Forgot your password?
typodupeerror

Comment: Re:As a content creator and an Australian (Score 1) 109

by kestasjk (#46253809) Attached to: Internet Censorship Back On Australian Agenda

.. content creators (a.k.a. Hollywood)

I don't think this is / will be specifically aimed at Hollywood (we Australian's do have a small film industry).. I think that was just a rabble-rousing association made by someone who wants to whip up opposition.

That you're a content creator who wants his work protected and you oppose it because of an implication it's for Hollywood shows how effective this tactic is.


FYI I am also a content creator (software dev), but since I write business software that isn't distributed and my personal software is open-source, I do appreciate the benefits of the status-quot (though the proposal isn't particularly hard-line anyway), I don't have strong views on this. I just wouldn't get too foamy at the mouth about an implied association.

Comment: Re: Idiot pruf (Score 1) 228

by kestasjk (#45122871) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
You'd need to exploit the browser in such a way that you can POST to the modem with a custom user agent set, that'd be a pretty serious exploit, and I'd be more worried about that. You could then use the modem to try and trick around with DNS to get on other machines, but it'd be hard to do transparently. It would all have to be pretty well tailored.

Anyway I'm not saying this isn't a security hole that needs to be fixed, but that the idea that this shows the need for increased regulation is nonsense.

Comment: Re:Idiot pruf (Score 1) 228

by kestasjk (#45121481) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
I'd be more worried about your level of reading comprehension being recorded for posterity.. "If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you."
  • This bug is only exploitable if you enable WAN administration
  • All internet traffic involving money / confidential data should be (and pretty much always is) encrypted
  • If you are sending important unencrypted data over the wire you can just listen to the wire
  • Do you really want to pay for the routers you buy to go through a bureaucratic process to establish whether the software (including third party software) has been thoroughly tested? Should that include the component parts like the processors, thttpd, linux? What would that legislation look like? How would it be enforced for overseas companies?

You'd probably get equally indignant if such legislation actually passed based on your knee-jerk reaction and US router prices shot up. ("But what about the starving family with only $100 budgeted for their router?")

Comment: Re:Will this stupidity ever end? (Score 1) 228

by kestasjk (#45121153) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
From d-link.com executive team page: "Born in 1952, Roger Kao graduated from Tamkang University with a degree in Electrical Engineering. He went on to earn his Master’s Degree in Electrical Engineering and Computer Science from National Chiao Tung University where he also served as an Associate Professor."

Really though if you don't know whether third party software embedded in a few of your huge range of products contains a hidden backdoor when a rarely used feature is activated what kind of CEO are you?

Comment: Re:Idiot pruf (Score 0) 228

by kestasjk (#45120809) Attached to: D-Link Router Backdoor Vulnerability Allows Full Access To Settings
Yes government should get involved in the design of routers, and write laws about software code vetting. After all the huge extra costs would be absorbed by the shareholders, not us.

If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you.

Comment: Re:Tor compromised (Score 1) 620

Then again since anyone can be a tor node, and there are never enough tor nodes, and tor nodes are more likely to be used for shady activity, it just takes a decent percentage of tor nodes to be compromised and you can pretty quickly build a picture of who common clients are and who they are talking to. For a server it can't be too difficult, with government resources, to track someone down through tor nodes. I'd say with a decent sized botnet and enough time you'd be able to chip away at anonymity without much difficulty.

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.

Working...