Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment What security? (Score 4, Informative) 76

According to the linked article from Malwarebytes:

It is different than most of the ransomware present nowadays. Instead of spreading to users and automatically infecting their machines, LeChiffre needs to be run manually on the compromised system. Common scenario of infection is that attackers are automatically scanning network in search of poorly secured Remote Desktops, cracking them, and after logging remotely they manually run an instance of LeChiffre.

Just how good is their security if something that has to be manually run on each system has completely pwned them?

Comment There is something they could do... (Score 1) 172

There is something they could do that's more effective than blocking by IP address - not that I want them to start doing this however...

Apple don't do any checking on your IP address, rather they check the billing address of your credit card. It's a lot more difficult for someone living overseas to get a credit card with a US billing address than it is to get a VPN.
Further, they must do some kind of monitoring of the usage of accounts that have a US billing address but the bulk of the content on the account is delivered to overseas IPs. Whilst they don't block it immediately, sooner or later they simply stop accepting that credit card as a valid payment method. It's not like the credit card is cancelled or blocked, as it still works perfectly for other online purchases, it's just that Apple stop accepting it (and don't really say why, other than it's not a valid payment method)

Netflix could quite easily implement checking the billing address on a credit card - this would possibly be even easier than trying to keep up with ever-changing lists of known VPN endpoint IP addresses. It will also stop more technical users who use something like Azure or AWS to roll their own VPN solution that has an endpoint that will not be on any list of known VPN addresses.

Comment What do you use the penny for? (Score 1) 702

What do you even use a penny for? I'm asking this as a serious question.
Last time I was in the USA, I ended up with a pocketful of pennies that were pretty much useless. Who uses a few pennies to make up the price when paying for something, as opposed to pulling out a couple of bills instead and getting some change.
Even the nickel is debatable if it's worth keeping or not.

More and more transactions are done electronically these days - so you can keep your $x.99 pricing if you want, and if it's an electronic payment, you get charged the exact amount.
If you were to get rid of pennies, then when paying in cash the price would be rounded to the nearest 5c, not on each individual item, but on the total sale. 1c & 2c will always get rounded down. 3c usually gets rounded down (so, is to the benefit of the buyer). 4c and 5c gets rounded up. If you're getting put out at the total price for something being rounded up and costing 2c more than shown on the bill, you've got bigger problems than this.

Comment Re:Inevitable (Score 1) 123

How would you suggest breaking down the different types of certificates to assign them a security level? By the price of the certificate? By the rigour of the verification?

Technically there's no difference between a $0 Lets Encrypt cert, a $5 cert or a $250 Symantec cert - they are all basic SSL certificates and all use similar methods for domain verification (either put a named file in the root of your website, add a particular DNS entry to your domain or reply to email sent to webmaster@ postmaster@ or hostmaster@)

Then there are the green EV certs - they do undergo more rigorous verification of domain ownership, but then they already get the green address bar. When some of the biggest names on the internet, even those that run their own CAs, don't use EV certs, you have to ask yourself what the value is in them?
Does anyone really care if the address bar is green or not? Would anyone notice if one day they went to, say, and the address bar wasn't green?

Comment Re:One would think... (Score 1) 118

I believe encryption is built into Outlook, but I don't use it so can't comment on how easy it is to set it up and enable it.
On OS X however, it is definitely built in to the Apple Mail app.
If you have a private and public keypair for your email address in your keychain (a standard operating-system provided repository for secure items like passwords, keys and certificates) then Mail, without any additional configuration or prompting automatically enables signing and encryption for new emails.

If you're emailing someone for whom you don't have their public key, all you can do is sign the email (there's a button with a check mark in a star to indicate if it's signed or not) If they email you back with a signed email, their public key is automatically imported into your keychain and then from that point on, you can encrypt emails to them (next to the signing button, there's another one with a padlock to indicate the encryption status)

The difficult part is the whole web-of-trust thing involved in getting a digital signature, and the lack of most people's understanding of the importance of this. Oh, and last time I checked, Outlook on Windows was pretty painful when displaying encrypted emails - it doesn't decrypt the email for viewing in the regular message viewer, you have to double-click on the email to open it in a new window to view it. No, this isn't difficult, but when you're emailing people and they get annoyed that they have to double-click on your emails to view them, and not on anyone else's emails and they ask you to please stop doing whatever it is that you're doing that makes it behave that way.

Comment Re:Won't work (Score 1) 481

This is very common in the enterprise market. Fibre Channel switches are shipped with, say, 24 hardware ports and only 12 active. You pay more cash and they unlock the extra ports for you, so you don't need to replace the hardware. IBM have shipped SAN disk storage systems with X+more capacity and only X unlocked. When the customer needs more space, they give IBM more of their hard-earned and IBM unlock the extra capacity that is already on premises.

Comment Re:So MacKeeper is actually real?!? (Score 2) 72

Ah, the old Sunk Costs Fallacy.
My brother in law had a similar issue on his Windows laptop. I determined the cause to the the crap antivirus he was running (either Nortons/Symantec or McAfee).
Told him that it was causing the problem and I was going to uninstall it.
He wouldn't let me because he'd just renewed the subscription for it, so still had 10 months to go.

In hindsight, it was one of the best decisions he made, as from that point forwards I had a valid reason to refuse any computer support whatsoever.

Slashdot Top Deals

The person who's taking you to lunch has no intention of paying.