Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Bad idea (Score 1) 385 385

by kestasjk (#48904381) Attached to: FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN

Wait till your corporations trade secrets are leaked because the FBI's collector was insecure.

So the scenario is a someone is selling hard drugs / distributing child porn / etc from a corporate VPN? Wouldn't the FBI just ask the company to provide the logs and wouldn't the company gladly comply?

I don't think corporate VPNs will be much affected/troubled by this.. Only the VPNs that market themselves as hiding internet users are likely to be affected I would say.

Not saying whether that's good or bad, I've not got enough info to know. I would be interested to know why they don't want to give any details in these cases, since I can't think why it should be any more or less private than a regular wiretap (not "hack" as the title misleadingly states).

(It's 2015 and I still need to put <br /> for newlines.. Come on guys.)

Comment: Re:As a content creator and an Australian (Score 1) 109 109

by kestasjk (#46253809) Attached to: Internet Censorship Back On Australian Agenda

.. content creators (a.k.a. Hollywood)

I don't think this is / will be specifically aimed at Hollywood (we Australian's do have a small film industry).. I think that was just a rabble-rousing association made by someone who wants to whip up opposition.

That you're a content creator who wants his work protected and you oppose it because of an implication it's for Hollywood shows how effective this tactic is.


FYI I am also a content creator (software dev), but since I write business software that isn't distributed and my personal software is open-source, I do appreciate the benefits of the status-quot (though the proposal isn't particularly hard-line anyway), I don't have strong views on this. I just wouldn't get too foamy at the mouth about an implied association.

Comment: Re: Idiot pruf (Score 1) 228 228

by kestasjk (#45122871) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
You'd need to exploit the browser in such a way that you can POST to the modem with a custom user agent set, that'd be a pretty serious exploit, and I'd be more worried about that. You could then use the modem to try and trick around with DNS to get on other machines, but it'd be hard to do transparently. It would all have to be pretty well tailored.

Anyway I'm not saying this isn't a security hole that needs to be fixed, but that the idea that this shows the need for increased regulation is nonsense.

Comment: Re:Idiot pruf (Score 1) 228 228

by kestasjk (#45121481) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
I'd be more worried about your level of reading comprehension being recorded for posterity.. "If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you."
  • This bug is only exploitable if you enable WAN administration
  • All internet traffic involving money / confidential data should be (and pretty much always is) encrypted
  • If you are sending important unencrypted data over the wire you can just listen to the wire
  • Do you really want to pay for the routers you buy to go through a bureaucratic process to establish whether the software (including third party software) has been thoroughly tested? Should that include the component parts like the processors, thttpd, linux? What would that legislation look like? How would it be enforced for overseas companies?

You'd probably get equally indignant if such legislation actually passed based on your knee-jerk reaction and US router prices shot up. ("But what about the starving family with only $100 budgeted for their router?")

Comment: Re:And? (Score 1) 228 228

by kestasjk (#45121193) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
And even if they could access his router you would hope confidential business info would be encrypted anyway.. If he was transmitting commercially valuable info unencrypted via his modem and his competitors resorted to spying they could just listen in on the cable leaving the building.

Comment: Re:Will this stupidity ever end? (Score 1) 228 228

by kestasjk (#45121153) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
From d-link.com executive team page: "Born in 1952, Roger Kao graduated from Tamkang University with a degree in Electrical Engineering. He went on to earn his Master’s Degree in Electrical Engineering and Computer Science from National Chiao Tung University where he also served as an Associate Professor."

Really though if you don't know whether third party software embedded in a few of your huge range of products contains a hidden backdoor when a rarely used feature is activated what kind of CEO are you?

Comment: Re:Idiot pruf (Score 0) 228 228

by kestasjk (#45120809) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
Yes government should get involved in the design of routers, and write laws about software code vetting. After all the huge extra costs would be absorbed by the shareholders, not us.

If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you.

Comment: Re:Tor compromised (Score 1) 620 620

Then again since anyone can be a tor node, and there are never enough tor nodes, and tor nodes are more likely to be used for shady activity, it just takes a decent percentage of tor nodes to be compromised and you can pretty quickly build a picture of who common clients are and who they are talking to. For a server it can't be too difficult, with government resources, to track someone down through tor nodes. I'd say with a decent sized botnet and enough time you'd be able to chip away at anonymity without much difficulty.

FORTRAN rots the brain. -- John McQuillin

Working...