Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:CNNIC (Score 1) 35

by T-ice (#48853957) Attached to: Microsoft Outlook Users In China Hit With MITM Attack
I agree. Hopefully more user agents(MUA and browsers) will come with some system of certificate pinning on by default, just to be on the safe side. I'm confident that would offer motivation to keep CAs honest. And it's quite likely that we'd find a few that aren't so honest. Although, there is still what I call the "lavabit attack" (certificate theft by court action) which, if successfully kept silent, would be completely undetectable.

Comment: Re:I agree (Score 1) 111

by T-ice (#48515961) Attached to: MasterCard Rails Against Bitcoin's (Semi-)Anonymity
With cash I have to authorize every single transaction by reaching into my pocket. With credit/debit card transactions, I only need to have reached into my pocket at some time in the past to pay. Cash and bitcoin put the power over payment back into your hands, instead of the merchant. You, (or someone who stole your key) has to authorize every single transaction. It is true that it makes takesee backsees harder to pull off. But, they're already a pain anyway. Mastercard doesn't provide any recourse for unauthorized transactions, you have to take that issue up with the merchant. They just make it easier for their paying customer to withdraw your money.
Some form of crypto should be used for ALL digital transactions. The fact that when I make a purchase with my MasterCard provides the party that I'm paying enough information to continue making charges whenever they like absolutely infuriates me. It means I have to trust both the integrity as well as the security practices for every place where I use my card. If only we had a technology that could fit on a credit card that could digitally sign a transaction so that a register never sees the key. Maybe that kind of technology will be made available 10 years ago or so.

Comment: Re:Only haters hate, for the most part... (Score 1) 171

by T-ice (#47599441) Attached to: Critics To FTC: Why Do You Hate In-App Purchasing Freedom?
Or another option would be to be able to disable IAP on your phone completely. Or on a per app basis. I use android and wish I could individually revoke permissions from any app. There are MANY apps I've chosen not to download because of required permissions. So many that it's become somewhat of an inconvenience. And in addition to that, after I made my last purchase in the app store (It's not very often) I deleted my CC info from my account. I try to make a point to do that. That way if I do slip up, the IAP will fail. I dislike the entire concept of having payment information stored online. I dislike the ability for an entity withdraw money from my account without my knowledge. I dislike the bank systems that do not require a mechanism for my approval for individual transactions. I feel that doing things the way normal people do them is giving these organizations more control of my assets than I have. My bank has the ability to stop transactions(like when my wife tried to use her card while traveling). When I tried to stop a transaction I didn't authorize, I was told to contact the merchant. When I'm given the options to give up control or don't play, I choose the latter.

Comment: Re:Why does it broadcast *all* SSIDs? (Score 1) 112

by T-ice (#47383759) Attached to: Android Leaks Location Data Via Wi-Fi
Because it's easier to De-auth 1 visible connected client, and listen to the probe requests as it tries to reconnect. I believe that's called SSID decloaking, or something like that. There are enough of the right tools to be able to do this automagically while driving down the road with a laptop and a gps dongle. If there isn't a tool that does all the magic, I'm know that a mix of them could easily make all the necessary output that could be put together after a 2 hour drive through town. People still make wardriving tools. But we have so much wifi now that most would be wardrivers don't make it past the driveway. Long story short, it's even easier than that.

Comment: Re:Well then (Score 1) 251

Oh, but you can. Well it's not exactly the same thing. Have you heard of a femtocell doodad? When I first heard of stingray, I thought back to an interview from a guy at blackhat or defcon, I can't remember which. Anyway, here's a few links. I remember hearing them say that the traffic from the devices communicated w/o encryption to the servers. Supposedly that was fixed, but may very well still have more vulnerabilities like this one.
http://hackaday.com/2012/04/12...
so 1) they already do sell things with retarded capability to consumers
2) the argument "we don't want the criminal element to know we have this kind of capability because they'll know how we find them" is invalid.

http://money.cnn.com/2013/07/1...

http://www.digitaltrends.com/m...

Comment: Re:Outside the range? (Score 1) 212

by T-ice (#46092403) Attached to: Edward Snowden Says NSA Engages In Industrial Espionage
But it's not outside the range of national security as defined by
US Code Title 8 Chapter 12 Subchapter II Part II â Â 1189(d)(2)
the term âoenational securityâ means the national defense, foreign relations, or economic interests of the United States
or you can look it up yourself here
http://www.law.cornell.edu/usc...

Comment: Re:On-the-job training (Score 1) 292

by T-ice (#43220215) Attached to: Ask Slashdot: How To (or How NOT To) Train Your Job Replacement?
Agree with this guy. As a contractor, there really shouldn't be any expectation of long term work. You don't need to teach this guy how to develope, just how to maintain your system. That's it. For example, companies buy MS Office all the time, then hire some guy to maintain the entire network. As opposed to pay microsoft to send a guy out from time to time. Microsoft and Cisco etc, have certification standards so that dumbshits can't just say, "oh, I got this" with absolutely no clue. This reduces the risk of dumbshits tarnishing their companies name when said product fails to work. Basically, they wan't you to give this guy a YOURNAMEHERE certification. I do think you should get some reimbursement for any extra time you spend training this guy. Or you could try to offload some of the tedius tasks onto him and finish ahead of schedule, assuming you're paid for the job rather than the hour. I'm pretty sure that they never intended to keep someone that charges as much as you in the long term. You're expected to find other work at your level until they need something new developed. And if your last job looked shoddy because some kid couldn't maintain it, you aren't getting the next one from this company. Why does microsoft keep in business even with windows 8? Companies don't need a hot shot developer to to maintain it, just some kid fresh out of college will do.

Comment: Re:Attacks on bandwidth caps are shortsighted (Score 1) 213

by T-ice (#43115761) Attached to: ISP Trying Free (But Limited) Home Broadband Plan
Speaking of night and weekends. If we could get a billing arrangement where our night time use wasn't counted, or counted as half it would make billing schemes like this much more tolerable. I still have a habit of saving my larger downloads for when I go to bed anyway, It goes through faster, I'm sleeping while I wait, and it doesn't disrupt my other activities. It will also only disrupt that one other guy up late downloading porn .....also. I have no idea how many users they intend to put on the same node with 1 gb caps. I feel it's safe to say that users who use that little aren't up in the middle of the night on the web. And in that case, without people like us, the network would be completely unused during those times.

The universe is an island, surrounded by whatever it is that surrounds universes.

Working...