Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:I love the attitude (Score 1) 55 55

Simple, the username is to be considered public knowledge. It's visible when entering it everywhere, it may be in ~/.ssh/config, it's not a secret.

Just assume the whole world knows it already. All strength must come from the password either way, so don't even start to treat the username as some sort of secret.

Comment That's what you get... (Score 1) 65 65

That's what you get when offering VPN access must include proper client configs because users are clueless and want to be "secure" by hitting a button.

I guarantee you that I could take the credentials of each and every one of these VPN offers, put them into my router and tunnel all my clients properly(!) without any leaks.

It's not the VPN that is flawed, it's the CLIENT SETUP. For people with a clue, that's a distinction.

Comment Re:OpenBSD (Score 2) 95 95

From http://www.openbsd.org/errata5... (emphasis mine)

009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:

        CVE-2015-1788 - Malformed ECParameters causes infinite loop
        CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
        CVE-2015-1792 - CMS verify infinite loop with unknown hash function

Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one is under review.
For more information, see the OpenSSL advisory.
A source code patch exists which remedies this problem.

Comment Re:Absence?! (Score 3, Insightful) 595 595

NAT has nothing to do with security. What people confuse as security is the fact that NAT is always implemented in the form of NAT+filter, never as just NAT alone. So they think the security comes from the NAT part when in reality, it's the filter part that does the job of keeping the network secure. You can remove NAT and keep the filter and have exactly the same security with IPv6.

If there was such a thing as NAT _without_ a filter, your ISP could simply set a route to your private address space via your external router - since he's the next hop - and access your internal network freely.

If you think NAT has anything to do with security you're just an amateur who knows nothing other than his plastic blackbox "consumer" router, and draw conclusions from what he sees in the user interface of that thing.

How can you do 'New Math' problems with an 'Old Math' mind? -- Charles Schulz

Working...