Did you mean to say unlike lazy people in general?

If you can get the symmetric key negotiated between the two hosts, what's stopping you from using it to decrypt subsequent traffic?

I'm pretty sure DD-WRT doesn't generate a new certificate every reboot, and if it did, generating a new private key would be a required part of that (the private/public keypair are generated in tandem as a necessary step of RSA).

I recently just reinstalled DD-WRT on my router for various irrelevant reasons. However, I had set it up with remote SSH access on a non-standard port so I could tunnel through it to my home web server to retrieve documents and such. I just did this over the weekend, and today (my first day back at work since) I ssh'd into it, and was presented with a prompt by PuTTY to accept the key fingerprint. So, it appears, a unique key is generated at least between firmware installs.

1) Router administrator negotiates an HTTPS or SSH session with a router or other hardware
2) Attacker is either listening passively or is a man in the middle (via ARP poisoning or what have you). Because they have the private key, they can advertise themselves as being the router without raising the alarm with your SSH client or browser
3) You provide credentials to the router (or MITM). The credentials are logged by the attacker
4) You proceed to do whatever you intended to do in the router's configuration, and log out.
5) Some time later, the attacker logs into the router as you, and makes nefarious changes to the router configuration (such as uploading compromised firmware which logs traffic, or has a backdoor, etc). Any changes done look like they've been done by the router administrator.

I don't know how likely this is in a work scenario though; I haven't searched the database for common mid-level to enterprise routers/remotely configurable switches. More than likely, in a work situation, you'd be using hardware which generates a key pair upon initial configuration. The scenario above is more likely to apply to SOHO, or to consumer wireless hardware in the home.

Presumably it will allow an attacker the ability to listen passively for traffic between a router administrator and the router itself, allowing the attacker to gather login credentials and use them to whatever ends they intend.

Christmas for me is a formality, where I have to be at a certain place at a certain time with certain people so as to make my family happy.

New Years on the other hand has fewer constraints. Depending on what I feel like doing that year, I can stay in and surf the web in a drunken haze or go out with friends and work on my hangover for next morning.

I'm pretty sure the article has no opinion on the link between the local population size and birth rate (where obviously the birth rate is proportional to the local population size). It means to test people's aptitude to incorrectly jump to a casual link between two related--but definitely not causally related--variables.

ctrl+f "DMCA" in that article doesn't find anything. Has this Righthaven organization heard of the DMCA, and the provisions it provides for relief from copyright infringement? Seems like a textbook case for a DMCA takedown notice. IANAL, but I imagine a judge will take one look at this and say "did you even TRY to work something out with the infringing party before litigating?"

I suppose I should also elaborate that raw sockets are required to make non-standard modifications to the IP header (such as spoofing the IP address).

As I recall, LOIC is for use with Windows machines. If that's the case, the likely reasoning behind not using any identity-concealing techniques is Windows raw socket restrictions. They're flooding web servers, and TCP packets can't be sent with raw sockets, so there's not much else to do other than repeatedly open valid connections (from the Windows platform).

He's "crying" about them stealing a domain he legally paid for.

Agreed on the point of less gossip. Leaks which indicate abuses on the part of the government--such as ordering surveillance of questionable legality or pressuring governments to not serve international arrest warrants--are what should be the highest priority as far as government leaks are concerned. I applaud WikiLeaks for releasing such information, as well as the Iraq War log. But from what I can tell, so far, this information is minimal in the most recent release. It seems that the bulk of this release solely seeks to portray the US in a bad light in a subject matter that's pretty wholly irrelevant (I expect every government uses similar such candid assessments of their foreign counterparts). I'd have wished to see more such evidence of abuse in this release, as they apparently have much more of that in the works.

Parent's comment is a joke about Verizon's apparent inability to do math.