Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:i feel sorry for the poor guy. (Score 1) 461

It might not have to be unattended.

In 1992 I traveled through Moscow airport with a pressure cooker with a slide projector inside it (I had trouble keeping my luggage in one suitcase).

When they put it through the airport scanner there was a lot of shouting and they made me take it apart in a corner with concrete walls while three guys was pointing rifles at me.

Comment Re:Pretty much. (Score 1) 225

==
  GPL2:
>You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.

Note that if anyone with copyright over the kernel wins such a suit, the rights to use the kernel are lost for all time ("terminated").
==

That is not what that clause means. For example GPL also says that they not have to accept the license.

What it means, is that they then have distributed the kernel without permission from the GPL.
And they could get in trouble for that.

Comment Re:Anyone can intercept SSH some of the time (Score 2) 278

* SSH users should verify the identity of their systems when they first connect. ...
* We have SSH Honeypots that help us track, understand and respond to SSH attack.

You should have user honeypots. Once in a while present a fake certificate. If the user ignore the wrong fingerprint and type in the correct password, reset the account password.

Comment Re:It freakin' works fine (Score 1) 928

I totally understand why people bother making functionality, I do not need. And I like it, because it means that next time I need something it is probably already there.

What I do not like is that I am being forced (well, pressured, it *is* free software after all) to pay (with computer ressources) for something that I do not need.
 

Comment Re:Silly (Score 1) 87

Well, if you are the third AP owner in your neighborhood that has a network name Linksys or Home Network, you should not get into trouble.

If you named you network Logan Airport because you wanted to gain access to passengers computers, you would be breakting the law in most countries.

If you named you network Logan Airport because you were curious to find out how many would connect to it, well I am not a lawyer, but I would say you were on thin ice.

The problem with faked DHCP-servers is not so much that it can take advantage of bash vulnerabilities, most clients should now be updated and not use Bash. It is worse that they can give you bad DNS-servers. That means that the attacker can then do a MITM attack on every single connection, you make. Encryption helps, but not everything is encrypted, and many user would accept a fake SSL certificate.

If you are worried about fake DHCP servers you should configure your DHCP client to use fixed DNS servers (I use http://censurfridns.dk/). You would still be vulnerable to fake accesspoints and fake DHCP-servers that also gave you a fake gateway, but not to bad DNS-servers.
Unfortunately many networks rely on using DNS to implement captive portals for login and advertizing, so you cannot do it for all networks.

Comment Re:Silly (Score 1) 87

The hotels usually do print the name of their network on flyers, signs etc.
But an attacker does not have to make up fake names, he can just use the legit name.

At an airport you might see:

- Airport Net
- Airport Net
- HP_Printer.

Where "Airport Net" is the legit offices name, that the airport uses.
An attacker then names his AP also "Airport Net".

Then you see:

- Airport Net
- Airport Net
- Airport Net
- HP_Printer.

There is no way to know that one of the "Airport Net" AP's are not run by the airport.

And even worse.
If the attacker takes an AP e.g. a cafe and name it "Airport Net", there is a good chance that someone will automatically connect to it because they used an AP by that name in the airport.

Comment Re:Silly (Score 1) 87

Actually my client does not connect automatically.
Not that i should be a problem, except that it would keep connectiong to networks that I cannot use.

I am telling you that if I stay in a hotel, and I see a network named eg Free_Hotelname_network, then I connect to it and if it works I use it, even though for all I know that network could be running from the laptop of the guy in a room down the hall.

But I should not have care about that. It should not be necessary to trust every DHCP-server I use.

In the same way that I also visit a lot of webservers, that I do not necessarily trust. My browser should not execute insecure bash-scripts.

Comment Re:It freakin' works fine (Score 2) 928

what pulsed solves is not very important problems, for me at least.
But it introduces strange problems, besides eating CPU-cycles and RAM.

For example, I resently spent some time debugging why icedove occasinally froze. It turned out that it was trying to play a sound, but that went wrong because the user starting icedove was not the same as the user starting the desktop even though both were in the audio group.

It should be possible to make pulse work in system mode, but I could not get it to work well. But deinstalling pulseaudio and just using ALSA works perfectly.

Comment Re:Silly (Score 1) 87

In for example an airport you have no way of knowing if it really is the airport that provided the network, you are using.

Even if it is a real airport network, most airport wireless networks are open and unencrypted, so anyone could run their own DHCP server on the network.

In many airport lounges you could just go to the accesspoint and move a few cables to use your own hardware router.

And why should you have to trust airport networks, or networks in cafes, trains, bars, etc?

I think it is reasonable to expect DHCP to be safe.

The best things in life go on sale sooner or later.

Working...