|
GutBomb posted:What ever happened to that massive list of people being released? It turns out that most people already own a phone book.
|
#
¿
Jun 30, 2014 23:56
|
|
|
|
| # ¿ May 2, 2024 03:39 |
|
|
Winkle-Daddy posted:Can you name a single CA that doesn't validate registration details? What I'm saying is "good luck getting a cert for a domain you don't own." Whether or not NSA and the GCHQ can through back channel means is a totally different question. Also, if a CA is found to not be doing proper validation they will be dropped as trusted by browsers thus ending that company. Here's an article about a Dutch certificate authority that issued SSL certs for google domains in 2011: http://www.computerworld.com/article/2510797/security0/hackers-stole-google-ssl-certificate--dutch-firm-admits.html In that case, it was done by the people first hacking into the CA's network and taking control of computers there in order to issue and sign the certs. Other cases happen where the guy in charge of monitoring requests at a third-string CA didn't pay close enough attention, and some cases where it seems that the CA involved may have been directly paid off by malicious users. mystes posted:However, they absolutely can't do this to the entire internet without people noticing. This is immaterial because they don't do anything to the entire internet now or in the past (with the possible exception of the very early days when there was very little traffic). In fact, since statistics works, they should only need to do it to a representative sample of not-otherwise-targeted people for short bursts of time to be able to pick up on any sorts of trends they want to investigate further. mystes posted:If intercepting unencrypted internet traffic is so unnecessary why is the NSA doing it in the first place? Because when you're intercepting encrypted traffic and traffic of specific targets, you will always have at least some unencrypted stuff in your initial nets. So why not keep it?
|
|
#
¿
Aug 28, 2014 05:31
|
|
|
Crack posted:
Given that it's way easier for a service provider to fix things than it is to teach millions of random people to abide by something (and how exactly would you teach that anyway?) - which is a better solution to seek?
|
|
#
¿
Sep 4, 2014 22:43
|
|
|
Crack posted:Maybe educating users is not feasible, but I don't know how much of an "internet warrior-scholar" someone would need to be to realise that there is some risk of a data breach if you store something on iCloud with an obvious password. Except that even if you have an "obvious password", standard practices for security are to limit the number of attempts to use passwords in order to slow down such attempts. While for obvious reasons this can't be done if the attackers manage to break into the systems and steal the databases full-on (at which case they can then test passwords at full speed on their own equipment) it can easily require you to wait say 15 seconds between tries, and lock you out for 5 minutes after 5 failed tries (even better if you increase the wait times between failed guesses and cooldown before you can do your next 5 after each round of failures). And especially, make sure to lock out originating computers that have shown up multiple failed logins to multiple accounts in rapid succession. Consider for example a debit card. Typically the PIN is only 4 digits, and thus there's only ten thousand possible guesses. You would consider a bank to be lovely if they let someone who stole your card just punch in 0000, 0001, 0002, etc into any set of ATMs repeatedly until they guessed your PIN after multiple tries, wouldn't you? Hence why banks and ATMs tend to block transactions if the same card's been attempted to use with the wrong PIN too many times in short order. Obviously if you wrote "MY PIN IS 4029" on the back of the card in sharpie they can just use that right away but that's a level of consumer inattentiveness to security that goes well beyond what's in the company's duty to handle. Since you as the company advertising a secure service already know that your customers are likely to include a lot of people who do dumb things, your security design should be able to protect someone who is lazy or uneducated about security fairly well. It's probably impossible to protect someone who sets their password to be literally "password" or "123456" since any attacker will try those before reasonable lockout counters latch in. Salt Fish posted:I'm not advocating that we don't try to get companies to be more secure. Obviously if we can do that great. I'm just saying that if you use the Internet all day you should have some idea that cloud storage solutions for your naked selfies isn't super smart. On a practical scale it's a lot easier for me to tell my mom not to upload her sex tape then it is for me to pass legislation against literally the largest corporations in the world. But the kind of thing going on here is already largely mitigated by say Google or Microsoft or even Yahoo. If I gently caress up logging into accounts on any of those multiple times in a row, they'll tell me I have to wait a given length of time before trying again - and in the case of Microsoft one time when I kept failing to remember my password correctly they actually called the cell phone number attached to my account to ask what was going on because they detected suspicious activity and yadda yadda.
|
|
#
¿
Sep 5, 2014 16:58
|
|
|
Kobayashi posted:... there are potential technological interventions too, such as Nude.js, which is a proof-of-concept for identifying nudity in photographs and presumably doing something in response to that. Those sorts of things have been around for ages starting with lovely "parental control" internet filters that tried to figure out if lil Johnny is browsing porn and saving it on his parents computer. Needless to say none of them are reliable. There's also the hilarious effect that many of them ignore skin that isn't white people skin tones, and often not even all of those.
|
|
#
¿
Sep 13, 2014 20:23
|
|
|
KillHour posted:I don't. I've had jobs pull my credit report before hiring me. A credit report is a significantly different thing than full credit card records.
|
|
#
¿
Jan 28, 2015 22:47
|
|
|
ComradeCosmobot posted:Well, I think it's time to close the thread. The NSA has been rehabilitated, as over half of Americans view the NSA favorably, and only seniors view it more unfavorably than favorably. Millennials are the most approving, with 3 in 5 approving of the job the agency is doing. I remember when I told people this would happen and that leaking things slowly over time was not going to ensure long term distrust of spy agencies.  Snak posted:How can they even prove you're using encryption? What if you're just sending strings of garbage data around for fun? Because no one actually does that. Also if they're monitoring you specifically, they can tell when encrypted sessions are being started. You can't start them with plain random noise.
|
|
#
¿
Feb 11, 2015 05:17
|
|
|
Ghost of Reagan Past posted:Leaving aside RAH RAH ARE COUNTRY stuff, you might think that this is bad for the American tech industry. Why should anyone trust American technology? In seriousness? Because it's also the NSA's job to break into companies globally so there's no way buying Chinese or German is going to guarentee you any better safety. Remember that their SIM card heft stuff operated almost exclusively in Europe. In fact tech from countries that are "unfriendly"may be even likelier to have NSA backdoors, which they'd be a bit bolder with since "friendly" companies might be expected not to buy it normally, and the US government will studiously avoid itself. And that's before you take into account other cyberarfare agencies worldwide.
|
|
#
¿
Feb 22, 2015 04:45
|
|
|
tentative8e8op posted:I'm pretty sure American companies are still more likely to have innate NSA sponsored exploits like so. In addition to normal spying and hacking against such tech companies, nationalistic legal avenues for compliance, whether cooperative or compulsory, seem to me as an amazing bonus for them against U.S. manufacturers. That's pretty much exactly what the NSA wants you to think if you're trying to hide from them. The fact is that large companies are aware that your contention is most likely false, and thus don't take it into account in purchasing decisions. You can't trust anyone to not be infiltrated by the NSA considering what they've proven capable of doing completely outside of the USA.
|
|
#
¿
Feb 25, 2015 05:29
|
|
|
Tezzor posted:That isn't accurate. Locking your doors will not stop a robber determined to break into a specific house but burglars prefer an easy targets if they are targeting an area instead of an individual. When everyone's house is locked, being locked no longer makes you a harder target.
|
|
#
¿
Feb 26, 2015 04:37
|
|
|
LookingGodIntheEye posted:But the problem is that everyone outside the NSA is, directly or indirectly, an enemy of the NSA. By weakening the state of internet security in the US and across the world, the NSA acts as a detriment to everyone. Combine this with the NSA's highly inefficient "grab everything and then look later" MO and the NSA ultimately causes a lot of harm and returns little in terms of actual safeguarding national security for our citizens and companies. And this is really symptomatic of a greater governmental national security and military apparatus that is self-serving and antagonistic towards and undermines its own country and people. I do hope you understand that every major country is currently seeking to undermine every other country's security, and as such removing the NSA would do nothing to lessen that. Too often people seem to speak as if the NSA operates in some sort of vaccuum.
|
|
#
¿
Mar 14, 2015 23:50
|
|
|
Honj Steak posted:The situation in Germany has been intensifying steadily since the latest revelations and the Bundestag is now openly calling the federal chancellery to reveal the NSA's keyword list which is obviously something the Americans don't want to happen. I'm sure many Germans already own an English dictionary.
|
|
#
¿
May 27, 2015 01:07
|
|
|
hobotrashcanfires posted:But you see, a Republican is nominally against it and "leading" the charge. That sure does seem to be how these issues boil down to for a disconcerting number of people. Have Snowden leak with Bush as President, and we would've heard a vastly different tone from so many. We did have leaks about NSA spying stuff, ECHELON and other such things during the Clinton and Bush administrations. Just like has happened again, most people stopped caring, if they ever cared, rather shortly after.
|
|
#
¿
Jun 2, 2015 01:23
|
|
|
Of course the Washington Times wouldn't talk ill of the Patriot Act, they are a hardcore conservative newspaper run by a strange Christian sect.
|
|
#
¿
Jun 2, 2015 15:36
|
|
|
olin posted:Just wondering about the consensus of the readers of this thread; is truecrypt still the best open source option for full disk encryption for Windows? Is this site a safe place to download it from? If you're on Windows you should really just use BitLocker since it's built into the system. One problem TrueCrypt has is that it cannot properly handle a GPT drive - an alternate way of laying out partitions to the old MBR, which has to be used if you want to use all of a drive over 2 terabytes as a single volume. Besides veyr large drives, a lot of recent systems ship with GPT used by default even on much smaller drives, simply because it's the new standard, and you'd have a very hard time converting that backwards to MBR to use with TrueCrypt. There are some forks of TrueCrypt out there that are working towards support for modern drives, but so far I don't think any are as well tested as TrueCrypt.
|
|
#
¿
Jun 29, 2015 18:10
|
|
|
Rhesus Pieces posted:As if unchecked government surveillance wasn't chilling enough, a pair of bubbly lunatics is pitching "Peeple" to Silicon Valley venture capitalists and tech bros. In order to stalk or harass people with it, they'd first have to care about it during the likely 5 month span of time before their non-existent business model collapses due to no new money flowing in.
|
|
#
¿
Oct 1, 2015 00:33
|
|
|
RaySmuckles posted:I dunno, this is sort of the vision I have for the future. Its not unreasonable to assume you'll use augmented reality to, say look at a restaurant and see its rating, read reviews, look at the menu. Its not weird to look at a subway stop and see a map and have it direct you to where you're going. It also won't be weird to look at a person and see a rating, read reviews, see places they've been/people they know/interests, etc. This idea may be premature for now, but something like that is absolutely coming. Plus the idea is obviously to develop the idea and then be bought up and have the system implemented into a larger operation. I'm just going to point out that a few years back people swore Google Glass or a clone would totally be mass market by now thus making all the augmented reality stuff finally commonplace and blah blah. Frankly I don't think it's going to be something that actually takes off until you can spend like the equivalent of $50 current money to get that stuff put in your eye and not need charging etc. It's kind of like cars that turn into planes: yeah you can get it, in fact you can get it for a while now, but as time goes on it becomes more clear that it's just not going to be the thing everyone has.
|
|
#
¿
Oct 1, 2015 16:44
|
|
|
Dr. Killjoy posted:Tell me if I'm an idiot or not (who has watched too many dumb movies) but what is the possibility of these enforce security backdoors being found and exploited by hackers? 100% given enough time. Same goes for all security we're currently aware of beyond one time pads.
|
|
#
¿
Oct 9, 2015 22:30
|
|
|
Grouchio posted:Has the NSA infact been turned town several pegs since Snowden's acts of heroism/turncoating last year or so? There's no way to know, but that's extremely doubtful, being a practically unaccountable covert agency and all.
|
|
#
¿
Oct 10, 2015 15:01
|
|
|
Broken Machine posted:Fishmech don't be coy and act like you don't literally work for the NSA. You literally, verifiably work for the NSA, and imo the fact that they employ you is one of the most convincing arguments against what they do being in the public's interest. I really don't dude. I'm a photographer in real life these days.
|
|
#
¿
Oct 10, 2015 16:05
|
|
|
Broken Machine posted:ok but you do at least admit that you did so it's a bit lovely to mislead people like that Mislead people how, exactly? Like it doesn't require special access to take this picture: 
Nintendo Kid fucked around with this message at 16:47 on Oct 10, 2015 |
|
#
¿
Oct 10, 2015 16:43
|
|
|
LookingGodIntheEye posted:E: Note that although buttcoin uses blockchain, blockchains appear to more useful than providing a means for overblown price speculation. Blockchains are useless, due to the fact that their sole means of "security" is requiring a bunch of processing power to be wasted on making each write to it. We already have blockchains without the waste: it's every appendable database in the world.
|
|
#
¿
Nov 3, 2015 15:43
|
|
|
ComradeCosmobot posted:You're discounting the distributed aspect of the block chain though, so it's more like "every fault-tolerant distributed appendable database in the world" The distributed aspect only works due to massive wasted computing time part. (which also makes it utterly impractical for real use) That's why it's more like non distributed appendable databases.
|
|
#
¿
Nov 3, 2015 17:15
|
|
|
|
| # ¿ May 2, 2024 03:39 |
|
|
ComradeCosmobot posted:Correct me if I'm wrong, but I was under the impression that the 10-minute resolution time was arbitrarily picked and could be made shorter or longer? Buddy, it's the eventually needing to keep terabytes of data on multiple independent systems that's impractical, as well as having to dump massive amounts of processing time into each block that further makes it impractical. And then when you start decreasing the average block times there's more opportunities for conflicting results that take several block cycles to sort out. The entire concept, frankly, is dumb. Especially for purported business applications where it's being used between a few parties that trust each other... so why use a technology where the only thing it kinda solves is relationship between thousands of untrusted parties? Why do we need everybody to have on hand all individual transactions since the beginning of time, when all you need is say the current balances/information, discrete transactions for a few months online, and then anything older can be put into another form of storage if needed?
|
|
#
¿
Nov 3, 2015 18:09
|
|