3554 posts • joined 10 Jun 2009
Re: The Fix
We've ALREADY had a number of high-profile dumps. Celebrities either live with the risks or eschew the Internet, and frankly those ARE your two options.
Re: EMails are anomalies
Post and bulletin boards, shopping trips, and newspapers (with their classified advertisements) served a similar function for centuries. And all could be observed to enough of an extent that things could be gleaned from your habits.
Re: Hate to say this
Which means we're in the delicate part of the revolution: the part where we start learning of the unintended consequences. Think the big push for insecticides...until we learned the side effects of stuff like DDT...
Re: Turn the debil off ...
Until you get tagged by an IP match, a "cookie" matcher (or other thing that can track stuff you can't erase), some other clever bugger that figures out your fake IP or login is connected to your REAL one.
To maintain a fake identity on the Internet for any length of time pretty much requires using a completely different computer on a different IP address. And even then, an uber-clever matching program may start making inferences based on one's grammar style or other kinds of long-standing habits that are hard to think about, let alone break.
Re: ""Privacy may be an anomaly.""
"Once I have convinced you that resistance is futile and I will do whatever I want with you I have already won.
Don't believe the BS."
You assume it's BS. Thing is, for the most part, it's not. We've really become the Global VILLAGE (And I mean that in the sense of a small, tightly-knit community that can easily tell who's doing what. IOW, Villages have no expectation of privacy).
If convincing you that resistance is futile is a winning condition, then actually achieving the state that what you want is inevitable must be a condition of never losing. You're holding the royal flush, the ace of trumps. Until the game changes, no one's going to knock you off the top.
Re: Fusion for energy
NOTE: I've already noted the big problem with aneutronic fusion--higher energy requirements--so I'm honestly skeptical. Let's see some HONEST innovations, complete with their benefits and drawbacks vs. the tokamak or whatever.
I don't know about a one-day collapse of civilization, but I could see high-stakes energy interest being against the idea. ANYONE with skin in a market would be against a disruptor out of their control. Kind of like people invested in aluminium as a precious metal when electric smelting of alumina was invented (transforming the metal from precious to common). Most fuel companies would not be too pleased with a fusion breakthrough since it would pretty much dry up the power plant market (though to be fair they wouldn't collapse altogether--each would still have markets fusion wouldn't challenge at that point--coke is still needed for steel, synthetic hydrocarbon fuel is still some way off, and methane/propane still has efficiency advantages in heating and flexibility advantages in power generation).
Re: There's more than one way to skin a cat.
It may interest you to know that aneutronic fusion like you describe is EVEN HARDER to pull off than deuterium-tritium fusion (in the case of hydrogen-boron, by a factor of 10 in terms of energy requirements).
The trouble is that the way they work DEPENDS on their scale. It's mass and gravity that kickstart stars in the first place. Otherwise you'd just have a much larger Jupiter (too small to jumpstart itself). Much as we'd love to tap into their power, terrestrial solar collection isn't efficient enough, and space-based collection presents the problem of safely getting it back to earth.
So the problem becomes trying to sustain a net-positive fusion reaction that doesn't rely on tremendous mass.
I'm rather surprised the malware didn't take their work to its logical conclusion: request network or GPS location and text the phone's location to the authorities as the location of a conspirator.
The thing is, all the Bitcoin identities are hashes, meaning they're like Swiss bank account numbers. They need to attach names to those hashes.
Having said that, there are services like Coinbase that work within the confines of the law in that regard. They treat Bitcoin like a foreign currency which has a well-established set of rules, practices, and regulations, and they keep records for tax purposes. If Bitcoin exchanges behaved like Coinbase or equivalent, then I don't think the US Government will be too concerned.
Re: Dead stupid, but might still be adopted
Easy? I daresay the only way you'll get something like that through is by CRISIS. And given the type of crisis that'll take, I shudder as the collateral damage.
Re: Dead stupid, but might still be adopted
No, do that and they'll balk because fixing it for them costs money. And note that the banks can influence Congress.
Also, if consumers don't like the EMV, they could do the ultimate protest and back out. Like I said, some peole are VERY bad with numbers.
As for hidebound belief, a sizable contingent of Americans were polled as saying the world is flat (and honestly believing it, too). So you know what, the cynic in me tells me to expect the worst now, as too many people are too stupid or apathetic to give two shakes of a dead dog's...you know.
Re: Err, really?
That's assuming Chip-and-PIN gets accepted. You have to ask why magstripe has stayed in the US for so long, and perhaps one reason is that people have trouble with PINs (which are already used for bank cards). What happens when too many people cry out, "I want my magstripe back!"?
Re: Not going to make a squat of difference.
"I cannot says this enough NEVER EVER EVER EVER "buy" a phone on contract. Do an outright purchase, or do do without. Don't come crying to me if you can't do anything with your phone outside of your original carrier at the end of your contract. Heard it enough here, and I'm sick of it."
Well, sometimes, you don't have a choice. It's either the contract phone or NO phone, especially in the US. Most international LTE phones don't support bands IV or XVII which are the main bands used in the US. And last I checked, ALL the big-brand US phones are sold locked because they normally go to the providers first (buying one direct tends to net you the International phone, which like I said is problematic here).
I'm of the impression that LTE has helped to stabilize things at least in regards to the two big ones (T-Mobile and AT&T). Each has settled on one band (IV and XVII, respectively) so US LTE phones tens to keep those bands and play the field with the field with the remaining band allotments (My S4 for example supports I and VII, good enough for most foreign use).
And I've seen Net10 change over to a SIM-only provider with their SIMs available here and there. Of course, you could also get SimpleMobile SIMs cheap over the mail.
That's usually stopped by the frequency gap. Most US phones don't work well abroad. Most of them use a frequency unavailable in the US as it's a military frequency there. I think the locking is more to stop provider-jumping in the event of unusual deals.
About blanking time.
It should be standard policy that any phone that fulfills its contract plan be unlocked automatically, as the contract (the reason FOR the phone lock) is completed at this point. Historically, T-Mobile USA has been very reasonable if a little reticent about unlocking (when I was with them, they let you do it as early as 6 months, and without charge except maybe a phone call) while AT&T has been as reluctant as can be. Can't say about the other GSM providers, but some consistency in this matter can only help.
Re: Apple Telly
Thing is, for 4K to sell, it'll need something outside of Apple's control: CONTENT. And for once, the movie companies have said "No Way, Jose!" to anything even remotely resembling general-purpose computing. Unfortunately, Apple counts among them (FTR, so do Google and Android). When 4K content arrives, Apple will have no control over the content: the movie companies are too paranoid to trust anyone but themselves and those they've hired directly to deliver the goods.
Re: @Charles 9
"They were probably more cautious about a peripheral for a video game console with known sales figures."
AND, more importantly, a known lifespan. When you know your console will pretty much be in the bargain basement inside of a few years with its successor on the horizon, you pretty much know how long you need the tech. That's the thing about tech: it moves fast. By the time you're done, you're already seeking the next generation of that tech, which is as likely as not to be elsewhere (and from what I heard Microsoft went and bought that tech which is now in the XBox One). Microsoft bet on Kinect and for the most part it's paying, so they'll keep running with it.
Why buy when you can get a long-term lease for cheaper? And by the time the lease expires, newer tech will be along to replace it.
Re: Apple v Microsoft round 1001
I think Microsoft isn't too concerned about Primesense or the related patents. Odds are they hold a nice long licensing agreement with Primesense that would be transferred with the acquisition. Which means Apple can do sod-all with the deal or Microsoft (since the license means Microsoft can legally use the patented tech) until the contract runs out.
Re: @ Jason 7, NSA really isn't hanging on your every word
As for the weakest link in any encryption, isn't it the human factor, which you really can't do much about? Isn't that why social engineering and the rubber hose are so effective?
As for computationally-expensive algorithms, this poses a challenge. What if you must be secure BUT you also have limited resources (such as a weak embedded system that nonetheless can't be replaced or the need to be able to do LOTS of them at a time so even a top-end CPU get bogged down), meaning you MUST be computationally cheap as well? Would this be considered intractable? And if so, what happens when forced into such a situation with no room to improve?
Re: Incoherent Nonsense
"OpenSSH authenticates both the server and the client party by Strong Cryptographic Means. There is NO WAY to "insert" even a single bit into an ssh connection. Or to remove one. All you can do is to destroy the connection completely."
Sure there is. One way is to insert it BEFORE the encryption (if a process can subvert either end, they can access the cleartext BEFORE it's encrypted).
I'm putting my money, though, on a SECOND simultaneous session with its own keypair, and running ALONGSIDE the existing session. So on the network, the SSH session packets get shuffled together. To a network monitor will look like another packet of ciphertext, indistinguishable from what's already been passing through. And since it's being run on a server machine, it would be hard to distinguish traffic from the C&C from legitimate traffic.
Re: Backdoor or Trojan?
No, it's properly called a backdoor. Any program that surreptitiously opens another way to access the system is by definition a backdoor. A program can be BOTH a trojan and a backdoor (it's the flow that determines if it's a backdoor or not--if the malware waits for a C&C to connect to it, it's a backdoor. If it actively seeks the C&C and connects to it, it's just a trojan).
As for how it got in, I would wager it piggybacked on another trojan that carried a privilege escalation exploit.
When we can see a 256GB R-RAM module in a 2.5" form factor for no less than twice the cost of a comparable flash drive (or the equivalent on a PCI-E card), THEN I'll say it's probably the future.
Thing is, all these post-Flash techs have been "a stone's throw away" for years. At best, some of these have seen limited rollouts. Call us when one of them hits the mass market.
Flash may have hit the density wall, but hard drives are hitting the SPEED wall, and right now enterprises need SPEED more than anything. Internet commerce runs at breakneck speeds; if you don't keep up, you get passed. So enterprises with that need for speed CAN and WILL pay the premium for whatever flash is available (some are even willing to shell out bookoo bucks for SLC flash--think of THAT). The figure is that, for that outlay, they improve their transaction rate which raises their returns, allowing them to amortize the premium AND keep up with the competition.
And before you say, "prioritize your data," many business are in a situation where they don't (and perhaps CAN'T) have "stale" data that would be the candidates for offloading to hard drives. They need ALL the data ALL the time at a moment's notice (IOW, since you never know what your clients need, ALL the data becomes priority one).
Re: I don't know about...
Thing is, the consumer sphere will still have a valid use for spinning rust: bulk storage of low-priority data (think music and movies for a media center or a home backup--tape is impractically priced for the home). Time is NOT of the essence here, but space IS. So hopefully WD and Seagate will keep the spinning rust going for a while longer at least.
Thing is, manufacturing energy costs are one-time whereas operating energy costs are continual as long as the drive is running, so there's always the likelihood the cumulative operating costs exceed the one-time manufacturing costs.
Re: "District court"
From what I've been told, the US Court of Appeals ALREADY ruled on the case, sending the case BACK for a point of law ruling. If appealed, even before the full court, they are likely to uphold the ruling they already made. That would leave only the SCOTUS, and they won't agree to hear it unless it raises a significant legal or constitutional question.
Just a question. Why is a federal district court judge the FINAL say in the matter? Has the US Court of Appeals for the 2nd Circuit already ruled on this case? Even so, cannot the decision be appealed to them and from there possibly to the SCOTUS?
Thing is, they're attacking all the proxies, too.
Re: v4 IPs
The Brits aren't so dense. They block by IP; since most people don't know how to keep a hosts file or use an alternative DNS (they may not even be able to--depends on the ISP), that tends to be enough for them. That's why you typically have to reach the site by a proxy which hasn't been blocked yet. If the site changes IP, they'll just block that one, too.
Can't even do that.
Copyright is like thermodynamics: you can't win, you can't break even, and most importantly, you can't leave the game.
Re: Encryption without authentication is pointless
Disagree on your disagree.
1. You forget that massive storage center being built in Utah. They can do a "copy now, decrypt later" tactic and use cryptanalysis, spies, and black projects to obtain the keys later. Not only would copying not introduce lag if done on the side, but they've already shown a willingness to hoover up EVERYTHING to search for the one that gives the game away.
2. Again, if the spooks just hoover everything up wholesale, then it doesn't matter if you're furtive or not. They'll get you anyway, anytime, anywhere, encrypted or not.
Re: TLS needs to be fixed first
Like I said, ANY form of trust system (Trent, even the Web of Trust) can be subverted by a determined government agency (Gene). A large enough government can create a determined key-signing effort and subvert or compromise some of the identities.
To defeat two-factor authentication, first you have to assume the party has a second factor at all (if the conversation is international, that's iffy). Second, if one party is a company, then Gene has a single point to subvert: MITM the line people would call to get the second factor.
Similarly, for you Amazon web example, Gene can MITM all the public key displays, substituting their keys in the ads and relabeling their packages (remember, states have some of the biggest resources available in the name of security). OR they could use an insider to infiltrate and obtain Amazon's private key (some companies HAVE had their private keys compromised--that's how some signed malware slips through the radar).
Re: TLS needs to be fixed first
But at the same time you NEED the Certificate Authority to act as Trent in the Alice-Bob trust problem. Otherwise, they have NO way of knowing each is really who they claim to be. I think if Gene can target THIS Trent, they can basically target ANY Trent (even a peer-based Trent system by way of tactics similar to search engine gaming). Which takes us back to the problem: IS there a Trent that can't be beholden to this or any other Gene?
Re: 20 years late, but better than never
"I do wonder how many billions, if not trillions, of dollars/pounds/euros/renminbi/slips of Gold Pressed Latinum have been lost by unlawful interception of cleartext packets containing valuable information, whether by Governments, Criminals, Competing Businesses, or anyone else who has a vested interest in fraud or theft, when it could have been prevented in the first place by defaulting to HTTPS."
Probably not as much as you think as the spooks/malcontents already know how to pwn the endpoints where the encryption, by definition, has been removed. Since content must be plaintext to be useable, they just wait for that point.
Furthermore, the subversion of CA's has demonstrated that secure communications between relative strangers is pretty much impossible as security theory can show. Alice and Bob can't trust each other because they've never met, so they need an intermediary, Trent, to vouch for each one. Gene therefore targets Trent instead. If we're not in a world of "Don't Trust Anyone," we're close.
Re: Nuclear energy is expensive
Since only a few kilos are needed for your average nuclear reactor, compared to TONS for coal you're talking a reduction of mining, refining, etc. on the level of an order of magnitude. And that's Uranium. Thorium's ALREADY mined due its proximity to rare earths (which BTW are mined for the wind turbines). Just need to fit in an additional step to get the Thorium out and work from there. And let's not begin with the petroleum industry which has had accidents and disasters of a whole different sort.
So, even WITH all the steps involved, is it one of the safest things human beings do? Given the alternatives, I can think of worse.
Re: "Got any other immediate options besides fission reactors?"
But most of the energy in the world is used by INDUSTRY, not residential or commercial interests. Take aluminium smelting. Electricity (and lots of it) is the only practical way to separate it from alumina, and demand for the stuff is rising due to its light weight (making it the best material for long-distance power lines, among other things). Then you take into consideration things like arc welders and so on that are basically driven by electricity. They're not going to to away anytime soon, and due to how they use the electricity, odds are you won't be able to make them any more efficient than they are now.
But back to people. China and India are rising nations, each with over a BILLION people. Even with high-efficiency appliances, sheer weight of numbers will add up.
Re: Nuclear gets my vote
Then as the saying goes, they're playing with fire, though it depends on the composition of the coal. Thing is, coal can naturally emit hydrogen gas as well as methane and propane. All three of these can combust under the wrong conditions, causing the coal pile to ignite. Indeed, this has occasionally happened in the coal MINES (they're the primary components of firedamp--it and coal dust are the two main agents in coal mine explosions).
Re: How much money is seriously spent on renewable research?
That's good in California when the highest demand is in the summer. But what about up north where it's the reverse (highest demand is heating--at NIGHT--in the WINTER when the sun is weakest)? Also, the biggest solar-thermal system about to come online (if not already) is slated to power about 100,000 homes. California is America's most populous state. Last census counted about 12 MILLION homes. We're talking an order of magnitude difference between what's being produced and what is needed. And this is just the United States. Let's not start with India or China, which are are at least TWICE (China at least THRICE) as populous and with their own demands and legal hoops.
Put it this way. Unless green tech can produce a YOTTAwatt of power in fifty years time, we're going to need something else. And nuclear is the only one of the rest of the lot that's at least carbon-neutral.
Re: StartMail Beta
To each point, I challenge:
- Who keeps the keys to the user vault? You and you alone? Remember, a master key was what nailed Lavabit.
- Neither forward secrecy nor TLS can do much against cryptanalysis: attacks on the PROTOCOLS using side-channel techniques. That's what led to BEAST and all the other secure-channel attacks.
- Again, the spooks are targeting the protocols, not the keys. IOW, they're not trying to get a key to copy; they're trying to secretly cut a way through the wall.
- May not be good enough. As noted, the NSA can already possess international shared-secret agreements with other nations. That can include the EU at large, of which the Netherlands is a member. Either that or the NSA can compromise those countries even against their wishes. I'm inclined to think the ONLY countries the NSA can't tap in some way are countries that are in turn beholden to ANOTHER, anti-Western state spook authority like the Russians or the Chinese.
Re: Clash of the titans
Well, the Internet is basically "Bend Over" territory. If neither of them are doing it, it's someone else like the Chinese.
Re: DAB is pointless @Ben
I stand corrected.
To say nothing of the US which isn't even trying and is instead using a different scheme (HD Radio) which works IN the FM band.
That said, takeup has been slow here, too (you can retrofit an HD radio receiver into your car, but the demand just isn't there, and let's not start with portables), but at least they're not doing anything to the FM radio band anytime soon.
Re: Electricity is free is you steal it
"Sure, 10k slave machines would do some good. But what are the odds of the infection going unnoticed, when it is gobbling 100% of the CPU power, turning the computer in a home heater?"
If it finds slaves with viable GPUs, the malware can use the OpenCL cores to make these slaves increase the MHash output. Just a few hundred slaves with GPUs within three generations of present could even the stakes. Plus smart trojans can wait for low activity or nightfall to do its dirty work, making it less likely to be noticed.
As for the "other dirty work," it doesn't have to be either/or. Do that on the side as well. Malware diversification.
It's hard to carry on a clear conversation using a mobile phone EVEN IN A QUIET ENVIRONMENT. Wind and breath, for starters. That's why throat mics. They're immune to wind and resistant to ambient noise, which was why they were used in World War 2 in tanks.
"Don't mess around with my body. Period." Well, don't put the bloody thing on. It's not like it's going to be permanently grafted under your skin. It's just a stick-on throat mic (the "tattoo" is actually temporary, like the kiddy "tattoos").
Re: El Reg, you got played
Besides, last I checked, radar tech is starting to move to multistatic installations, which can work more passively (meaning destroying the transmitter doesn't necessarily degrade the efficiency of the receivers) and actually turns current stealth tech against itself (because they normally work by deflecting radio waves--such craft would stick out like a sore thumb in a multistatic radar reading because they'll be blocking expected signals).
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- GCHQ protesters stick it to British spooks ... by drinking urine
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Something for the Weekend, Sir? If you think 3D printing is just firing blanks, just you wait