Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:If only PJ was still running groklaw! (Score 1) 173

by Marillion (#48612889) Attached to: The GPLv2 Goes To Court

I suspected it was last straw. She was looking for an excuse.

That said, however, lawyers in good standing enjoy a legal privilege of being able to discuss matters with clients in confidence and be able to withhold those discussion from the government. If you can't communicate privately the privilege is eviscerated.

Perhaps she wasn't so much worried about herself than the confidential sources she used?

Comment: Re:Locking USB... (Score 4, Informative) 97

by Marillion (#48053575) Attached to: Hacking USB Firmware
Lock Switch? Then you don't understand the problem. The problem is that in many USB Flash are two chips: a computer and memory. The host PC communicates with the USB controller and the controller talks to the memory. Most controllers are just a version of the 8051 CPU with USB logic bolted on. The lock switch would be a high-level function that returns an error on a generic block device write command. Hacking the USB device isn't hacking the flash memory, it's hacking the firmware on the 8051. The Device Firmware Update function of USB that allowed that 8051 computer to be reprogrammed should be disabled.

Comment: Re:Folks.... (Score 2) 185

by Marillion (#48007869) Attached to: Security Collapse In the HTTPS Market

For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for MyBank.com?

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer

Working...