Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re: Oh boy, another infection vector (Score 1) 230

by MrNaz (#48261511) Attached to: Windows 10 Gets a Package Manager For the Command Line

Perhaps you could have a two tier level of trust where repositories that are from signed approved vendors are automatically permitted, but unlisted ones require specific admin permission to install from. Of course, power users could mark an unlisted certificate as trustworthy to prevent the auth request, but it would prevent installs from silently coming in from hijacked repositories in the scenario described above.

Comment: Re: On the other hand... (Score 2) 700

by MrNaz (#48209309) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.

This is exactly correct. I've experienced this with a radio programming cable with a counterfeit chip supposedly from Prolific. The drivers that Windows automatically downloaded for it caused the device to not function. Rather than stuffing around with the supplier, I simply downloaded an old working driver, uninstalled the new driver, installed the old driver, and done.

Certainly not a job my mother could do, but also not the same as the OEM bricking devices, which would legally be dangerous for them as it could be argued that they were willingly causing property damage.

From a commercial point if view I think it is an appropriate measure, albeit perhaps not the most reasonable from consumers' perspectives.

Comment: Re:Next wave of phishing? (Score 1) 149

by MrNaz (#47612605) Attached to: Gmail Recognizes Addresses Containing Non-Latin Characters

I agree. The real solution is hardened authentication getting baked right into email. I'm all for UTF8 domain names and email user names, however if the email protocol suite is going to be expanded to allow for more features, then I think security should be top of that list.

Sure, for a while, domains that span multiple character sets such as with a Cyrillic o could be spam flagged, however what happens when (not, if, but when) legitimate domains with multiple character sets start appearing? What about domains that use characters restricted to the intersection of two character sets such that they appear to be from one but are in fact from another?

The ONLY answer to this is an email client that can associate a certificate with a domain and checks it against received email as a matter of course. This solution not only has the property of preventing domain spoofing, but also comprehensively solves the spam problem. (It didn't get done earlier because it fell foul of the "requires everyone to agree at the same time" point on that pro forma "Why your proposal won't work" sheet.)

Comment: Re:Awesome! (Score 1) 276

by MrNaz (#47314403) Attached to: Federal Judge Rules US No-fly List Violates Constitution

Actually, this is also incorrect. They do not decide what the law means, there is no decision involved. They attempt, to the most exactingly precise level possible, to determine what congress intended when the law was enacted. It is rare indeed that a law is so vague that it's intent cannot be determined with a reasonable amount of clarity.

Or, should I say, it used to be rare...

System going down at 1:45 this afternoon for disk crashing.