If well implemented the password retrieval function is not really that easy to exploit:
password retrieval never sends you your current password, but instead gives you the opportunity to set a new one, invalidating the old. This makes it very obvious to the user to see that a password reset has been performed.
password retrieval usually does not send you the new password "as is", but rather a link with a "cookie" that allows you to set it. The cookie is no longer good once you've used it to set a new password. So even if the NSA just passively listened for "naturally occuring" password resets, it would do them no good, because if they followed the reset links, the user would notice. Moreover, this also means that e-mailboxes won't contain valuable passwords.
Unfortunately there is still software out there (such as mailman...) which doesn't do any of these for its password resets.
The backdoor is only useful if you have the "secret" key, i.e. the e such that Q^e=P . Working out e from P and Q is hard (discrete log problem). However, if you are in a position to pick the P and Q that will make it into the standard, you just pick up any Q and e of your liking, keep e secret to yourself, and hand out Q and the P derived from Q and e.
So, only the NSA, and maybe people having managed to steal e from the NSA would be able to take advantage of this back door.
ANPR IS A BRITISH INVENTION: created, developed, and tested in the UK. Its first major outing was in 1984, when police scientists set themselves up in a small, unmarked cabin on a bridge overlooking the busy M1 motorway.
Concerns about the new technology were raised immediately, including from within the government. A 1984 report for the Greater London Council Police Committee warned that the system made every car a potential suspect and handed policy on mass surveillance to the police. “This possibility in a democracy is unacceptable,” it concluded.
if it had bumps that didn't really effect the charge distribution...
... and this is exactly where the headline implies it wrong. If you actually read beyond the headline (merely the slashdot summary is already enough), you'd notice that this is indeed about non-roundness that does affect charge distribution. Non-uniform charge distribution would result in a dipole moment, whose absent has been noticed.
Walk into some woods. Change clothes/reverse, put on or take off layers. Pop on a big hat. Walk out of the woods, make the call.
These cameras are well hidden. When the news of the arrest were announced, it was quite a surprise (... and some outrage...) that these existed at all. Probably the kids didn't bother with dressing up because they never suspected they could get caught that way. And if they had known, a well-placed blob of chewing gum would have achieved the same goal much more easily...
There is only one asshole here. No wait, there is the asshole from the story and you for thinking his repeated actions are okay.
You seem to do this quite often. If somebody is defending a given behaviour (or outraged at disproportionate punishment of such behaviour), you immediately leap to the conclusion that this person would indulge in such behaviour himself (or worse...). So now, who's the asshole here?
No normal person calls in a bomb threat to get out of a final that will at most just end being delayed.
Ok, so I was flippant when I said that "everybody" (and by implication, me) does it. Let me assure you that I never did such a thing, nor anybody that I know personally. However, it does happen often enough to be well known that some students do this (and in my town we did indeed have a case where a group of students did it, and they were caught by a phone camera hidden in the payphone booth).
That YOU were (and are) an idiot doesn't mean everyone is.
That you are a humourless prick (that can't spot a flippant remark) doesn't mean that everybody else is, either. And now shut up.
If he'd just called it in from a pay phone, they'd never have found him.
In Luxembourg, a couple of students at the European School did exactly that a few years ago. They were caught pretty quickly, because, you know, payphones have cameras... ("officially" to catch vandalism, but these cams sure did come in handy in this case as well). So, cops just walked with the pix from classroom to classroom until they found the perps.
You missed the part where he didn't want to take an exam.
He didn't want to take an exam that day (probably because he had started studying way too late). He wouldn't probably object taking it 1 week later (or whatever date it would have been postponed too).
If he hadn't confessed, he would have had to take it. So he really didn't have a choice.
Even that is no guarantee. Maybe the cops will "allow" him to take the exam from prison?
He called in a bomb threat to delay taking a final. This is a dude that has already shown that he has poor decision making skills.
Hey, that's what students do. Don't tell us that you never called in a bomb threat to avoid school or exams?
The difference was, in the old days, school personnel knew that this is a standard student prank, and acted accordingly (namely, not at all). Only today, in this post-911 world have people become so paranoid that they take obvious prank calls at face value...
a recycler catering to cable thieves is potentially equipped
Equipped specifically to cater to thieves? I'd think such an outfit would not stay long in business. All police have to ask is "what is this piece of equipment for"? All this business lives by plausible deniability. The recycler doesn't want to know where those copper scraps are coming from, much less specifically buy equipment to handle them...
In some ways, "cleaning" the material so it can be sold for top tier scrap is more work than a regular job.
Not sure about the HVAC, but in case the copper is regular cable, "cleaning" is very easy: take the cable to a remote location, set it on fire, and after the insulation has burned, take the copper to a scrap metal dealer.
And let the property owner deal with the scorch marks on his land.
1) Put the "no robots" tag on webpages that you don't want appearing in Google searches (rule of thumb: if it doesn't have a picture in it, you don't want it appearing when people search for you anyway).
Only about two thirds of the courts actually fell for it, but each one was good for thousands of identities.
And the one third which didn't fall for it didn't think about warning the other 2 thirds? Amazing...
Almost as bad as when a Luxembourgish bank deployed broken Luxtrust software, and 6 weeks later another bank deployed the exact same bug... (and that long after a fixed version of the software had already been made by Luxtrust). Amazingly they don't communicate with each other...
To the second bank's credit: at least they were faster to deploy the fix, taking only 9 months, rather than the 18 months that the first bank needed...
Simply not using Google products won't protect you from this as it is using scripts embedded in web pages.
Then don't use these scripts either. And if this breaks the web site, complain loudly to the webmaster (outlining the privacy issues, if needed).
Or at least don't accept cookies from these scripts. Often these scripts still run fine (for the visitor), even with google cookies blocked. (stuff like google analytics will break, but that's actually a feature...)
Slashdot Mirror
Time exists, it's just not a dimension, it's a force.
If that is the case, why then is it measured in seconds rather than in newtons?
His predictions didn't pan out, because by foolishly making them public, he altered the future.
Unfortunately there is still software out there (such as mailman...) which doesn't do any of these for its password resets.
So, only the NSA, and maybe people having managed to steal e from the NSA would be able to take advantage of this back door.
Concerns about the new technology were raised immediately, including from within the government. A 1984 report for the Greater London Council Police Committee warned that the system made every car a potential suspect and handed policy on mass surveillance to the police. “This possibility in a democracy is unacceptable,” it concluded.
if it had bumps that didn't really effect the charge distribution...
... and this is exactly where the headline implies it wrong. If you actually read beyond the headline (merely the slashdot summary is already enough), you'd notice that this is indeed about non-roundness that does affect charge distribution. Non-uniform charge distribution would result in a dipole moment, whose absent has been noticed.
Walk into some woods. Change clothes/reverse, put on or take off layers. Pop on a big hat. Walk out of the woods, make the call.
These cameras are well hidden. When the news of the arrest were announced, it was quite a surprise (... and some outrage...) that these existed at all. Probably the kids didn't bother with dressing up because they never suspected they could get caught that way. And if they had known, a well-placed blob of chewing gum would have achieved the same goal much more easily...
There is only one asshole here. No wait, there is the asshole from the story and you for thinking his repeated actions are okay.
You seem to do this quite often. If somebody is defending a given behaviour (or outraged at disproportionate punishment of such behaviour), you immediately leap to the conclusion that this person would indulge in such behaviour himself (or worse...). So now, who's the asshole here?
So what's next? Hotels suing their guests for taking left-over soap home with them at the end of their stay?
No normal person calls in a bomb threat to get out of a final that will at most just end being delayed.
Ok, so I was flippant when I said that "everybody" (and by implication, me) does it. Let me assure you that I never did such a thing, nor anybody that I know personally. However, it does happen often enough to be well known that some students do this (and in my town we did indeed have a case where a group of students did it, and they were caught by a phone camera hidden in the payphone booth).
That YOU were (and are) an idiot doesn't mean everyone is.
That you are a humourless prick (that can't spot a flippant remark) doesn't mean that everybody else is, either. And now shut up.
If he'd just called it in from a pay phone, they'd never have found him.
In Luxembourg, a couple of students at the European School did exactly that a few years ago. They were caught pretty quickly, because, you know, payphones have cameras... ("officially" to catch vandalism, but these cams sure did come in handy in this case as well). So, cops just walked with the pix from classroom to classroom until they found the perps.
You missed the part where he didn't want to take an exam.
He didn't want to take an exam that day (probably because he had started studying way too late). He wouldn't probably object taking it 1 week later (or whatever date it would have been postponed too).
If he hadn't confessed, he would have had to take it. So he really didn't have a choice.
Even that is no guarantee. Maybe the cops will "allow" him to take the exam from prison?
He called in a bomb threat to delay taking a final. This is a dude that has already shown that he has poor decision making skills.
Hey, that's what students do. Don't tell us that you never called in a bomb threat to avoid school or exams?
The difference was, in the old days, school personnel knew that this is a standard student prank, and acted accordingly (namely, not at all). Only today, in this post-911 world have people become so paranoid that they take obvious prank calls at face value...
That's one of the major reasons Tor users encourage others to use Tor too. Same with encryption.
Unfortunately, tor is so damn slow that it is virtually unusable for anything that doesn't absolutely have to be hidden.
Result: only people who have a very good reason to do so will use tor...
Or has it become faster in the recent years?
And if the police thinks you did it, and the case is important enough to search very, very hard, they will find the evidence.
... and don't forget "searching very very hard" is an euphemism for "fabricating"...
and then Microsoft will own our healthcare, as well as our desktops!
But then, won't the anti-trust commission object, because then Microsoft will effectively have a monopoly on viruses!
a recycler catering to cable thieves is potentially equipped
Equipped specifically to cater to thieves? I'd think such an outfit would not stay long in business. All police have to ask is "what is this piece of equipment for"? All this business lives by plausible deniability. The recycler doesn't want to know where those copper scraps are coming from, much less specifically buy equipment to handle them...
huge damage to somebody else for a moderate personal gain
Except that even compared to just their own damage/"investment" they don't come out ahead. Read grand-parent post:
Plus considering the amount of time it takes to steal the copper, they could have gotten a minimum wage job and made more money
So you really have to wonder, what exactly is driving those idiots...
And you'd have to put down a deposit to use one for shopping.
Which you do anyways...
In some ways, "cleaning" the material so it can be sold for top tier scrap is more work than a regular job.
Not sure about the HVAC, but in case the copper is regular cable, "cleaning" is very easy: take the cable to a remote location, set it on fire, and after the insulation has burned, take the copper to a scrap metal dealer.
And let the property owner deal with the scorch marks on his land.
1) Put the "no robots" tag on webpages that you don't want appearing in Google searches (rule of thumb: if it doesn't have a picture in it, you don't want it appearing when people search for you anyway).
WTF?
Only about two thirds of the courts actually fell for it, but each one was good for thousands of identities.
And the one third which didn't fall for it didn't think about warning the other 2 thirds? Amazing...
Almost as bad as when a Luxembourgish bank deployed broken Luxtrust software, and 6 weeks later another bank deployed the exact same bug... (and that long after a fixed version of the software had already been made by Luxtrust). Amazingly they don't communicate with each other...
To the second bank's credit: at least they were faster to deploy the fix, taking only 9 months, rather than the 18 months that the first bank needed...
Simply not using Google products won't protect you from this as it is using scripts embedded in web pages.
Then don't use these scripts either. And if this breaks the web site, complain loudly to the webmaster (outlining the privacy issues, if needed).
Or at least don't accept cookies from these scripts. Often these scripts still run fine (for the visitor), even with google cookies blocked. (stuff like google analytics will break, but that's actually a feature...)
(n/t)
Men have low-hanging fruit too. Even lower hanging than women.