Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:COMAPRISON REQUIRED (Score 1) 64 64

I fail to see how that is relevant to my point.

There are two paths you might wish to take. You want to know the chances of something bad happening in each one, regardless of what each one actually is.

They need to be compared, because as far as the patient is concerned, they are alternatives she needs to chose between.

Shachar

Comment Re:Not exactly like Superfish (Score 1) 289 289

You have to follow the money.

User doesn't update. User gets hacked. How much did user cost Samsung? Nothing.

Use updates. Drivers stop working. User calls Samsung tech-sup. Possibly, user gets told to restore machine, costing user all of their data. User posts bad reviews.

The economy of the matter is that sometimes the drivers mismatch (I'm not sure why this happens) or otherwise fail to work properly. Samsung has very little influence over what drivers get pushed through the update mechanism. When the drivers don't work, it costs Samsung money.

When I worked at Check Point, someone there used to joke that Check Point is in the connectivity business. People know you cannot connect to the Internet without a firewall.....

The truth of the matter is that there is no trade-off between security and usability. An unusable security device will get turned off by the user, resulting in less security. Usability is as important a driver to security as avoiding buffer overruns. Obviously, at least as far as Samsung is concerned, MS isn't doing a good enough job on that front.

Shachar

Comment Not exactly like Superfish (Score 2) 289 289

This is not malicious. It is stupid and ignorant, but not malicious.

This reminds me of when someone got Verisign to issue a signed certificate saying "microsoft.com". Clearly Verisign, and not MS's, fault.

It turned out Microsoft could not issue a revocation, because Internet explorer does not check CRLs. MS's fault, right? Wrong. They were not testing CRLs because verisign would not bring up the web server that issues them, causing each and every SSL connection to time out. MS preferred, reasonably IMHO, to be insecure over not working.

Shachar

Comment Sue them for defamation (Score 1) 180 180

Or is it slander? I'm not a lawyer.

In essence, these sites claim that your site is maleware/spam. This seems to me to be an actionable claim.

Furthermore, winning such a court case would also result in companies not automatically listening to those falsly reporting, or placing a proper appeal process into their blocking procedures.

Shachar

Comment Re:so what about all the *other* stuff? (Score 1) 218 218

It does have a domestic function, but I suspect that's not what you meant. I thought it was implicit in my reply, but here it is explicitly: The NSA does not have any domestic spying function, charter or legitimacy.

Shachar

* By "spying", I mean data collection. Analysis of otherwise legally obtained domestic data is where I'm not sure where I stand. On the one hand, letting a military oriented organization perform police work (and vice versa, e.g. SWAT teams) leads to exactly the sort of bad behaviour we are all glad might soon be over. On the other hand, developing this huge organization specializing with data analysis, and then not using it when you need to seems like a waste.

Where things stand today, where the overstepping is so huge, I understand people's reaction in saying "no, do not let it do anything domestically". Then again, if we were to start from scratch, I could see a function for it as an operational arm carrying out search and computer related eavesdropping warrants for the FBI.

Like I said, I'm not sure where I stand on this.

Comment Re:so what about all the *other* stuff? (Score 4, Interesting) 218 218

No. It does not all die.

First, please remember that the NSA is a spy agency. So long that their targets are legitimate (more on that in a second), they are expected to do everything within their powers to get to it.

Subverting the standards was a low blow, but as the ol' Tennessee saying goes "fool me once.... shame on... you?". Of course, by the time those standards were drafted, the standards body should have already known better (selling Enigma based encryption devices to foreign countries well into the 70's, anyone?). I'm hopeful, however, that we'll get spared "third time a fool".

As for the other activities, well, this is how spying gets done. That is how you spy on people in this day and age. With all of the justified criticism of the NSA, it would still be bad if they couldn't spy at all. They do, in fact, have a function to fulfill, and it is a function that needs fulfilling.

Circling back to who the targets should be. Spying against friendly foreign country leaders is not against the the law, or even, as far as I understand it, against the NSA's charter. It is an extremely foolish thing to do, but I don't think changing the law is the way to handle it.

Shachar

Comment Re:israel? (Score 1) 63 63

100s more storys on this

Why don't you pick ONE that is actually about an actual Israeli company actually backdooring its own products for the Israeli government (or whatever)?

Because that was and is your claim, and neither of the two stories you linked discuss that. The first discusses Skype setting a backdoor, but does not mention Israel in any way or form (and even if it did, Skype is not, and has never been, an Israeli company). The second talks about how the NSA is cooperating with Israeli intelligence, and uses Israeli produced technology. Again, no mention of products shipping to either individual or governmental users being backdoored.

If there are, as you said, 100's of stories, I'm sure you can do better than these two.

still no reason to trust israeli companys.. when it comes to safe software packages

Still bullshit FUD.

Shachar

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Working...