Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Changes in global IT on Ask Slashdot: Worthwhile Security Training Courses? · · Score: 1

    Follow the new mil security and gov educational funding over the past decade. A lot of fancy public/private sector entry level university academic offerings quickly divert cyber or security course selection into only what the US gov or mil needs. The talking to good people with years of broad math, science, engineering skills and offering them the option to enter gov/mil contracts seems to have been replaced.
    Pack entry level classes with students interested in security and pick the best in the open seems to be the new gov method.
    The ability to pass background investigations, understand databases that connect public private partnerships and not talk about work will be the new 'security' skills.
    A generation later and it will be a huge rush to create general broad academic skills again. As far as learning any one US branded OS or database, recall the free changes over the decade. The ability and background to learn and understand any new computer related idea vs a deep understanding of one traditional brands pay per seat, core expected market share.

  2. Re:Apparently the US is the best on Security Researchers Face Revenge of Spy Agencies (theregister.co.uk) · · Score: 1

    It depends on the location of the issues and who is reporting on another nations issues.
    Operation Socialist (Dec. 13 2014) https://theintercept.com/2014/...
    The fun of discovering issues, correctly reporting the matter and waiting ..... clean up and international expert code review is not always the expected result.

  3. Re:Security Clearance on Security Researchers Face Revenge of Spy Agencies (theregister.co.uk) · · Score: 1

    The freedom to read, talk, understand, consider, create, discover, build, test, expand on existing systems is lost.
    It depends on the country, the decade, the boss and the endless tax payer no bid gov/mil contracts.
    The problem with a security clearance is that the person is then obligated to report on all material and people they come in contact with by default.
    If the material looks like it could be security related, the cleared staff will have to report the matter and all connected people back to the gov/mil.
    Reading material, conversations, guests or outside academics presenting raw data, talks about the work of whistleblowers and how it could alter crypto, software or OS development has to be reported on.
    If they do not they have lost their security clearance. Another cleared person might have already reported the matter and mentioned a list of staff.
    The other long term factor is having two masters. If the mil or gov asks for cypto to be weak or its design changed the cleared worker has the stated directive to alter the project.
    Alter the code, weaken the cryto, build in a trap door and pass the work as been secure. That product then ships nationally or globally as a tested standard for years.

  4. Nuclear power plants and skills on Should Japan Restart More Nuclear Power Plants? (thebulletin.org) · · Score: 1

    What is under the sites, water? How deep, was the building foundations sunk or lowered. How deep was the original geological testing? Underground structures could have been missed in the decades old for profit rush to get the site started.
    Whats the on site back up power like? Low level backup fuel tanks placed near the ocean or water? Poor placement of back up electrical systems to power the site when all normal connections fail. Can expected flooding get to all the vital sites?
    The ability to cool, connect with power, keep power supplied to vital systems on site.
    Communications systems with the rest of Japan and its nuclear experts 24/7 that is ready, tested, powered?
    Quality and quantity of expert staff on site every shift? Who is on at night? Holidays? Do they have the decades of site skills to totally understand what needs to be done or will they have to be on call? How far away do they live? Can they be found in time if a unique situation presents itself again or many errors build up in one quick event?
    What is the state of the software systems that overrides the for profit energy production during an emergency? Really quick? Kind of ok for a list of expected events? Passed an simple expected gov inspection a while ago?
    How old was the old reactor? Who designed it? Upgrades in the 1980s? Who welded the tricky parts? Who tested the welds decades ago? Who is still testing the site welding? How often are the back up systems fully tested vs just looked at or tested to money saving standards?
    How safe are the on site cooling pools/areas ? Can they be cooled with existing emergency systems? Is another back up system ready for cooling?
    The basic new make safe costs might endanger profits. License extension paper work or upgrades and inspections?

  5. Re:Nothing patient related I hope on Nurses Use Makerspace To Invent Custom Health Care Solutions (hackaday.com) · · Score: 1

    Yes the medical supply firms will be upset too. They have a vast array of products to sell each hospital. No breaking that contract with on site efforts.

  6. Re:Can Apple push extra software on the device? on Apple Tells US Judge It's 'Impossible' To Break Through Locks On New iPhones (reuters.com) · · Score: 1

    It depends how long methods like "Cops Don’t Need A Crypto Backdoor To Get Into Your Iphone" (10.12.15) stay open as a default over every upgrade.
    http://www.wired.com/2015/10/c...
    As for push down a network onto a single users device? The SISMI-Telecom scandal 1996 shows what could be done years ago given the better quality gov grade telco tools. https://en.wikipedia.org/wiki/...

  7. Re:well that is the point. on UK Government Proposes 'License To Hack' As Encryption Proves Hard To Defeat (thetimes.co.uk) · · Score: 1

    A keylogger will be waiting for every message created or displayed.
    The idea is to get to the plain text as seen or created before any user installed encryption application or user installed/commercial alternative operating system.

  8. Re:Who controls the device? on UK Government Proposes 'License To Hack' As Encryption Proves Hard To Defeat (thetimes.co.uk) · · Score: 1

    It depends on where the person of interest was found. On IM chat, IRC, a forum, web 2.0 social media, some new phone only social media app.
    Re "how do we know?"
    A honey trap? Disinformation? No more access? would be a slow rolling in of online hints.
    To understand the traditional outcome consider the classic methods used on Irish human rights campaigners, UK trade unions or any other political or social issues going back many decades.

  9. Re:A few important questions... on The NYPD's X-Ray Vans (theatlantic.com) · · Score: 1

    Re: "Can any evidence collected from these vans, or evidence collected on the basis thereof, be admissible in court?"
    Drive around and the screen shows something 'different' for a substance/material on an existing detection database.
    The legal question is the long term risk of "the computer did an aggressive alert" as the only evidence could been questioned in open court. That could make defence lawyers very interested in every aspect of the methods used in open court. Computer source code requests, amount/type of radiation, why that area/person was selected... more methods could be exposed by even considering the traditional open court system.

    Re "What will be done to ensure that people aren't exposed to harmful radiation, especially without notice or consent?" and "exposed to harmful radiation?"
    If the project does not legally exist any extra public health testing/comments could leak operational details and be commented on in public by the wider scientific community/health/legal experts.
    Defund/give busy work to any pathologists, epidemiologists who ask questions/suggest study funding :)
    If no health data exists, no medical/legal questions in open courts can really get commented on, no health problems will get to the press.
    Keep all experts out of open courts and its all just fine.

  10. re "99% of the H-1B circus is bullshit."
    The origins of the ideas surrounding the lax, well funded international student enrolment go back to the Cold War. The US wanted to accept, educated and pump out as many skilled people from different nations as it could. They would return home with first hand experiences of freedom, democracy, advanced US science, the big US brands and US only methods.
    Some of then on average given a good US degree would infect their city, lower or higher government positions with ideas about US projects and close links with the USA. A lot of nations would slowly buy US products and services based on the skills their own internal experts.
    Later US multinationals got the idea to use the same methods to swap out local engineers/high skilled/high cost with lower cost, more controllable 'guest workers'.
    Great for generational share holders, the low cost worker and short term stock price for the management pay scale.. Not so good for skilled local people with top grades and expensive advanced degrees who helped build the US brand over the years.
    The next trick is to have free global movement of a bands data cloud and tax. The "programming job or skill" can then be found in nations like Ireland, UK, France, Germany, EU, Pakistan, India, New Zealand on low tax campuses where graduates are at a lower cost that can feed back into back end, secure US work.
    What will be left in the USA? Politically connected upper management, legal and tax experts, cleared security experts, mil grade contractors with deep connections. ie legal fronts with all the paper work to pass as 100% legal US firms enjoying no bid contracts for mil and gov projects. The work will be sub contracted back to other risky nations and US paper work submitted that the brand or firm is secure for all mil/gov projects.
    The real magic is getting people to think its all about trendy freedom :)

  11. 1+ for this. Keep wifi off and use all wired networks if possible to important data storage. If wifi is *really* needed use only for a secure sub set of devices that have nothing of value on them..
    Walls and the short distances in city areas do not help :)

  12. Re "It takes about 2 minutes, or less if there's less water, so I don't see why it benefits from being remote controlled."
    It might be an idea from around the 1970's with product like Teasmade https://en.wikipedia.org/wiki/... "... generally include an analogue alarm clock and are designed to be used at the bedside, to ensure tea is ready first thing in the morning."
    So the "remote controlled" or time aspect does has some historical product connections.
    Adding a new computer network is just more fun :)

  13. Re:Americium is a byproduct, not an isotope of Pu on US Will Clean Area In Spain Where Hydrogen Bombs Fell (nytimes.com) · · Score: 1

    Its been in the ground since "In 1966 a bomber collided with a refueling tanker in midair and dropped four hydrogen bombs"
    Modern tests will find all kinds of interesting products from the material lost over the years :) Thats why a good, total early clean up is so important.

  14. Re:wait a second on US Will Clean Area In Spain Where Hydrogen Bombs Fell (nytimes.com) · · Score: 3, Interesting

    The highly toxic US equipment left scattered over the years can be found and recovered by US crews that are used to dealing with such rather common events.
    The US has mentioned it had a few nuclear related issues due to the huge numbers of nuclear armed flights around the world, crew issues, equipment issues.
    United States military nuclear incident terminology https://en.wikipedia.org/wiki/...
    List of military nuclear accidents https://en.wikipedia.org/wiki/...
    has other details over the decades surrounding issues like accidental criticality, non-nuclear detonation of an atomic bomb, partial meltdown, weapons jettisoned and not recovered, fire, release of nuclear materials, nuclear bomb lost...
    Most nations like to be seen to clean up after their own crashes to fully recover secrets, methods, materials and put a good media spin on been nice to nations where they have bases or want to have more bases.

  15. Re:Ok everyone: What do politicians do? on Despite Promises, China Still Targeting US Firms (crowdstrike.com) · · Score: 1

    Get away from any open networks, air gap within a site, encrypt to a better standard than whats floating around as a default.. hire people who understand networks at the site level, who can design/work well with advanced encryption.
    Its going back to the walk in vault of past decades :) Just with super computers on site.
    Why is all the secure information been open networked in the USA?
    The best designers enjoy life in some culturally enriched leafy suburbs and cities. The production lines are in other states thanks to some political jobs deals, huge energy needs decades ago. So the complex mil/gov only networked data has to be sent over vast distances via front companies, networks, telcos, foreign brands. They all get a look or can split the networks.
    Better crypto cant secure the huge open facing networks that link the university and company mil/gov networks to the many distant suppliers and production line sites.
    The US traded the comfort of its best designers and private sector needs for security per project site. Every winning state gets a bit of the huge federal contract and can hide the really skilled workers per state, city.
    Networks solve the distance issue and allow the very best to work all over the US and add their ideas quickly.
    The problem is the networks are not well understood, open to the world or just set to US junk standards by default.
    Other advanced nations just split the network and get vast amounts of free data and can ip/date the blame on other nations.
    Security audits long after the event then find simple traces leading back to the expected list of nations :)
    All the political leaders did was ensure their state got good paying mil/gov jobs. Nobody told them to factor in the tame networks, complex security needed to work in other states and send sensitive design data every year over decades.

  16. Re:Why store it at all, it's NOT waste on Former Governor On Holding the Department of Energy Accountable In Idaho (thebulletin.org) · · Score: 1

    Re: "recycle" would have put production out of cheap and easy reach of the US mil sector.
    It was part of the early US nuclear weapons cycle and kept that way for inspections, later UN treaty obligations. Every US private company, the mil, gov got what they needed out of the simple methods put in place.
    The UK, France, Soviet Union had their own exotic ideas about their own use, storage and international inspections, treaties.
    They had fewer needs to stay with traditional methods and found ways to deal with some of their waste ie new ideas to reduce big long term cooled water pool or expensive longer storage.
    The very public downside to decades of production line nuclear weapons ready systems is the very large amounts of complex waste.
    It was well understood at the time that waste would be created on an epic scale but it was the easy way to link the very public nuclear energy sector with the needs of the very hidden, large scale nuclear weapons production. The 'no-recycle policy" was a way to keep all the old production lines ready without any questions or new tech, upgrades.

  17. Re:what's the point? on The Problem With Mandatory Drone Registration (roboticstrends.com) · · Score: 1

    Re "If it doesn't provide a "valuable solution" to a known problem, then why do it?"
    The point is that any law enforcement official at any state, city, county, parish or federally can spot drone use and than demand the ID.
    The question or discretion of having or needing to make contact on public property is removed. If you have a drone its papers please time.
    Been "near" a base, mil site, gov site, protected site, art work, private sector building, court building, jail, prison, city, town, road, crops, farm, near an airport ... while on public land will get a chat down. The ID linked to city, state and federal databases as you wait. No more stop and identify statutes gap in some states, no more been legal on public land.
    Now only showing new ID makes any drone use in select areas legal again.

  18. In todays digitized, privitized for profit world? It could be as simple as standard gov/mil digital paperwork. A privitized company that keeps one long document that lists mil/gov skills and past work history.
    Its sent back to keep safe as "your copy" or to add to or to correct. No need to make the long trip to some secure US gov building and sit down after showing ID :)
    The main reason is to make the US mil and gov as attractive to contractors as the private sector. The ability to have a digital work history can clear a path to many different gov and mil needs and allows the mil to find unique people with skills for different covert missions.
    The ability to totally construct a new all digital life story is great for the covert side been recreated in gov, NGO, faith, diplomatic or private sector.
    Digital files allow the US to attract or provide quick new clearances for different skills and keep retention issues under control.
    Most nations security services keep their files in vaults well away from all digital networks. The US tried something most nations would never attempt. Useful staff can be found and used but digital files that are not kept on secure networks do have issues.

  19. Re:Backup to GPS is great but just use computers on Naval Academy Reinstates Teaching of Celestial Navigation · · Score: 1

    It depends on who and how smart the enemy is. Can they do a lot of anti-satellite missile above the area of interest? Got a fifth column or special forces in surrounding nations?
    The next big worry for most modern navy planners is what is carried deep into the modern ship in terms of consumer grade crew electronics.
    Was the ship designed to be some clean intranet where every internal computer command is considered as quickly as possible with less consideration on origin and security? Is the ship 'running' on parts of common commercial consumer operating systems to make it more easy to find contractors to 'fix' and 'upgrade' back in port?
    With every patrol the number, capacity and power of cheap consumer grade electronics grows. Different navy commands around the world understand the need to enforce a total ban, others have to consider crew retention, how happy the crew is over the weeks. The need to allow outside devices packed with images, videos, music into even the most secure areas without comment is a fun issue. Where did the file come from, what extra code may have been pushed onto any device "just" playing music?

  20. Re:What's A Criminal To Do? on Beware: FBI, Other Agencies Might Go After Your Voluntary DNA Records (theneworleansadvocate.com) · · Score: 1

    The next fun part around the world is standard "free" health service blood DNA tests.
    Your is too "low"or "high", find out in a few weeks if it is from both parents, one or none, want to take the free DNA test?
    The use of public data for the "Selective Service" (what was military conscription) in the US in the 1980's showed what could be done with any data "found" by the US gov from simple lists to now complex datasets.

  21. Re:Not solving a damn thing... on NBC News Reports US Will Require Registration For Consumer Drones (nbcnews.com) · · Score: 1

    From a city/state law enforcement officials perspective it gets past all issues that some states have over "Stop and identify statutes".
    With a drone in play anyone in any state might have to produce their new photo id drone documents on demand, no legal 'reason' needed.
    Then the the long complex chat down can begin. What can be seen from the drone, what was captured by the drone at 4k, on public property but... near a .... site.
    Next step will be DSLR and video camera users :) Think of them as slow drones users on the ground with all their fancy talk about been on public property.

  22. Re:Tthey should be able to spy on some of them on UK MPs Hold Emergency Debate After Court Makes It Legal For GCHQ To Spy On Them (westerndailypress.co.uk) · · Score: 1

    A "Paymaster General" was looking at all security around 1964. Every department was to have its security considered.
    Top level sigint reports got US standards and the UK really had to keep to US standards.
    The UK was working on a lot of material in paper form and it was hard to track it all during creation or as it was been worked on.
    A huge risk was the UK signals units around the world with low pay, poor conditions and high level security that was felt to be secure by default. An epic mistake.. other nations repeated many times :)
    The tension around 1963 was that all political letters and calls would be kept by default. That would need another round of positive vetting of all the people who got to listen to secret policy creation. The UK was still having issues about the vast work load of vetting existing staff or not having staff vetted..

  23. At the time the UK was facing the Vassall https://en.wikipedia.org/wiki/... , Profumo Profumo_affair and Philby https://en.wikipedia.org/wiki/... issues.
    The big issue in the GCHQ at the time was positive vetting and who got to see what files. Who was autonomous enough to look after the sigint reports at the very highest level? The comint-cleared centres and very secure UKUSA material had to be protected or the US would stop the flow to the UK.
    The UK is back not trusting its own again and is settling into that 1970's condition of trying to find leakers at the very highest levels.
    What can todays UK political parties do? Treat every party political phone call, fax, email, web search as been shared with the 5 eye mil/gov members. Add in any other nation who was invited in to the same collection methods.
    Privacy for party political matters can be found again by not talking on the phone, not setting out policy in emails or on computers in great detail.
    Meet as a party and consider every method and device that can collect the inner, initial deliberations.
    When committing to policy at an official level understand a lot of other nations will be seeing the same 'secure' digital papers :)

  24. Set weak standards on How Is the NSA Breaking So Much Crypto? (freedom-to-tinker.com) · · Score: 1

    The ability to create, shape, sell, and attack weak international crypto would be the easy key to decades of "the ability to crack current public encryption".
    A "computing breakthrough" could just be in cheap storage, fast sorting that allows a collect it all ability after getting plain text.
    Nothing much has really changed from the ideas of the 1950's. Set weak junk encryption, get the majority of users accepting a weak standard and then collect it all.
    It worked for diplomatic hardware in the 1950-90's. Just keep pushing the easy to break standards and really smart nations line up to buy and install junk crypto globally.
    How did it work? Nations only tested for man in the middle attacks or trying to force the crypto. The West had the design, trap door, keys so getting back plain text was not an issue :)
    In the past words and important messages had to be kept or sorted in real time. Now the 1970's-90's breakthrough is collect it all.
    Low prices, created in neutral nations, great marketing, seeing fake reports about other advanced nations trusting the same systems are the most easy tricks to sell bad crypto.
    The other magic was to buy up or create crypto front companies with endless gov funding if a really private sector secure product ever emerged ever generation or so.
    Other more simple and direct methods also stopped development of advanced independent domestic crypto.
    The clues to how the NSA works on all emerging crypto are in the crypto history books.
    How did the UK break the Soviet embassy codes in the 1930's? They hired the person who worked to on them.
    Ernst Fetterlein https://en.wikipedia.org/wiki/...
    Weak codes, finding the correct staff, ensuring other nations never create good crypto or buy into junk standards.

  25. Re:Poison the Well on If You're Not Paranoid About Your Privacy, You're Crazy (theatlantic.com) · · Score: 1

    Re AC and the "Perhaps a browser plugin could be developed that does occasional random searches in the background."
    trackmenot https://cs.nyu.edu/trackmenot/ "... actual web searches, lost in a cloud of false leads"