Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:And here we go... on Fury and Fear In Ohio As IT Jobs Go To India (computerworld.com) · · Score: 1

    Re "I recommend learning a skill or trade that can't be outsourced."
    Many try for a security clearance. Contractors, lawyers can often be "the no bid US company" with a long global supply chain of just in time products sold to the US gov or mil.
    The paper work is perfect, the products 100% made, owned and security cleared in the USA. Just the actual US workers jobs are all gone.
    Re "This trend won't stop until outsourced workers cost enough to make it economical to hire US workers, but I don't see that happening anytime soon."
    It is just so easy and lucrative to hide the actual origins of a product or service.
    US workers still have democracy on their side. Consider how free import agreements really work locally.

  2. Re:Damn those spies! on China, Russia Try To Hack Australia's Upcoming Submarine Plans · · Score: 1

    re "an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff."
    So many nations want the contracts, jobs, cash that *anyone* could be using random internet cover to find out more. Not so much mil secrets just the governments staffs thinking on keeping local jobs vs fully importing a turn key sub.
    A lot of cash of decades is in play. Just knowing what to present and when could be a winning contract. What the Australian gov wants from a builder is the only 'secret' not the design specs.

  3. Re:How do you know when you have the right plans? on China, Russia Try To Hack Australia's Upcoming Submarine Plans · · Score: 1

    In the old days you had staff photocopy or walk out with images of the real plans. It was that simple to find staff willing to help other nations. They would and could pass any back ground tests, the files would be the same been used.
    The problem with any files now found is the US ability to redesign fake plans for any project and have other nations waste decades on junk plans.
    eg Operation Merlin https://en.wikipedia.org/wiki/...
    Would any nation trust digital files found in Australia, unencrypted on an open facing network with expected gov and mil warnings at the top of each file?
    Australia understands its subordinate role to the NSA and GCHQ. All files are encrypted and well looked after. If Australia ever lost files again it would not be getting to share with or free stuff from the US and UK mil again. Australia does not have the ability to just tell the US some locals lost some files again.
    The story is bait, junk, propaganda or the files been found on open unencrypted networks are tainted junk, left to see who is looking around Australian dual use networks.
    Honeypots to track well crafted spam, phishing. The networks are often self infected just to see the origins, networks, encryption out and methods used to try and find information.
    Do the attempts try to list existing projects to appear trusted, list co-workers, VIP email accounts? All this story is about is the honeypot side with some propaganda cyber threat spin.

  4. Re:Internet on China, Russia Try To Hack Australia's Upcoming Submarine Plans · · Score: 2

    +1 for the "convenient for the designers"
    US contractors need links back to their multinationals and mil, global sourcing of US parts and US/UK trained experts.
    Australia could do all the work at a secure site, base, port but that is been blocked by the USA. The problem is the US would then not share its more secure export grade electronics.
    So Australia has to keep its networks wide open to keep US contractors happy and ensure jobs and profits are shared with the US military–industrial complex.
    Think of the US jobs and generational shareholders not getting in on the profits if Australia attempts computer systems itself again or buys EU systems.
    Australia will be shut out of the package of US digital systems and have to create its own database of Soviet, Russian, UK, US, Korean, Japanese and other nations ship and sub profiles in real time again.
    The US will sell, rent, update vital export grade databases only as part of a massive US only contract.
    Australia is also facing pressure to just import a sub design from Japan as a turn key export system that is fully supported by the USA.
    No more "union" mil/gov backed construction jobs in Australia and the US and Japan are very happy.
    The final option for Australia is to consider EU designers and then build in Australia. Great for local jobs and the EU.

  5. Re:I Am Giving It A Try on Scan a Book In Five Minutes With a $199 Scanner? (teleread.com) · · Score: 1

    Re 'I want a research library I can take where ever I go." So true :)
    The ability to get the distance, light and lens makes the capture more easy. A fast CPU and good software then take over to convert every word into text.
    So many other solutions have difficult methods, resolution restricted lens, huge bulky capture systems. Standalone software to do the later OCR might expect flat scanner pages, color corrected, perfect text.
    The good part about this system is the understanding of the shape of the book, shadows and layout as part of the work flow.

  6. Re:Has anyone in power asked "to what end?" on MI5 'Secretly Collected Phone Data' For Decade (bbc.com) · · Score: 1

    re "Why is all this intelligence gathering necessary from a security standpoint."
    To run informants at every level of human rights groups, workers rights groups, peace protesters, environmental campaigners, anti war groups, animal rights groups, emerging digital activists.
    As front groups to soak up and re direct a lot of smart peoples efforts into useless busy work or track any new people who are wealthy, photogenic and charismatic.
    ie to redirect any people who had the time, smarts, fund and ability to change or create traction for issues that no gov wanted in the press.
    The entire structure of any group could be created or replaced at any level to make way for or advance informants over decades.
    Journalists, lawyers, university groups efforts had to be contained, shaped and redirected if their message got too much attention.
    ie to have one trusted person in on any small meeting of 5 -20-100 people every decade on all political or social issues.
    No courts or press needed as press photography and captions could be very difficult to hide given multiple cover stories over years. Web 2.0 is now even more tricky to contain.

  7. Re:How does this differ from Echelon on MI5 'Secretly Collected Phone Data' For Decade (bbc.com) · · Score: 1

    Echelon was for 5 eye nations as a global shared look up database of words used, calls name, new name calling a name in a database, fax, email, phone service, voice prints, global sat phone use, banking, computer networks, language translation to vast digital storage.
    MI5 was more for UK eyes only and very protective of the eg Irish issues, methods and links with its own informants.
    A lot of that was never going to be shared or was for UK eyes only. The UK also offered what was once called a HOW - Home Office Warrant.
    Other options consisted of sat use to track groups of one or two people meeting, aircraft as a tracking system over a wide area eg car beacons, thermal look down, dirtbox like kit for early cell phones to track a person the UK was interested in.
    The UK was also very careful never to share such data with the US, due to differences over the Irish question within US states and US federal politics.
    Requests for US support often faced very, very unexpected results so the UK quickly learned kept its own data very safe.
    All that 1970's-90's effort later expanded into a very direct system for the past decade. The UK was also much more interested in informants per group down to groups of around 3 people. Offers made, one or more people could be turned and then advanced to run many more smaller groups.
    ie informants over decades gained a total look down trust over many other groups.
    Very different from the US computer databases collect it all systems that hope the interesting people always will have a phone, computer, laptop, modem, web 2.0 account, use IM or forums, IRC or not be voice print aware.

  8. re 'so they have to dial-down their ambitions."
    The GCHQ has a few options to get past the average VPN use. Credit card use would point to a user buying the service. A change in a users logs from varied every day domains to a wall of VPN use.
    The very act of buying into a VPN is removing anonymity detectable on any UK providers logs.
    The question then becomes who is the user, why are they not trusting in their own nations data safeguards and risking their UK data with other random nations staff for ~$5~$10+ a month?
    Once tracked the privacy part of the VPN can be reduced. Are they using a consumer grade router with its own brand of code or is it open sourced flashed for VPN? Did they invest in a fancy one with lots for ram and more cpu?
    What weakness exist in the router? If the "free" US developed consumer OS is been used to run the VPN app its another very easy way in.
    A computer with Linux just to do VPN? Time for some gov backed "Equipment Interference" ie unique, bespoke, one of one crafted malware.
    The VPN protects from random provider log searches from UK gov groups, NGO's looking for domains, keywords, ip's over the years.
    ie a domain (ip) gets flagged by a charity, police, gov, mil, contractors and then the 'fishing expeditions" starts to see who in the UK visited the site over the last year.
    Re 'they can't sniff them, and they don't want to provide warrants for them". The UK will just track every user created VPN and build a profile of the user just from the provider logs. No need to break the codes at first, all in the info on the user or location will build up a nice database.

  9. Re:VPNs will come later on Controversial New UK Internet Powers Bill Makes No Mention of VPNs (thestack.com) · · Score: 1

    It seems the NSA and GCHQ are not really finding any issues with VPN's as they are sold, installed, offered, coded, or the OS they run on.
    The lack of new laws or gov demands that VPN's in the UK are transparent to or responsive to UK law enforcement requests is telling.
    A weakness in the code use, OS or networks would seem to allow gov's to track back the original ip.

  10. There’s more than one RAT (November 5th, 2015)
    https://blog.avast.com/2015/11...
    " OmniRat can also give you remote control of any Windows, Linux or Mac device."

  11. Re:A bit of clarification on Experimental Air Force Rocket Launch Fails (theverge.com) · · Score: 2

    Yes the single stage to orbit has an interesting history. https://en.wikipedia.org/wiki/...
    Some new attempts with balloon-launched and other methods :)

  12. Re:A bit of clarification on Experimental Air Force Rocket Launch Fails (theverge.com) · · Score: 1

    re "operates the Atlas V and Delta IV rocket systems" thats more of the builders and US gov setting up a site to work on government space launch services ie they all have the needed paper work going back a while been more a joint venture of existing systems.
    The decrease launch costs, domestic consideration of the Russian RD-180 engine that works well is also a factor.
    It will be interesting to see the new private sector offerings vs the costs of the old but now cheaper rebranded joint venture efforts :) Certification soon :)

  13. Re:A bit of clarification on Experimental Air Force Rocket Launch Fails (theverge.com) · · Score: 1

    Whats going more wrong more often per design? Is the US just always trying new, cheaper, faster build methods or have too many advance skills be lost in some sectors per decade?
    Are the existing fast acceleration profiles even that good for some very hand crafted, bespoke satellite?
    Can the new emerging US private sector do intelligence payloads soon? Getting certification soon?
    A titanium science gap? Or some industrial wide issue for the type of rockets needed? The big nosecone with fast speed and huge acceleration profiles is fine just the new rocket ideas are an issue?

  14. Re:Why a experimental launch carried 13 satellites on Experimental Air Force Rocket Launch Fails (theverge.com) · · Score: 1

    Think of the low, low prices on that one time deal per weight and secrecy.
    Or wait for a commercial Russian rocket import that works, has a US private sector costs and has more contractors looking over the project.

  15. The cloud on Can the Cloud Be More Secure Than Your Own Servers? (Video) · · Score: 1

    Is based in a nation and its laws and legal amendments:
    Staff are very willing work for the government when asked, requested or have always worked for the government.
    An enthusiastic surveillance partner going back decades or years?
    How good is the legal department when facing paper work thats not a fax from a law enforcement official? That national security letter (NSL) with a request to add hardware on site long term?
    Got some FISA Amendments Act (FAA) paperwork, ready for the FREEDOM Act?

  16. Re:Does anti-tracknig software protect against thi on Nine Out of Ten of the Internet's Top Websites Are Leaking Your Data · · Score: 1

    A few add on suggestions got listed in "Firefox 42 Arrives With Tracking Protection, Tab Audio Indicators" (November 04, 2015)
    http://yro.slashdot.org/story/...
    The Fingerprinting wiki https://wiki.mozilla.org/Finge... has some of the more unique methods to track users.
    Soon tracking and ads will just be part of the site as functionality. Try and remove ads, tracking and the page, site is reduced to a title. No text, video, comments unless all tracking blockers are removed. Hard work for creators per page, per hour, per day but the consumer is fully tracked.

  17. Re:Turnabout is Fair Play on How California Police Are Tracking Your Biometric Data In the Field (muckrock.com) · · Score: 1

    Yes a lot of first amendment audit and public record request video sites and clips are been created.
    Its amazing to see the demands to ID in a public place, to ID and have a reason to even be using a camera in public, to stop and hand over the data and equipment.
    A few apps have been made to live stream or stream or save as a background app.
    The way way around that is for an interview to establish ID and demand for the device to be unlocked and any connected site to be shared during the chat down.
    Trying not to call it an arrest for photography and get past the lack of a stop and identify statute is always interesting.
    Files can be kept, demanded as part of an on going investigation. Political views are often tested during the chat down, a raised voice used, 'request' for ID just to see the reaction and terms used, ability to know, quote any stop and identify statute, constitution, federal cases or the understanding of how to articulate and invoke rights.
    Is the person press? Accredited media? A good chat down method is to demand police or city media ID that never existed or is not needed as photography in public is legal. The out of state journalist can be fooled into not recording and then waste hours trying to get paper work that never existed :)
    Another more passive option is just to follow the photographer back to their vehicle and get details. Or details of all vehicles in the area hoping a database has a report of the same person or group doing first amendment audits is found.

  18. But think of the on Nine Out of Ten of the Internet's Top Websites Are Leaking Your Data · · Score: 1

    Code that just still works as it was never updated.
    The heat saved, the cooling not needed as the intensive new encryption was not turned up.
    The cash saved in not having expert staff add new encryption that only modern browsers could really use.
    All that tracking adds to deeper understanding of the consumers and earns a profit.

    All a browser can do is load up on the more useful add ons to try and block most of the more direct site based tracking.

  19. Re:The Internet is turning into War Games on Saying "Wasted" On Facebook Can Affect Your Credit Score (ajc.com) · · Score: 1

    Yes some very interesting groups collected vast amounts of the early and emerging/defunct/still used social media 2.0 sites.
    Every public face, name, tag, link, connection, comment can be found for a price from the private sector. Great for the private investigators, gov and journalists. Now all that is been shared to create a credit score. As for "don't have a traditional credit profile" was that not the origins of the "no income, no job and no assets" loans that worked out so well?

    The loan itself is pointless! But back at the bank room, they believe you can repackage inner city loans as AAA Debt. That there can be "acceptable losses."

  20. If your country blocks you on How DMCA Rulemaking Has a Chilling Effect On Security Research (vice.com) · · Score: 3, Insightful

    Can academics even recover their basic freedoms in the USA? Academic and First Amendment questions seem moot.
    Having to show hidden work to a bureaucrat and beg for academic indulgences to even talk to your peers and other experts?
    To have to find funds to pay for expensive legal experts to even prepare to talk in pubic or share results.
    "When academics are scared off from doing security research, consumers suffer."
    Find another nation where crypto and technological ability is embraced, welcomed and can be talked about, sold, open sourced.
    Is it fun to know your code has to have a gov ready trap door or back door or the ability to even give a presentation is a legal issue?
    Or the presentation is quickly and totally removed by a university. Your hard work is airbrush from academia.
    VPN to a good job and offer your ability to parts of the world where maths, education and code skill are still valued and wanted.
    The money, time and effort wasted in front of bureaucrats and lawyers is taking away from your inalienable freedoms and pursuit of happiness.

  21. Re:We need community alternatives on Why Avast Won't Show Source Code To the Government, But Others Do (zdnet.com) · · Score: 1

    The other issue is how a government will log a users daily AV upgrade patterns. What brand, version, when they update.
    A unique "equipment interference" project would then create gov malware just for that user. No signature would/will ever exist as it is one of one. Any outgoing software firewall would see it as been allowed/trusted by the user.
    Heuristic analysis can help. More security on the average AV phone home, update functions was often lacking allowing governments to have a good understanding of a user, system just from provider network logs.

  22. Yes a lot of the AV brands do that. They give their code to different governments and then tell the world their products are good. Governments looked at the code and allowed them to bid.

  23. Re:RE Security Software on Why Avast Won't Show Source Code To the Government, But Others Do (zdnet.com) · · Score: 2

    Re "... added tracking or monitoring hardware/software, and then resealed the box so it could be delivered"
    "Photos of an NSA “upgrade” factory" (May 15, 2014)
    http://arstechnica.com/tech-po...

  24. Re:Offsite storage of data on App To Hold Police Instantly Accountable In Stop and Search (thestack.com) · · Score: 1

    Governments have a few options.
    A solution to block local towers, wifi around any event instantly. A caller can dial to the emergency services in that area but any data connection will be blocked.
    The device can then be requested in the traditional way, a password demanded and local storage "accessed" during an interview.
    That ability to live stream and save could fall under some login access request?
    Unlock the phone, unlock the password protected app site with the only remote site copy of the file too. That would remove the risk of one person getting away with live streaming file once been questioned. The saved file and account could then be kept away from the user.
    If the file is copied from a remote site in near realtime to another few sites that might keep the live streaming option open.
    Offsite data storage, live streaming always runs the risk of a password and access request once discovered.
    Some streaming apps try to run in the background, take a silent snapshot, once activated but if a password is given..

  25. A one time pad works. The privacy of the message is fine. The anonymity of the message is swapping details or meeting to set up the encryption is more work.
    Re "One wonders just how many months or years a spy agency would run a super computer trying to crack one message.". most of the effort is in finding code use online in the wild and a location, details.
    A keylogger ie "equipment interference" gets the plain text as its entered over a software, operating system or hardware layer thats always been wide open by design.
    The user can have, create, sell, design, give away any export restricted crypto they like. As long as they can be made to feel very comfortable entering the plain text message into the computer/device every time, every decade.