Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Get in line... (Score 2) 341

by Mysteray (#38671478) Attached to: Music Industry Sues Irish Government For Piracy

>> what is the MAFIAA going get?
Why, the Irish people, of course.

Of course, this solution has been proposed before:

I have been assured by a very knowing American of my acquaintance in London, that a young healthy child well nursed, is, at a year old, a most delicious nourishing and wholesome food, whether stewed, roasted, baked, or boiled; and I make no doubt that it will equally serve in a fricasie, or a ragoust.

Comment: I'm the guy who found CVE-2009-3555 renego bug (Score 1) 47

by Mysteray (#37848976) Attached to: New Attack Tool Exploits SSL Renegotiation Bug

This is not a bug. We fixed renegotiation with the RFC 5746 RI extension! That said, SSL has long been known to impose more work on the server than on the client and renegotiations are no different than initial handshakes in this respect.

Servers that accept client-initiated renegotiation make things slightly more efficient for the DoS attacker, it saves him maybe three packets. More significantly, it may bypass mitigations that are only looking for TCP SYN packets. But the attacker's mileage will vary.

Eric Rescorla (SSL/TLS RFC author) has a good blog post about the issue.

Comment: Re:Well that does it. (Score 1) 417

by Mysteray (#36578888) Attached to: Flood Berm Collapses At Nebraska Nuclear Plant
I remember the 70's as a little kid.

There was this popular movie "The China Syndrome" with Jane Fonda about a news crew that just happened to be in the right place at the right time to film a nuclear plant accident from the control room. The company tried to cover it up and the good guys got all activist and stuff.

There was this really weird coincidence where there was an accident at a real nuclear plant (Three Mile Island) at the same time the film was running.

Comment: Re:Not as surprising as it should be (Score 1) 103

by Mysteray (#36505948) Attached to: SSL/TLS Vulnerability Widely Unpatched
Yes, the overall security research community has greatly benefited from some of these large password database disclosures. We've learned a lot about password handling practices both on the back-end (unsalted MD5, or bcrypt?) and users (password crackability). In fact, there has been some overlap in the user base of the breached sites that we can start to look at things like how common password re-use is across multiple sites.

Comment: Re:Is there a better explanation of the fix? (Score 2) 103

by Mysteray (#36505734) Attached to: SSL/TLS Vulnerability Widely Unpatched

I mentioned Qualys' SSL Labs nice test utility in another comment.

The fix is to ask your vendor for a patch for CVE-2009-3555 which implements RFC 5746 Transport Layer Security (TLS) Renegotiation Indication Extension. Responsible vendors will have implemented support for RFC 5746 by now so you may already be patched.

Money can't buy happiness, but it can make you awfully comfortable while you're being miserable. -- C.B. Luce