Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:Exaggerated again ... (Score 1) 45

"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."

No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.

"There is absolutely no difference in having a billion devices with the same keys/certificates and trying to use the data of all transmissions to them to crack them (reversal them) versus a singe certificate like google.com's and having billions of connections per day to that single point."

Sure there is. It means if I can pwn ANY of those devices from any vendor then I can attack ALL of them. I as vendor A may have gone to the expense to make sure no one can read my firmware. But cheap ass vendor B over there did not. My software supplier provided the same cert to both of us. Now, a vulnerability in his product can be used to attack mine. THAT is the difference.

Comment I suspect... (Score 3, Informative) 213

... this is a case of the squeaky well gets noticed.

I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.

Neutrinos have bad breadth.