Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment We're blowing it. (Score 2) 113

Every time we let ISIS know that their communications are not private, we lose a potential source of intel and drive them closer to actually using some proper form of communication.

What would you rather have, someone on twitter saying "Come Join ISIS" where it's easy for local/federal authorities to investigate, or something like freenet where there isn't a chance to intercept, let alone trace, the data. Don't you think that a good percent of the Pro-ISIS twitter accounts were honeypots?

/the sound of me golf clapping

Comment Re:Frivolous Case (Score 1) 344

I agree the judge should dismiss. I agree that new OS's are going to run slower on older hardware.
I agree with others that Apple needs to fix the downgrade issue. I agree with others that iOS9 performance and stability is unacceptable on my iPad 3.

Hopefully, this suit will at least get Apple to take notice and support their legacy users so that we feel like we're getting a good value.

Comment Re:How interested is Apple in selling stuff in Chi (Score 1) 170

then Apple will comply with the laws of China.

As most of us have found out when going for PCI compliance, the best way to protect data is often not to possess it. If the keys are generated by the consumer, than it is the consumer that needs to hand over the keys, and not Apple. My understanding is that Apple cannot decrypt customer data, even if they wanted to, as only the customers possess the key(s) to do so.

Comment Re:Don't trust the gov to use good technical solut (Score 1) 470

But don't you realize that leaving a port open on her home server makes her history's greatest monster? Clearly, you're not paying attention to the GOP debates.

Yeah, the moment I read the article I checked all of the servers in our enterprise for these nefarious "open ports". I needed to shut down 5000 servers because our tomcat servers have port 8080 wide open! Our web servers have port 443 open! I must have already been hacked because I lost connectivity when I closed down port 22 on all servers.

Comment Re:Revoke the certificate (Score 1) 69

Why did you even mention "user to authorize the installation" even mentioned? That has not been an acceptable excuse for those platforms, why change now?

The user needs to authorize the installation (of an enterprise certificate into the iOS devices certificate trust store). I mention it because the article mentions it, and it is pretty much counter to what the Slashdot summary implies.

It almost looks like everyone's so hot for a real exploit that these 'rogue certified applications' and their developers are getting overblown.

Ultimately, the solution is al the same. Apple adds the rogue cert(s) to their CRL. Done.

Comment Re:A certificate that isn't used is pointless (Score 2) 69

Doesn't matter. If there is a security flaw where a certificate has been compromised then the only correct response it revoke the certificate. Yes this could be highly inconvenient but the danger of not revoking the certificate and disabling the vulnerability is worse. A certificate that isn't revoked when necessary is worse than useless. If the danger does not justify a certificate then what is the point of issuing one in the first place?

Indeed. In this case, it appears that the owner of the certificate (Yingmob Interaction Technology Co) is the author of the malware. Apple will likely revoke the certificate, revoke their developer credentials, blacklist/flag the developers that are on the corporate account, and seek civil penalties.

If the cert belonged to a big enterprise company like HP/IBM, you're still absolutely correct. Apple would revoke the certificate, and HP/IBM would thank them and apologize for their ineptitude at keeping their PrivKey safe.

Comment Re:Revoke the certificate (Score 1) 69

I wholeheartedly agree with the certificate revocation solution. I would take it a step further and charge penalties to the enterprises whose compromised certificate was used to sign the app. Make Beijing Yingmob Interaction Technology Co., Ltd. Pay for the mess.

Also note that iOS 9 requires the user to authorize the installation.

Comment This will likely never be fully OSS (Score 3, Interesting) 47

Like the saying goes.... Fool me once, shame on you. Fool me a dozen times over the course of two decades, shame on me. I fully expect to be nickel'ed and dime'ed over features like clock-speed, GPU, video transcoding, and thermal management until well after the product's lifecycle.

Comment Re:But what about the books? (Score 1) 130

Do you want to be responsible for that? You better require everyone entering the Library to ask you for the book, so that we can track it.

We had better start requiring registration for callers 911 as well, since the police are now being used as a weapon via swatting attacks.

Comment Freenet (Score 1) 144

Freenet:
https://freenetproject.org/

Freenet freenet, freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet free-net freenet freenet freenet freenet freenet. Freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet. Freenet freenet freenet freenet freenet freenet freenet freenet freenet freenet free-net freenet.

Freenet, Freenet Freenet

Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition.

Slashdot Top Deals

Earth is a beta site.

Working...