assume you're a self-righteous, pedantic prick.
I thought that part of the Fifth Amendment referred to self-incrimination during testimony (you know, that...nor shall be compelled in any criminal case to be a witness against himself... part). I don't think it allows you to refuse to turn over evidence legally requested via a search warrant. If the police/DA have a warrant for the contents of your drive (plaintext/non-encrypted), I'm pretty sure you are legally obligated to give up the key/passphrase.
It would be similar to them naming the contents of your safe. You can't just hand over a locked safe sans combination and say "best of luck, guys." I'm thinking that would get you a contempt of court. I also think that courts treat the destruction/obfuscation of evidence as if the evidence would have shown whatever it is the prosecution was trying find.
I think you may be thinking of the Fourth Amendment which would cover which evidence is admissible and how evidence can be collected (i.e. warrants).
Disclaimer: I'm sure it's obvious by now, but just in case - IANAL
Slashdot Mirror
Are you sure it's not a flakey connection and/or a bad VPN config? I do remember having to troubleshoot a Cisco concentrator where the tunnel was constantly dropping and rebonding due to MTU size issues and excessive fragmenting.
Relying on a substitution cipher for securing information is the equivalent of thinking Kwikset locks will secure your house/apartment/condo. Naive at best.
Huh? Please tell me you didn't actually take him seriously...
I mean, I know there weren't any smileys or <sarcasm> tags. But still...
Of course, I could be suffering the same thing regarding your post. But if so, you are far too subtle for me.
Moron.
iTunes DRM files are restricted to 5 computers and unlimited iPods (that are synched with one of those 5 computers).
Dude, I'm not upset because of your opinions on Ubuntu. I could not care less about what you think of Ubuntu or GRUB. What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB. The post you are referring to is talking about design considerations from a security perspective as it regards user access. Specifically Monster.com.
Ubuntu has fuck all to with anything in this context. You thread jacked, so either troll or off-topic is only appropriate here.
WTF does this have to do with anything? This is about Monster.com and data disclosure, not gratuitous bashing of a Linux distro. Yes, we get it, you don't like Ubuntu. If this were an article about Linux, that would be one thing, but this is not the place. Mods, please rate parent offtopic or troll, it fits either (as it regards this particular article)
That's not what I was saying. I was responding to the OP's point that knowing what algorithm is being used can help you "guess" the password/passphrase (I'm thinking he meant key). It doesn't, and trying to attack an alogorithm like AES or Blowfish is almost always a complete waste of resources and time.
The algorithm is usually never the vector of attack. With crypto it's things like key exchange, poor coding (caching the key in memory for instance), people, sidechannel, or systems whose *methodology* in implementing crypto is weak. In the case of wireless encryption, I'm guessing they used WEP, which has weak key scheduling (If key discovery is what you meant by "password guessing") instead of 802.11i.
In respect to the TJX incident, they *never* should have wireless connecting to any kind of internal production network that handles financial/personal data. The kiosks should have everything needed local to the machine, or have a dedicated and isolated network for kiosks only. Oh, and lock the damn cabinet that house the kiosks.
The version prior to this announcement is a daughter card for both 802.11x and Bluetooth (they're in opposite corners). I know because I opened mine up to add more memory and a larger hard drive.
There's also an Apple Store in Oak Brook for those in the burbs (and Fry's in Downers Grove).
And you would power this... how?
IANAL (but I do forensics), but legally I believe that encryption keys are considered the equivalent of physical keys. If they have a warrant to search your encrypted drive, you *have* to supply them with the keys. Otherwise the court will assume you are withholding evidence that supports the prosecution. The court will treat it as if that evidence had been found, and rule accordingly. So it's usually in your best interest to cough up the keys.
Take a chill pill, it's only Slashdot. The fate of humanity doesn't rely on whether a post was unfairly modded or not.
I'd have to agree with this. It may be obvious now, but was it at the time? With the information and the current state of the internet, were these patents covering something that just about anyone could have come up with at the time?
There are a lot of times when, after knowing the solution to something, I slap my forehead and go, "Sweet jumping Jesus! That's so obvious!" But it was not obvious before knowing the solution.
Why wouldn't the receipt, which you have from the purchase of the DVD, be enough to prove ownership? There are some good arguments against this but this isn't one.
How could Apple have known it was sent to the Consumerists if the Consumerist was in the BCC field? You know, Blind Carbon Copy. Which means the other recipients don't see whoever is in that field?
I'm going to assume that you have some modicum of rational thought and are not referring to the "OMG, teh US architected 9/11!!~!1oneone!!" cry of the tinfoil brigade. I'm just going to assume you're a self-righteous, pedantic prick.
I'm charitable that way.
I thought that part of the Fifth Amendment referred to self-incrimination during testimony (you know, that ...nor shall be compelled in any criminal case to be a witness against himself... part). I don't think it allows you to refuse to turn over evidence legally requested via a search warrant. If the police/DA have a warrant for the contents of your drive (plaintext/non-encrypted), I'm pretty sure you are legally obligated to give up the key/passphrase.
It would be similar to them naming the contents of your safe. You can't just hand over a locked safe sans combination and say "best of luck, guys." I'm thinking that would get you a contempt of court. I also think that courts treat the destruction/obfuscation of evidence as if the evidence would have shown whatever it is the prosecution was trying find.
I think you may be thinking of the Fourth Amendment which would cover which evidence is admissible and how evidence can be collected (i.e. warrants).
Disclaimer: I'm sure it's obvious by now, but just in case - IANAL