Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

+ - Serious flaws in NTP (the application, not the protocol) need to be patched 3

Submitted by hawkinspeter
hawkinspeter (831501) writes "A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things."

Comment: Re:Pictures not just on device (Score 1) 299

The librarian analogy is false. It's already illegal to give pornography to a minor, a new funding bill wouldn't change that.

Law enforcement has already shown a propensity to do questionable things regarding cellphones. See Stingray and their attempts to search phones without warrants that led to the recent Supreme Court case. Are there existing laws that make it illegal for law enforcement to brick a phone in California? This one just doesn't say. Give them an inch they'll take a mile.

What of others? Can a carrier brick your phone for late payment? Can they brick your phone if you refuse onerous changes to their contract terms mid-contract? If not, what penalties are there for doing so? If you don't think carriers wouldn't screw people over like that, see this article:

http://tech.slashdot.org/story...

Comment: Re:Pictures not just on device (Score 1) 299

Does the bill specifically say police may use the kill switch? If so, what penalties are prescribed if they do?

I can't imagine that if a law enforcement agency called, say Verizon, and said kill the phone with number 555-555-1234, that Verizon would say no to them.

Comment: Re:Why such paranoia ? (Score 1) 299

I'm repeating myself from a previous comment, but...

There are already rules as to what the police can and cannot do when seizing a phone... see the recent Supreme Court case.
There don't appear to be any rules as to when/how/if police can use the "kill switch" and it's not defined as to how much or how little they need to know about you to have it bricked. Do they only need a phone number? Something else? Who knows, the law doesn't say. It leaves implementation totally up to the carriers and manufacturers. And they would *never* mess things up would they?

Good point about cell towers and Stringray, they're definately bigger concerns for the time being. We'll have to see how this law is actually implemented.

Comment: Re:Why such paranoia ? (Score 1) 299

There are already rules as to what the police can and cannot do when seizing a phone... see the recent Supreme Court case. There appear to be no rules as to when/how/if they can use the "kill switch".

I totally agree about script kiddies... as I said in one of my earlier posts on this thread, that's the bigger concern I have.

Comment: Re:Why such paranoia ? (Score 1) 299

If they data isn't wiped, it's still present in the flash and it can be recovered one way or another. Why wouldn't they protect against both, phone reuse and data theft? If this law prevents you from remote wiping your data, or leaves you to choose between wiping the data or preventing reuse, it's even stupider than I thought.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...