Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: That's what you get... (Score 1) 65 65

That's what you get when offering VPN access must include proper client configs because users are clueless and want to be "secure" by hitting a button.

I guarantee you that I could take the credentials of each and every one of these VPN offers, put them into my router and tunnel all my clients properly(!) without any leaks.

It's not the VPN that is flawed, it's the CLIENT SETUP. For people with a clue, that's a distinction.

Comment: Re:OpenBSD (Score 2) 95 95

From (emphasis mine)

009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:

        CVE-2015-1788 - Malformed ECParameters causes infinite loop
        CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
        CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one is under review.
For more information, see the OpenSSL advisory.
A source code patch exists which remedies this problem.

Comment: Re:Absence?! (Score 3, Insightful) 595 595

NAT has nothing to do with security. What people confuse as security is the fact that NAT is always implemented in the form of NAT+filter, never as just NAT alone. So they think the security comes from the NAT part when in reality, it's the filter part that does the job of keeping the network secure. You can remove NAT and keep the filter and have exactly the same security with IPv6.

If there was such a thing as NAT _without_ a filter, your ISP could simply set a route to your private address space via your external router - since he's the next hop - and access your internal network freely.

If you think NAT has anything to do with security you're just an amateur who knows nothing other than his plastic blackbox "consumer" router, and draw conclusions from what he sees in the user interface of that thing.

+ - Sourceforge staff takes over a user's account and wraps their software installer-> 11 11

An anonymous reader writes: Sourceforge staff took over the account of the GIMP-for-Windows maintainer claiming it was abandoned and used this opportunity to wrap the installer in crapware. Quoting Ars:

SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements.

Link to Original Source

Comment: Re:Stupid-Tax (Score 1) 358 358

But it is possible to freeload on... publicly served data? You're not making any sense.

I request, they serve. I can do whatever I want with their data on my machine. There's not even a contract here.

"Unspoken understanding" in the context of a multi-million dollar faceless corporation. That actually made me chuckle. They're the first ones to break the unspoken understanding of paying proper taxes for example and I'm supposed to let them infest my machine with bullshit? GTFO.

Go and make me sign a contract or don't serve your shit freely. Easy.

There must be more to life than having everything. -- Maurice Sendak