Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment That's what you get... (Score 1) 65

That's what you get when offering VPN access must include proper client configs because users are clueless and want to be "secure" by hitting a button.

I guarantee you that I could take the credentials of each and every one of these VPN offers, put them into my router and tunnel all my clients properly(!) without any leaks.

It's not the VPN that is flawed, it's the CLIENT SETUP. For people with a clue, that's a distinction.

Comment Re:OpenBSD (Score 2) 95

From (emphasis mine)

009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:

        CVE-2015-1788 - Malformed ECParameters causes infinite loop
        CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
        CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one is under review.
For more information, see the OpenSSL advisory.
A source code patch exists which remedies this problem.

"The hottest places in Hell are reserved for those who, in times of moral crisis, preserved their neutrality." -- Dante