Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re:Just Askin' (Score 1) 367

by nyet (#49203349) Attached to: Come and Take It, Texas Gun Enthusiasts (Video)

"Well regulated", relevant or not, means well equipped and trained. Always has. Not sure what you think it means, you haven't said.

As far as "consequences" go, the states with the strongest laws have the highest incidence of violent crime.

You sure you want to trot out the fallacy that prohibition is effective? Didn't work out very well for alcohol, utterly failed for MJ.

Comment: Re:Just Askin' (Score 1) 367

by nyet (#49203167) Attached to: Come and Take It, Texas Gun Enthusiasts (Video)

The definition of "well regulated" has not changed, and Heller/McDonald specifically dismantle the infantile "militia" argument:

[T]he activities [the Amendment] protects are not limited to militia service, nor is an individual's enjoyment of the right contingent upon his or her continued or intermittent enrollment in the militia.

Furthermore, under US v. Miller, the 2nd Amendment covers arms "commonly used for self defense", which certainly does not exclude "military" weapons, especially since the 2A specifically protected state of the art (at the time) firearms equipped by infantry.

There is basically nothing about your post which is even remotely factual - just typical partisan whining.

Comment: Re:How's this any different... (Score 2, Informative) 114

by nyet (#49114115) Attached to: Lenovo Hit With Lawsuit Over Superfish Adware

This fine bloatware didn't merely act as an MiTM, it do so so incompetently that it exposed the user to basically any MiTM attack on an SSL connection(the root cert it used to sign bogus certificates was identical across every installation and effectively unprotected and the MiTM component would re-sign any cert handed to it, even an invalid one, opening the user to downright trivial MiTM attacks.

Many "enterprise" (lol) class proxies (deployed by corporations to "protect" their internal networks") do the exact same thing.

Comment: Re:Block off programmatic access to cert trust. (Score 1) 113

There shouldn't be any ability to tamper with the OS so fundamentally and so easily.

Guess what? If you use a windows machine at work, your boss can already install whatever bogus root CA's he wants into your machine without you knowing it, via GP. And he'll claim he has to, because w/o it, the corporate proxy can't MITM you.

Comment: Re:Block off programmatic access to cert trust. (Score 1) 113

That is a feature, not a bug. The whole point to Windows GP is to allow your boss to push bogus root CAs into your work machines' store (without you knowing it, let alone preventing it) so the corp proxy can MITM sniff all of your https traffic at will. Remove that ability, and expect your local PHB to whine incessantly.

Never mind that the idiots running the IT dept have no clue how bad it is to deploy a CA that can automatically sign forged certs arbitrarily. And most employees are clueless enough to never bother checking their trust root CA list.

Unrestricted MS group policy push means all of TLS/SSL is a complete sham.

Hopefully this Superfish fiasco will bring this to light, However, I am not optimistic, given the quality of reporting on it so far, and the fact that employers do not want their employees to know exactly how much the corporate proxy has compromised the entirety of internet security.

I know the response is "well just trust your IT dept, they won't let their bogus root CA priv key fall into the wrong hands; corporate proxies are for your own good".


Comment: Re:Other computer manufactures (Score 1) 134

by nyet (#49104061) Attached to: Homeland Security Urges Lenovo Customers To Remove Superfish

Superfish is just the tip of the iceberg.

Corrupting a Windows machine's CA store is very common in "enterprise" environments where your employer wishes to proxy all outgoing SSL/TLS connections.

The fact that most people are completely unaware of this is disturbing, but unsurprising.

Comment: Re:What are the actual risks to your network? (Score 1) 114

by nyet (#49089337) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

No, in this case, knowing the host key would let you pose as the host.

Then again, you don't even generally need the host key to post as the host because 9 times out of 10 nobody actually verifies that the presented host key matches the expected host key.

If the host is unknown, generally they simply assume the key is correct.
If the last stored key and doesn't match the one presented, they generally ignore the error that ssh spews telling you of a potential MITM attack.

You cannot have a science without measurement. -- R. W. Hamming