Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:So, what's the big deal (Score 2, Informative) 300

by agwadude (#26213047) Attached to: Perfect MITM Attacks With No-Check SSL Certs

SSL is not supposed to be preventing MITM nor is it supposed to be for identifying purposes.

I disagree. Why else does SSL have certificate signing capabilities? SSL even has client-side certificates for client identification, though it isn't widely used in HTTPS. In order for any asymmetric cryptosystem to work you need to exchange public keys, and you always have to establish some kind of trust system for those keys.

We have other technologies for that like PGP but the internet relies on anonymity so you're never 100% sure that you're going to talk to the correct persons.

Hence the need for SSL.

Even with PGP, your initial communications will have to be trusted (eg. you personally hand over or get a key) or any subsequent communications will be compromised. SSL doesn't even go that far because every communication is viewed as an initial communication. If the certificate is re-signed or changed to another CA the next day, your browser will not complain as long as that CA is in it's trusted root certificates.

This is a fault of how the key management in SSL has been implemented in web browsers, but says nothing about the technology itself. Two examples of systems using SSL with better (but less convenient) key management systems are OpenSSH and OpenVPN.

It's the browsers fault and the CA's as well (with VeriSign the biggest) by asserting that SSL certificates can be used to authenticate an entity rather than a communications.

There's a middle ground between "entity" and "communications." Yes, it is very difficult to verify that a certificate is being issued to the entity "Bank of America," but it should not be hard to verify that you're issuing a certificate to the domain name www.bankofamerica.com. And the latter is all you need to protect against MITM.
Censorship

Aussies Hit the Streets Over Gov't Internet Filters 224

Posted by CmdrTaco from the thinking-of-the-children dept.
mask.of.sanity writes "Outraged aussies will hold simultaneous protests across Australia in opposition to the government's plans for mandatory ISP internet content filtering. The plan will introduce nation-wide filtered internet using blacklists operated by a government agency, away from public scrutiny. Politicians and ISPs will join protesters in the streets to voice their opposition to the government's plan, which has ploughed ahead, despite intense criticism that the technology will crippled internet speeds and infringe on free speech. Opponents said the most accurate filter chosen by the government will incorrectly block up to 10,000 Web pages out of 1 million."
Security

The Trap Set By the FBI For Half Life 2 Hacker 637

Posted by timothy from the well-deserved-shadenfreude dept.
eldavojohn writes "You might remember the tiny news that Half Life 2 source code was leaked in 2003 ... it is the 6th most visited Slashdot story with over one kilocomment. Well, did anything happen to the source of the leak, the German hacker Axel 'Ago' Gembe? Wired is reporting he was offered a job interview so that Valve could get him into the US and bag him for charges. It's not the first time the FBI tried this trick: 'The same Seattle FBI office had successfully used an identical gambit in 2001, when they created a fake startup company called Invita, and lured two known Russian hackers to the US for a job interview, where they were arrested.'"
Robotics

Packs of Robots Will Hunt Down Uncooperative Humans 395

Posted by Soulskill from the you've-been-warned dept.
Ostracus writes "The latest request from the Pentagon jars the senses. At least, it did mine. They are looking for contractors to 'develop a software/hardware suite that would enable a multi-robot team, together with a human operator, to search for and detect a non-cooperative human subject. The main research task will involve determining the movements of the robot team through the environment to maximize the opportunity to find the subject ... Typical robots for this type of activity are expected to weigh less than 100 Kg and the team would have three to five robots.'" To be fair, they plan to use the Multi-Robot Pursuit System for less nefarious-sounding purposes as well. They note that the robots would "have potential commercialization within search and rescue, fire fighting, reconnaissance, and automated biological, chemical and radiation sensing with mobile platforms."
Space

Small Asteroid On Collision Course With Earth 397

Posted by kdawson from the big-kaboom dept.
musatov writes "There's talk on The Minor Planet Mailing List about a small asteroid approaching Earth with a 99.8% probability of colliding. The entrance to the Earth's atmosphere will take place October 7 at 0246 UTC (2:35 after this story goes live) over northern Sudan, releasing the energy of about a kiloton of TNT. The asteroid is assumed to be 3-4 meters in size; it is expected to burn up completely in the atmosphere, causing no harm. As a powerful bolide, it may put on quite a show in the sky. For those advanced enough in astronomy to observe, check the MPEC 2008-T50 and MPEC 2008-T64 circulars. NASA's JPL Small Body Database has a 3D orbit view. The story has been already picked up by CNN and NASA."
Software

Norwegian Standards Body Members Resign Over OOXML 208

Posted by Soulskill from the take-this-job-and-shove-it dept.
tsa writes "Ars Technica reports that 13 of the 23 members from the technical committee of the Norwegian standards body, the organization that manages technical standards for the country, have resigned because of the way the OOXML standardization was handled. We've previously discussed Norway's protest and ISO's rejection of other appeals. From the article: 'The standardization process for Microsoft's office format has been plagued with controversy. Critics have challenged the validity of its ISO approval and allege that procedural irregularities and outright misconduct marred the voting process in national standards bodies around the world. Norway has faced particularly close scrutiny because the country reversed its vote against approval despite strong opposition to the format by a majority of the members who participated in the technical committee.'"
PC Games (Games)

Referee Recommends Disbarment For Jack Thompson 280

Posted by timothy from the disbar-is-such-a-harsh-word dept.
spielermacher writes "GamePolitics is reporting that Jack Thompson — the lawyer every gamer loves to hate — has apparently lost his court case and is facing disbarment. The Referee in the case has gone beyond the Florida Bar's request for a 10-year disbarment and is recommending a lifetime ban. From the Final Report issued by the court: '... the Respondent has demonstrated a pattern of conduct to strike out harshly, extensively, repeatedly and willfully to simply try to bring as much difficulty, distraction and anguish to those he considers in opposition to his causes. He does not proceed within the guidelines of appropriate professional behavior ...' All I can say is that it's about time."
Cellphones

Smartphones For Text SSH Use — Revisited 374

Posted by kdawson from the extremely-mobile-sysadmins dept.
jfischet writes "Back in 2005 a Slashdot user asked this question and the responses were helpful — but I'd like to ask again to see what has changed in three years. I'd like to know what this community thinks is the best choice of smartphone for remotely administering Linux/UNIX boxes via SSH."

Comment Re:Yup (Score 2, Informative) 1021

by agwadude (#23421226) Attached to: Securing Your Notebook Against US Customs

I'm as libertarian free-rights paranoid as the next slashdotter (while not quite), but a healthy dose of history here. Customs, border crossings, etc. have never had anything to do with democratic values

Completely incorrect. Many of the British actions to diminish liberty in the 1700s were directly related to enforcing customs and duties: writs of assistance, vice-admiralty courts, etc. The Founding Fathers were reacting in part against British regulation of customs and duties so many of the "democratic values" like the 4th Amendment, the requirement that trials be held in the locality where the crime was committed, etc, were in fact developed in response to customs enforcement.

The most poignant example is writs of assistance. These were open-ended search warrants that authorized the holder to conduct any search whatsoever and were issued to British customs officers in the colonies to catch smugglers. They outraged the colonists, who saw them as an affront to their liberty, and directly led to the requirement for specific search warrants in the early state constitutions and later in the 4th Amendment.

I find it most ironic that the restrictions on search warrants came in response to arbitrary customs enforcement by British customs officers, but today no restrictions at all apply to searches by American customs officers. Whatever court ruled that the 4th Amendment doesn't apply to border crossings ignored significant precedence to the contrary.

See Writ of Assistance in Wikipedia for a pretty decent overview.
Hardware

How to Say Goodbye to Old Hard Drives? 337

Posted by ScuttleMonkey from the get-creative dept.
An anonymous reader writes "I'm wondering if anyone else out there has a stack of old hard drives sitting around and doesn't know what to do with them. I always remove the hard drives of my parents' and friends' computers before they recycle them or get a new computer, so now I've got a whole bunch sitting around. One, I'd like to dispose of them and know that whatever data was there is gone, but before that, I'd like to hook them up, one by one, and scan them to make sure there's nothing vital there worth saving. Some are years old and may be totally dead for all I know, but is there a good system for hooking up a hard drive as an additional device, perhaps via USB? And what's a pretty good way to ensure that someone else won't pull them out later on and find usable data?" Well to start with you could always use your hard drives to make electricity or create a decorative wind chime. There are also many different options to ensure that your data doesn't fall into the hands of the enemy. What other suggestions can folks come up with?
Networking

Comcast Promising Ultra-Fast Internet 314

Posted by kdawson from the whole-lotta-hd-video dept.
Espectr0 writes "Comcast's CEO Brian Roberts gave The Associated Press a preview of his speech for the Consumer Electronics show, and said that Comcast expects to demonstrate a technology that delivers up to 160 megabits of data per second over cable. At that speed you could download a high-definition copy of 'Batman Begins' in four minutes. The technology, DOCSIS 3.0, will start rolling out this year." Here's a note about Cisco's announcement of their DOCSIS 3.0 cable modem.

PC Mag Slams Cheap Wal-Mart Linux Desktop 671

Posted by Zonk from the not-all-that-the-penguin-could-be dept.
An anonymous reader writes "PC Magazine reviews the $200 Linux desktop wonder sold by Wal-Mart. This desktop sold out quickly and has been cited as proof that consumers are tired of the Windows tax and ready for Linux. Not so according to PC Magazine, which gave the gPC a 1.5 star rating." Previous discussions we've had about system reviews were realistic but not quite so harsh; is this just nitpicking or is the 'shiny' starting to wear off of the cheap Linux PC concept?
Transportation

Airlines to Offer In-Flight Internet Service 181

Posted by Zonk from the can't-ever-get-away-from-the-email dept.
Ponca City, We Love You writes "JetBlue Airways will soon begin testing a free e-mail and instant messaging service on one aircraft, while American Airlines, Virgin America and Alaska Airlines plan to offer a broader Web experience in the coming months, probably priced at about $10 a flight. A recent survey found that 26 percent of leisure travelers would pay $10 for Internet access on a two-to-four-hour flight and 45 percent would pay that amount for a flight longer than four hours. The airlines plans to turn their planes into the equivalent of a wireless hot spot once the aircraft reaches its cruising altitude but service will not be available on takeoff and landing. While the technology could allow travelers to make phone calls over the Internet, most carriers say they have no plans to allow voice communications."
Privacy

Firefox 3 Antiphishing Sends Your URLs To Google 296

Posted by kdawson from the clickstream-of-the-world dept.
iritant writes "As we were discussing, Gran Paradiso — the latest version of Firefox — is nearing release. Gran Paradiso includes a form of malware protection that checks every URL against a known list of sites. It does so by sending each URL to Google. In other words, if people enable this feature, they get some malware protection, and Google gets a wealth of information about which sites are popular (or, for that matter, which sites should be checked for malware). Fair deal? Not to worry — the feature is disabled by default."
The Internet

Creationists Silence Critics with DMCA 585

Posted by Zonk from the they-need-dirty-tricks dept.
Gothmog of A writes "As Richard Dawkins' offcial site reports, an organization called Creation Science Evangelism Ministries has been submitting DMCA copyright requests to YouTube. This has resulted in the Rational Response Squad (RRS) being banned after they protested against videos being taken down and accounts being closed. The RRS videoes attack creationism (AKA intelligent design) and promote the atheist viewpoint. According to the RRS, the copyright requests are without merit since the material in question is covered by fair use or has been declared to be in the public domain. Behind Creation Science Evangelism Ministries is the infamous Kent Hovind (AKA Dr. Dino) who is currently serving jail time for tax evasion."

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close