CypherDragon’s Techdirt Profile


About CypherDragon

CypherDragon’s Comments comment rss

  • May 1st, 2019 @ 11:04pm

    Re: Re: Re: Gotta say...

    For a hacker to get to that in-memory return data, that means your machine is already compromised. If your machine is compromised, nothing is safe - and they likely have full access to your entire financial life, as well as other aspects. If you're working about data in-memory for this kind of attack vector as a private citizen, you've already lost the plot. If a malicious actor has this much access, you're done.

    All of the filing companies, as well as the IRS, use the standard SSL approach, which uses public-key cryptography to negotiate the handshake, and which uses one private key that decrypts anything encrypted with the public key. That's the way PKI works. The data itself is then encrypted using TLS 1.2, provided you use a major player that keeps it's servers up to date. That means AES 256 for the actual crypto, SHA-512 for the hash algorithm, and ECC DHE for the key exchange. This all means that your data is reasonably indistinguishable from background randomness for anyone without state-actor level computing power to throw at it. That is one of the keys of modern cryptography - ensuring that the underlying data can't be decrypted easily through brute-force methods such as letter frequency, or pattern matching analysis. Brute-forcing the key is far more common (mostly through rainbow tables and dictionary attacks against weak/poorly generated keys) than trying to directly decrypt the data.

    You are right to be skeptical of what's being used, and thankfully this is pretty easy to check (just click on the little lock icon, then view the certificate, and look at the details - it'll tell you all the above)...but you do need to educate yourself a bit on how these various technologies work together. So long as the keys are not compromised, or there is no hidden vulnerabilities in the underlying SSL technologies (which are typically found and patched very rapidly when they do happen) your data is about as safe as we can make it currently.

  • May 1st, 2019 @ 10:45pm

    Re: Re: Glad to be Dutch...

    It's the American Way(tm), the Free Market(tm) is doing it's job. It would be SOCIALISM(tm) to have the IRS compile the data they already have and just have the taxpayer verify it! You don't want SOCIALISM(tm) to win do you? Why, that would be as bad as SHARIA LAW(tm)!

  • Mar 24th, 2019 @ 9:25pm

    Re: Convictions rather than fair adjudications

    It's interesting that I should read this now, since some of my friends and I were having a discussion on our current "justice" system.

    I'm of the mind that we need a sea change in how we think of prisons and prison sentences. We think too hard about it being punishment, when we should be thinking of it as a means to keep someone from harming society while we learn how to integrate him/her back in to society.

  • Oct 31st, 2018 @ 11:12pm

    Likely a filtering false positive

    I work in infosec, as support for a global antivirus product. Part of our feature set is web filtering, including blocking known malicious sites. I can't tell you the number of times I've had to send a given site to our URL team for manual verification and unblocking, but it probably averages out to at least once a day, if not more. Most of the triggering for malicious sites is handled by automation, since the flood of data coming in from various sources (anonymized data from users (opt-in, of course), honeypots, web spiders, etc) is simply too large for every site flagged as malicious to be manually checked in any kind of timely fashion.

    As a company that's responsible for our end user's security, we tend to take the more conservative stance that if our automation platforms have a reasonably high confidence that some kind of malicious activity is going on at a given URL (eg, click-jacking, malicious ads, drive-by downloads, etc) the URL will be marked as malicious as soon as it crosses the confidence thresholds. If a customer reports that it's a false positive, and there is no actual malicious behavior (eg, someone had multiple tabs open and one of them had bad behavior, all open tabs would likely be tagged in the confidence algorithms since determining the actual source becomes quite difficult at that point) then it will be manually checked and removed from the malicious DB if it's clean.

    Sorry for the vagueness, but proprietary info and all that. That's likely the cause of both TorrentFreak being tagged as malicious, and the 4chan images referenced by the AC above. An algorithm picked up some suspicious behavior on a TorrentFreak or 4chan URL (which is completely believable on either site - either by ads or other means) and it was auto-flagged as malicious. This likely isn't something that a person that Steam/Valve set, but much more likely to be a algorithm or semi-AI decision made without human intervention.

  • Aug 20th, 2018 @ 1:52pm

    Re: Re: Re: Technically stupid

    So even easier method. Print it out, black out the redacted portions, scan to PDF, send 2nd PDF. No chance of metadata leakage, and no chance of the redacted data being "unredacted." Job done.

  • Aug 17th, 2018 @ 11:37pm

    Re: ZOMBIE! 8 comments in 3 years, 28 month gap since 2016.

    Just logged in to poke the Zombie troll.

  • Apr 18th, 2017 @ 7:52pm

    Data classification

    Sounds like they are using some variant of a data leakage protection (DLP) product for the censoring. One of the key features with most DLP products is that you can set thresholds for what triggers the rule. Eg, I want to block anything with the words "TechDirt" "Censorship" "Moody" and "China" but only if it has all 4 of those words in it. Simple to do with a DLP policy. Alternately, I could have a list of keywords, and have it trigger the policy once it hits a certain count.

    These systems are fairly robust, but they aren't without their flaws. Also, the system will only be as good as the policy makers can target their policies.

  • Apr 27th, 2012 @ 4:54am

    Re: Re: Re: Re: Re:

    I think "bigot" would work here...

  • Sep 24th, 2011 @ 1:24pm


    Never heard of the Crusades then? The Spanish Inquisition? The complete and total elimination of the Greco/Roman religion? How about the Salem witch hunts? Those happened here in the grand old USofA and not that long ago, historically speaking. If not, I would suggest you educate yourself...Christianity's history is littered with violence, conquest, terrorism, greed, etc. etc...

    Religious fundamentalists (of ANY religion) are the problem, not the religion itself. But go on, keep believing that Islam is the problem without having even trying to think for yourself. All you do is prove the old adage "better to keep your mouth closed and have everyone think your a fool, than to open it and prove them correct."

  • Sep 6th, 2011 @ 6:00pm

    Re: Re: Re: Re: Anybody see the bottom...

    Actually, they wouldn't have to admit anything. Most low-level government jobs are "at-will," meaning they could fire her because she didn't wear the right color contacts that day...

    Oh, that whole "rape" charge? No, that was merely coincidental, we were in the process of laying her off as her position has been made redundant...

  • Jul 22nd, 2011 @ 10:59am

    Re: Re: I Wonder If We’re Showing Our Age ...

    Stupid WSYISYG...that should be "<blink> tag"

  • Jul 22nd, 2011 @ 10:56am

    Re: I Wonder If We’re Showing Our Age ...

    Back in my day, we didn't even have the tag, and that's the way we liked in! No siree, none of this fancy-schmancy "hypertext markup," or "flash-enabled" doohickeys, or WYSIWYG editors. Just simple, straight text, transferred at 300 baud! Gods how I miss those blinking lights and the musical notes of modems handshaking...

    Now get off my lawn, ya damn hippies! And take your tag with ya!

  • Jul 7th, 2011 @ 1:33pm

    Re: Patent Myths

    Extending the patent life for pharmaceuticals has also had a disincentive effect on creating cures for diseases rather than simply treating the symptoms. Seriously, do you ever expect to see a cure for cancer or any other long-term debilitating medical condition? Until the pharmaceutical industry is no longer motivated simply by profit margins and on-going revenue, it will never happen.