I fly into Rome and then do Schengen flights within Europe. Cathay Pacific do flights from HKG to FCO, and while FCO is kind of a pokey little airport, at least they don't have poky security personnel:-)
(Trains out of Rome are a poor option, I've looked into them and it's about a twelve hour journey just to get out of Italy, since the Thalys doesn't run that far south).
History says things generally have to get pretty bad before people will sacrifice several other comforts and securities to regain one.
I'm avoiding the US, Germany and the UK, but I know the time will come in the next two years when I'll have to choose between out of control border security countries and my requirement to travel for work. I'm not sure what I'll do, but I don't know that I'd have the courage to tell my boss I won't fly because I don't want to be physically assaulted at an airport again.
(Yeah, it's happened to me, in Germany, and it is a hell of a lot more unpleasant than you'd think it would be before you've had it done to you; I really didn't think it would be as bad as it was).
Stock is part ownership in a company, and comes with voting rights and dividends. It has intrinsic value. If you stop trading, and merely hold onto your stock, you still retain the voting rights and still receive dividends.
Bitcoin, on the other hand, does have no intrinsic value, and is a fiat currency. Fiat currencies are based only on belief in the system issuing them. Consider the US dollar, and the effect of the economic condition of the US on the perceived value of the dollar; or the Euro and the situation in Greece coupled with the cooling attitude of Germany towards the currency. The Euro could collapse if Germany pulls out and other countries lose faith in it as a viable currency.
Bitcoins are based on faith in the system that operates the bitcoin economy.
The EFF has declared a lack of faith in that system, in particular, that the legal foundation for it has not been tested, and the potential risk of being a test case outweighs any other value bitcoins may have.
I do tend to argue that DNS is now for systems administrators, to allow for easier renumbering of services, and that Google is how regular folk find websites.
It is less vulnerable because Apple does actual reviews. They will not find everything but they will find SOME things.
Yes, true - they'll trivially find blatant stuff, and probably some slightly less blatant stuff, but not stuff that goes to pains to hide from the review process specifically; all of which is more stuff than is caught with no review at all!
I don't believe Apple's store is any less vulnerable to malware than the Android store.
The system architecture is a lot less permissive in iOS than Android, though, and that limits the damage that a misbehaved app can do - at the obvious cost of limiting the options for well behaved apps.
It's not impossible to line up a trojan on a mobile and a desktop, but it's not as trivial as getting a trojan on one device. Attacks have been done successfully by social engineering on the phone company to redirect the service, but as someone else said, if someone really wants your money there's always a lead pipe in an alley.
Should two-factor become widespread, and smartphones become as vulnerable as desktops to trojans (unlikely with both major OS vendors using a managed software repository, making social engineering of users harder), and the problem of coordinating devices be solved, then it will be time to find another security mechanism.
And no doubt, plenty of banks will be reluctant to adopt better security again, giving those of us with security conscious banks another decade or so of protection through presenting a significantly smaller attack surface than most others.
In order to subvert a transaction, the attacker would need to own both communication channels - my browser displays which transaction I'm approving, the text message displays the same thing. If they don't agree, one or the other has been tampered with.
If they do agree, it's too late for the attacker to alter the transaction, and my response via web can only be blocked, not used for a different transaction.
It's two channel because an attacker needs to subvert both channels to subvert the transaction; only capturing one will cause an easily detectable change.
Transactions to unapproved accounts, where "approved" means either the bank knows the recipient and can hunt them down if they commit fraud, or I've explicitly said the recipient is OK by me (which requires external auth to do:-)
I think you have it the wrong way around. It's an exceptionally hard problem to have a highly secured end user network. It's an easy problem to have stronger authentication mechanisms.
One time pads are not new, or difficult. Two-channel authentication is not new, or difficult. These are not particularly expensive solutions to implement, and would cut down on fraud significantly.
So why do the banks resist the idea?
Personally, I use a bank with two-channel auth, and refuse to use electronic banking that relies on anything sent via my browser alone - the browser is insecure software, and can be taken over without the victim being aware of it, even when the victim is following good security practices.
If your home network has a/64, there are 2^64 possible addresses for a script kiddie to check for a device.
If you use privacy addresses, this means a script kiddie who is able to scan one million hosts per second is going to take around 600,000 years to get through the whole subnet.
If you use link identity addresses, that might reduce to 6,000 years or so.
I run v6 with a trivial firewall: allow established, allow inbound port 22, 80, >= 1024, allow ICMPv6, deny all other packets.
(If you do set up a v6 firewall, make sure you allow ICMPv6; there's no packet fragmentation in v6 so if you discard packet too big messages you'll break your v6 and be part of the 0.01% that gives big vendors like Google the willies about losing).
I haven't tried using it in any place noisier than the inside of my car with the windows up and no passengers. It doesn't start interpreting sounds as voice until I explicitly tell it to, so I've not pocket-dialled someone by farting yet.
I expect it would not work particularly well in noisier conditions. If that's the use case you'd have for voice recognition, then the technology probably isn't mature enough for you yet, but for my use case, it's good enough to be using now.
Shrug, goodbye karma, but my iPhone's voice recognition does pretty well. Needs you to tell it to listen, repeats what it's going to do before it does it so you can cancel when it does get it wrong.
100% success rate for the number I call most often, probably around three quarters successful for the other numbers I very infrequently call - so maybe it just seems good to me because of the specific circumstances I use it in.
The HTC Touch Pro 2 uses a Qualcomm CPU with a gpsOne aGPS module. The iPhone 4 uses a Broadcom BCM4750 single-chip aGPS.
The tracking sensitivity on the gpsOne is -160dB, with TTFF of 1s/29s/35s for hot/warm/cold startup. Power consumption data not available; it's always part of the CPU.
The tracking sensitivity on the BCM4750 is -162dB, with TTFF of 0.5s/30s for hot/cold startup. Power consumption is 13mW.
The BCM4750 is a better aGPS chip, but mostly due to its greater sensitivity and independence from CPU choice - there's not a lot of difference in TTFF between the two.
If you get fix times in under 10sec, but over 1sec, the phone is probably providing hints via a cache.
Given I have a 3GS with the much poorer Hammerhead II aGPS chipset, patch 4.3.3 is a pretty big net loss for me; I think I'll just skip it until I'm forced to take this Apple bashwagon generated downgrade as a part of a major release upgrade.:(
Airplane mode turns off (stops sending power to) all the wireless communications chips in the device: cell, gps, wifi, and bluetooth. You can't get location information while in airplane mode.
You can turn wifi back on while in airplane mode, but the BCM4750 will still be off, and you will still get no location information.
If Apple don't really disable the chips in airplane mode in order to keep tabs on where you are, they'll likely lose their accreditation for it, so I'm pretty sure they really do disable the chips.
Since neither subby nor the self-serving linkfarm reblog site they submitted bothered to either link to the Arbor Networks article, or read it beyond the first few paragraphs, here it is.
A better summary might be that native IPv6 usage has "more than doubled" in the past six months, while tunneled IPv6 has declined. This is exactly what we'd hope to see, but maybe not as catchy a headline?
The other big issue with NATs is traversal. You can't run bittorrent at all unless most hosts on the internet can be directly reached; it relies on peers being directly addressable.
When the NAT is on your home gateway, you (or your software) can instruct it to forward certain ports to certain hosts inside the NAT. When the NAT is run by the ISP, shared by hundreds of users, you can't do that - contention for the well known ports makes it impossible.
But clever people have realised that a NAT will often redirect all connections on a particular port back to you if you open up just one connection on that port. So if you can find a willing host to report back what port you've just connected from, you can tell others to use that.
Which breaks if you try to be clever about using the full (host, port, port, host) tuple to identify each connection.
You also have a scalability issue if you try to shove thousands of users onto a single address; storing and searching the state table for hundreds of thousands of mappings requires hardware that hasn't been built yet.
The two things that jumped out at me were that Moxie has made a faulty assumption on the trust model of DNSSEC, and that Moxie has made a faulty assumption on the trust model of web certification.
Web certification is for relying parties to determine that a host is authorised to act on behalf of a domain holder.
DNSSEC is for relying parties to eliminate the need to trust the distributed database of DNS.
The question at the bottom of the article would lead to this if it were actually answered. Who do I need to trust, and for how long?
For the current model, I need to trust the hierarchical DNS authority system, because they hold the fundamental truth of the DNS data. I need to trust the distributed DNS database system, because I have no way to check that the answer I got is the answer the domain holder published. I also need to trust the entire CA set, because they're the ones who provide a bridge from the domain holder to me.
For the DANE model, I need to trust the hierarchical DNS authority system, because they still hold the fundamental truth of the DNS data.
In both cases, "for how long" gives the useless answer of "forever."
TL;DR: Moxie has pointed out that we place an awful lot of trust in the DNS operators, but failed to demonstrate that DANE or DNSSEC is a poor substitute for the current CA system.
You say that now, but eventually they will learn and adapt to the modern environment, and blame the other robot driver for not looking where the hell it was going, or the car manufacturer for a sudden acceleration problem that's definitely not the robot driver's fault, officer.
If a restaurant could sell the same burger an infinite number of times, you... still would have a bad comparison, since off the shelf software is a product, not a service.
The value of a thing asymptotically approaches the cost of duplication of that thing. Things with material costs have a fixed cost of duplication, as well as an amortised cost of creation and capital investment in copying equipment. Things with no material costs only have an amortised cost, and amortised costs asymptotically approach zero. The value of software is, thus, zero. The notion that I could double the value of my assets simply by making a copy of an application is absurd.
There are business models which are not founded on that absurdity, and they're working. Value-add services like iTunes offer syndication and convenience; you pay 99c for the ease of using the iTunes interface to find and download a track, not because the track itself is worth 99c. Hosted software services offer value in the management and in the indivisible unit of a system with software, not in the software itself. Software to support a product, like iOS or onboard software for cars, works very well.
But this is only a brief blip in history in which people can get away with using legislation to force value onto a valueless product.
Slashdot Mirror
I fly into Rome and then do Schengen flights within Europe. Cathay Pacific do flights from HKG to FCO, and while FCO is kind of a pokey little airport, at least they don't have poky security personnel :-)
(Trains out of Rome are a poor option, I've looked into them and it's about a twelve hour journey just to get out of Italy, since the Thalys doesn't run that far south).
History says things generally have to get pretty bad before people will sacrifice several other comforts and securities to regain one.
I'm avoiding the US, Germany and the UK, but I know the time will come in the next two years when I'll have to choose between out of control border security countries and my requirement to travel for work. I'm not sure what I'll do, but I don't know that I'd have the courage to tell my boss I won't fly because I don't want to be physically assaulted at an airport again.
(Yeah, it's happened to me, in Germany, and it is a hell of a lot more unpleasant than you'd think it would be before you've had it done to you; I really didn't think it would be as bad as it was).
Stock is part ownership in a company, and comes with voting rights and dividends. It has intrinsic value. If you stop trading, and merely hold onto your stock, you still retain the voting rights and still receive dividends.
Bitcoin, on the other hand, does have no intrinsic value, and is a fiat currency. Fiat currencies are based only on belief in the system issuing them. Consider the US dollar, and the effect of the economic condition of the US on the perceived value of the dollar; or the Euro and the situation in Greece coupled with the cooling attitude of Germany towards the currency. The Euro could collapse if Germany pulls out and other countries lose faith in it as a viable currency.
Bitcoins are based on faith in the system that operates the bitcoin economy.
The EFF has declared a lack of faith in that system, in particular, that the legal foundation for it has not been tested, and the potential risk of being a test case outweighs any other value bitcoins may have.
I do tend to argue that DNS is now for systems administrators, to allow for easier renumbering of services, and that Google is how regular folk find websites.
It is less vulnerable because Apple does actual reviews. They will not find everything but they will find SOME things.
Yes, true - they'll trivially find blatant stuff, and probably some slightly less blatant stuff, but not stuff that goes to pains to hide from the review process specifically; all of which is more stuff than is caught with no review at all!
I don't believe Apple's store is any less vulnerable to malware than the Android store.
The system architecture is a lot less permissive in iOS than Android, though, and that limits the damage that a misbehaved app can do - at the obvious cost of limiting the options for well behaved apps.
If I was a lawyer out to ruin someone's day, I'd argue that a computer renders text into an image for presentation to the user.
Perfect is the enemy of the good.
It's not impossible to line up a trojan on a mobile and a desktop, but it's not as trivial as getting a trojan on one device. Attacks have been done successfully by social engineering on the phone company to redirect the service, but as someone else said, if someone really wants your money there's always a lead pipe in an alley.
Should two-factor become widespread, and smartphones become as vulnerable as desktops to trojans (unlikely with both major OS vendors using a managed software repository, making social engineering of users harder), and the problem of coordinating devices be solved, then it will be time to find another security mechanism.
And no doubt, plenty of banks will be reluctant to adopt better security again, giving those of us with security conscious banks another decade or so of protection through presenting a significantly smaller attack surface than most others.
Text message challenge, web response.
In order to subvert a transaction, the attacker would need to own both communication channels - my browser displays which transaction I'm approving, the text message displays the same thing. If they don't agree, one or the other has been tampered with.
If they do agree, it's too late for the attacker to alter the transaction, and my response via web can only be blocked, not used for a different transaction.
It's two channel because an attacker needs to subvert both channels to subvert the transaction; only capturing one will cause an easily detectable change.
Transactions to unapproved accounts, where "approved" means either the bank knows the recipient and can hunt them down if they commit fraud, or I've explicitly said the recipient is OK by me (which requires external auth to do :-)
I think you have it the wrong way around. It's an exceptionally hard problem to have a highly secured end user network. It's an easy problem to have stronger authentication mechanisms.
One time pads are not new, or difficult. Two-channel authentication is not new, or difficult. These are not particularly expensive solutions to implement, and would cut down on fraud significantly.
So why do the banks resist the idea?
Personally, I use a bank with two-channel auth, and refuse to use electronic banking that relies on anything sent via my browser alone - the browser is insecure software, and can be taken over without the victim being aware of it, even when the victim is following good security practices.
If your home network has a /64, there are 2^64 possible addresses for a script kiddie to check for a device.
If you use privacy addresses, this means a script kiddie who is able to scan one million hosts per second is going to take around 600,000 years to get through the whole subnet.
If you use link identity addresses, that might reduce to 6,000 years or so.
I run v6 with a trivial firewall: allow established, allow inbound port 22, 80, >= 1024, allow ICMPv6, deny all other packets.
(If you do set up a v6 firewall, make sure you allow ICMPv6; there's no packet fragmentation in v6 so if you discard packet too big messages you'll break your v6 and be part of the 0.01% that gives big vendors like Google the willies about losing).
I haven't tried using it in any place noisier than the inside of my car with the windows up and no passengers. It doesn't start interpreting sounds as voice until I explicitly tell it to, so I've not pocket-dialled someone by farting yet.
I expect it would not work particularly well in noisier conditions. If that's the use case you'd have for voice recognition, then the technology probably isn't mature enough for you yet, but for my use case, it's good enough to be using now.
Shrug, goodbye karma, but my iPhone's voice recognition does pretty well. Needs you to tell it to listen, repeats what it's going to do before it does it so you can cancel when it does get it wrong.
100% success rate for the number I call most often, probably around three quarters successful for the other numbers I very infrequently call - so maybe it just seems good to me because of the specific circumstances I use it in.
The HTC Touch Pro 2 uses a Qualcomm CPU with a gpsOne aGPS module. The iPhone 4 uses a Broadcom BCM4750 single-chip aGPS.
The tracking sensitivity on the gpsOne is -160dB, with TTFF of 1s/29s/35s for hot/warm/cold startup. Power consumption data not available; it's always part of the CPU.
The tracking sensitivity on the BCM4750 is -162dB, with TTFF of 0.5s/30s for hot/cold startup. Power consumption is 13mW.
The BCM4750 is a better aGPS chip, but mostly due to its greater sensitivity and independence from CPU choice - there's not a lot of difference in TTFF between the two.
If you get fix times in under 10sec, but over 1sec, the phone is probably providing hints via a cache.
Given I have a 3GS with the much poorer Hammerhead II aGPS chipset, patch 4.3.3 is a pretty big net loss for me; I think I'll just skip it until I'm forced to take this Apple bashwagon generated downgrade as a part of a major release upgrade. :(
Airplane mode turns off (stops sending power to) all the wireless communications chips in the device: cell, gps, wifi, and bluetooth. You can't get location information while in airplane mode.
You can turn wifi back on while in airplane mode, but the BCM4750 will still be off, and you will still get no location information.
If Apple don't really disable the chips in airplane mode in order to keep tabs on where you are, they'll likely lose their accreditation for it, so I'm pretty sure they really do disable the chips.
Since neither subby nor the self-serving linkfarm reblog site they submitted bothered to either link to the Arbor Networks article, or read it beyond the first few paragraphs, here it is.
A better summary might be that native IPv6 usage has "more than doubled" in the past six months, while tunneled IPv6 has declined. This is exactly what we'd hope to see, but maybe not as catchy a headline?
0.99999... == 1
The other big issue with NATs is traversal. You can't run bittorrent at all unless most hosts on the internet can be directly reached; it relies on peers being directly addressable.
When the NAT is on your home gateway, you (or your software) can instruct it to forward certain ports to certain hosts inside the NAT. When the NAT is run by the ISP, shared by hundreds of users, you can't do that - contention for the well known ports makes it impossible.
But clever people have realised that a NAT will often redirect all connections on a particular port back to you if you open up just one connection on that port. So if you can find a willing host to report back what port you've just connected from, you can tell others to use that.
Which breaks if you try to be clever about using the full (host, port, port, host) tuple to identify each connection.
You also have a scalability issue if you try to shove thousands of users onto a single address; storing and searching the state table for hundreds of thousands of mappings requires hardware that hasn't been built yet.
You're quite right. He should be tried immediately for his crimes.
Oh wait, that's what the fucking problem is - he's being held without trial in inhumane conditions.
The two things that jumped out at me were that Moxie has made a faulty assumption on the trust model of DNSSEC, and that Moxie has made a faulty assumption on the trust model of web certification.
Web certification is for relying parties to determine that a host is authorised to act on behalf of a domain holder.
DNSSEC is for relying parties to eliminate the need to trust the distributed database of DNS.
The question at the bottom of the article would lead to this if it were actually answered. Who do I need to trust, and for how long?
For the current model, I need to trust the hierarchical DNS authority system, because they hold the fundamental truth of the DNS data. I need to trust the distributed DNS database system, because I have no way to check that the answer I got is the answer the domain holder published. I also need to trust the entire CA set, because they're the ones who provide a bridge from the domain holder to me.
For the DANE model, I need to trust the hierarchical DNS authority system, because they still hold the fundamental truth of the DNS data.
In both cases, "for how long" gives the useless answer of "forever."
TL;DR: Moxie has pointed out that we place an awful lot of trust in the DNS operators, but failed to demonstrate that DANE or DNSSEC is a poor substitute for the current CA system.
The only thing CAs check before issuing a certificate is whether the cheque has cleared.
With thanks to Iain M. Banks, "money implies poverty."
You say that now, but eventually they will learn and adapt to the modern environment, and blame the other robot driver for not looking where the hell it was going, or the car manufacturer for a sudden acceleration problem that's definitely not the robot driver's fault, officer.
If a restaurant could sell the same burger an infinite number of times, you ... still would have a bad comparison, since off the shelf software is a product, not a service.
The value of a thing asymptotically approaches the cost of duplication of that thing. Things with material costs have a fixed cost of duplication, as well as an amortised cost of creation and capital investment in copying equipment. Things with no material costs only have an amortised cost, and amortised costs asymptotically approach zero. The value of software is, thus, zero. The notion that I could double the value of my assets simply by making a copy of an application is absurd.
There are business models which are not founded on that absurdity, and they're working. Value-add services like iTunes offer syndication and convenience; you pay 99c for the ease of using the iTunes interface to find and download a track, not because the track itself is worth 99c. Hosted software services offer value in the management and in the indivisible unit of a system with software, not in the software itself. Software to support a product, like iOS or onboard software for cars, works very well.
But this is only a brief blip in history in which people can get away with using legislation to force value onto a valueless product.