Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. They probably refused to ignore NSA malware on Office Depot, Best Buy Pull Kaspersky Products From Shelves (bleepingcomputer.com) · · Score: 4, Insightful

    And now they are killed via a classical attack on their reputation, which may or may not be completely without merit. Of course, this only concerns the US market.

  2. Re:Can this CPU be implemented on FPGA? on Linux Now Has its First Open Source RISC-V Processor (designnews.com) · · Score: 1

    Still interesting. Thanks. I think that eventually high-security computing will have to go that way, probably with master-checker pairs implemented in different FPGAs or something like it on top of it.

  3. Re: Can this CPU be implemented on FPGA? on Linux Now Has its First Open Source RISC-V Processor (designnews.com) · · Score: 1

    Indeed. Of course, a fully open tool-chain and a fully open FPGA would be better, bit there are things you can do to prevent the tool-chain from messing with your design or to make it obvious. And I really doubt FPGA vendors would hide significant extra hardware in there on the off chance they can compromise CPUs.

  4. Re:VPN services are a pseudo-product, security-wis on Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) · · Score: 1

    Good luck with that. Sure, in some countries they may just shoot you if you refuse to hand over the logs, but in most countries refusing a court order will get you just under threat of being locked up. This "bullshit game" is played all over the globe.

  5. You probably never heard of Interpol...

  6. Can this CPU be implemented on FPGA? on Linux Now Has its First Open Source RISC-V Processor (designnews.com) · · Score: 1

    If not, the "open source" part does not mean a lot for most people.

  7. That is what some journalist wrote. They actually shared records with the FBI. The question is whether legally, that is a difference.

  8. I have given up getting exceptions for Internet access via customer laptops (I do IT security consulting). Instead I have an unlimited mobile data-plan and bring my own laptop in addition. This is quite often needed to get the information I need to do my work.

  9. Re:Full Disk Encryption on Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) · · Score: 1

    And fail.

  10. Re:So don't use PureVPN on Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) · · Score: 3, Insightful

    I did quote directly from their privacy policy. No idea why you think I missed anything here, this is literally on their site.

    If indeed "records" and "logs" are different legally (no idea whether they are), then "no logs of your activities" would not even be a lie. There would just be records of your log-ins and log-outs, but no logs. It is also possible, that the log-in and log-out does not count legally as "activity" within the context of the service. And to make the deception complete, "complete security" is a term without meaning, i.e. it gives you no assurances whatsoever.

  11. Tor has no logs. This has been tested and verified, also bu diverse law-enforcement agencies, time and again. That does not make Tor absolutely secure, large traffic analysis, insecure user behavior and zero-days in the browser (or failure to update) can still de-anonymize Tor users though. The Tor project has a nice collection of documents on these things.

  12. Actually, they say "Our servers automatically record the time at which you connect to any of our servers." My guess would hence be that, legally, they do not log, but they do keep records.

  13. They do not keep any logs, but they do "automatically record the time at which you connect to any of our servers". Probably, in legalese, records and logs are different things.

    When there is enough activity, these logs.... pardon me, "records", are quite enough to identify a single user. As they claim to have 10M users, having as little as 10 or so observed malicious actions may already be enough to filter the potential users down to a number small enough to check individually whether they plausibly could be the attacker.

  14. Entirely plausible. They would not record actual traffic, that would probably have them go out of business. Connection time and user name is almost always enough to identify the user if you have a few more of these. And then you can get a search-warrant.

    In the end, this person just violated too many of the rules to stay anonymous online.

  15. None. Anybody sane already knows VPNs are not secure if anybody can get a court-order against them. All the others are to dumb to care.

  16. Service providers routinely have incentives to overstate the quality of their product. Perverted incentives, brought to you by capitalism. End even extreme lies can often stay undetected for a long time, see, e.g. the current nice example with diesel cars. In actual reality, at the very least, a careful check of the plausibility of such claims is necessary and almost universally you find the product is nowhere near as good as claimed. This case here is no exception.

    Of course, it is quite possible that the VPN provider in question only started keeping logs after being served with a court-order and may only handed records over that concerned this particular user. But court-orders are easy to get for all kinds of things, so any claims of anonymity from a VPN provider basically is "unless you do anything that is illegal or pisses off people powerful enough".

  17. VPN services are a pseudo-product, security-wise on Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) · · Score: 3, Interesting

    VPN services are nice if you want to pretend to be in another geographically location, but the claims of security are pure marketing. Incidentally, anybody that cares to find out knows that. And no VPN service that is run commercially can say "no" when the Feds want logs to be recorded and handed to them. Lavabit is an extremely rare exception (and just did anonymous email, not VPN) and it can be seen nicely in their case what happens after such a "no". The CEO is lucky to not end up in prison.

    At this time, the only VPN service with actual security is Tor and even there, you anonymity can be compromised by attacks on the client or making mistake while using it. And, of course, a large-scale traffic analysis can break even Tor. The thing with Tor is however, that nobody that can break it will admit so for a mere cyberstalking case. It would have to be something really, really large for anybody to admit that they can compromise Tor itself.

  18. Re:If a human can do it with only eyes and ears... on GM Exec Says Elon Musk's Self-Driving Car Claims Are 'Full of Crap' (smh.com.au) · · Score: 1

    As soon as it requires intelligence, to the best of our current knowledge, computers cannot do it. That may or may not change eventually, but currently, it is a fact.
     

  19. At this time, it is not even clear whether computing hardware can do it. The more research we have into intelligence and consciousness, the more of a mystery it becomes. Sure, there are the morons that just (without any basis) assume the brain is a rather simple computer and creates all these, but that is a belief and at this time not supported by scientific facts.

  20. Why should crowdfunding be for innovation? on Does Online Crowdfunding Actually Reward Innovation? (strategy-business.com) · · Score: 4, Insightful

    Crowdfunding allows the creation of goods that the have a smaller number of people interested in them and that would not exist otherwise. Nothing says that these goods need to be "innovative". If I and 10'000 others keep the creator of a web-comic financed because I like his comic, that is not innovation. That is merely funding a specific form of entertainment that appeals to a smaller number of people and that the commercial publishers with their focus on the mass-market would never have funded in any way.

  21. Re:Victory!!! ...? on Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) · · Score: 1

    Surely the War On Drugs has been won now right??? Or we're at least really close??

    Really close. For something like 100 years now. There are even statistics that show this war is getting more and more expensive, while the number of drug-addicts is long-term stable. Imagine what would happen if all that money would not be spent on fighting drugs. The US would probably have a billion addicts within a few years!

    My personal take is that this "war on drugs" is really a religious extremist "war on fun", where anything besides prayer must never be fun. If they had not failed so badly with alcohol, using that would probably get you a life-sentence these days as well. And then everything else the religious fuckups do not want you to have any fun with. I agree, decriminalization, medical-grade drugs, reasonable prices and clear warnings with the instructions how to use this stuff is the only thing that will minimize damage to individuals and society. It takes two brain-cells to rub together to see that, and the religious do not have these. And yes, that is not a really good situation, but it is vastly better than this insane "war".

  22. Re:Bring your computer... on Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) · · Score: 1

    Somebody that is stupid enough to trust in the anonymity of a not really anonymous crypto-currency, apparently.

  23. Re:Full Disk Encryption on Bitcoin Transactions Lead To Arrest of Major Drug Dealer (techspot.com) · · Score: 1

    And fail. Unless you do this exactly right, which is not easy, you will leave traces. No, I am not going to explain how, there is enough information on the Internet that describes this. And since they only need a credible suspicion (not proof) of hidden encrypted data, they can hold you forever on that alone.

  24. Indeed. The digital divide is not about access to hardware. It is about education and network access (e.g. rural Africa). Still, I do like having some cheap hardware for reading eBooks, where it does not matter if it gets stolen or breaks.

  25. Indeed. Of course with today's level -10 (or worse) press, those little details get lost in the reporting.