Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

+ - Serious flaws in NTP (the application, not the protocol) need to be patched 3

Submitted by hawkinspeter
hawkinspeter (831501) writes "A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things."

Comment: Re:Pictures not just on device (Score 1) 299

The librarian analogy is false. It's already illegal to give pornography to a minor, a new funding bill wouldn't change that.

Law enforcement has already shown a propensity to do questionable things regarding cellphones. See Stingray and their attempts to search phones without warrants that led to the recent Supreme Court case. Are there existing laws that make it illegal for law enforcement to brick a phone in California? This one just doesn't say. Give them an inch they'll take a mile.

What of others? Can a carrier brick your phone for late payment? Can they brick your phone if you refuse onerous changes to their contract terms mid-contract? If not, what penalties are there for doing so? If you don't think carriers wouldn't screw people over like that, see this article:

Comment: Re:Pictures not just on device (Score 1) 299

Does the bill specifically say police may use the kill switch? If so, what penalties are prescribed if they do?

I can't imagine that if a law enforcement agency called, say Verizon, and said kill the phone with number 555-555-1234, that Verizon would say no to them.

Comment: Re:Why such paranoia ? (Score 1) 299

I'm repeating myself from a previous comment, but...

There are already rules as to what the police can and cannot do when seizing a phone... see the recent Supreme Court case.
There don't appear to be any rules as to when/how/if police can use the "kill switch" and it's not defined as to how much or how little they need to know about you to have it bricked. Do they only need a phone number? Something else? Who knows, the law doesn't say. It leaves implementation totally up to the carriers and manufacturers. And they would *never* mess things up would they?

Good point about cell towers and Stringray, they're definately bigger concerns for the time being. We'll have to see how this law is actually implemented.

Comment: Re:Why such paranoia ? (Score 1) 299

There are already rules as to what the police can and cannot do when seizing a phone... see the recent Supreme Court case. There appear to be no rules as to when/how/if they can use the "kill switch".

I totally agree about script kiddies... as I said in one of my earlier posts on this thread, that's the bigger concern I have.

The gent who wakes up and finds himself a success hasn't been asleep.