Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re:Security (Score 3, Interesting) 56 56

Why does /. even bother posting Microsoft stories? It just brings out the cynical doomsayers who still live like it's 1995.

As a Microsoft Doomsayer, I'm not immune from jumping on this article to predict the future of how new zero day's will result in the mass pwning of Grandma's computers everywhere. That being said, I'm not blind to the fact that Apple is gaining an increased market share and that as time goes on, they will become an increasingly targeted platform as the profitability (be it in information or money) increases. Microsoft does have what appears to be a more responsive patch process than Apple. Apple is very slow at responding to reported exploits (albeit, Microsoft has been known to half-ass patch and to sit on patches as well). In any case, my biggest issue with this report is I'm curious how much community involvement Microsoft had with the development of this new protocol. In the past, they just create crap in-house without the involvement of industry partners (sometimes even closing them out of those conversations). The problem with this is there is less industry oversight on potential weaknesses and less input on modifications that can strengthen the underlying protocol. Protocols in particular are not something that needs to be developed by a small team of engineers without support of the industry as a whole, less you get protocols like SMTP (who's author is on record of apologizing profusely for not building in security). So, as a Microsoft doomsayer, I shall sit back and wait with my "I told you so" in my back pocket. In the meantime, IE/Edge/whatever the hell they want to call it can stay off my computer thank you very much.

Comment: Does this really surprise us? (Score 2) 50 50

With every major Nation in the world trying to glean intelligence from Tor, every major law enforcement agency trying to track down child porn and drugs, and several very high profile leaks involving highly classified information that have caused extreme harm to several western countries (the US not being the only one), and with several academic professors intrigued; does it not surprise us that the protocol of Tor (to include Bridges and Hidden Services) would be analyzed and profiled to the tiniest of details to determine areas of exploitation of the protocol?

Comment: But it might (Score 1) 55 55

The problem with this idea is that as TPB migrates to additional domains, it leaves open a few possibilities. First, sites opposed to TPB will create malicious sites to try and spoof TPD to collect data, spread malware, and otherwise degrade the services that TPB offers. Second, while rapid DNS techniques are well implemented in malware like botnets, it's not a capability that the average Joe can keep track of, so without some form of front end that can track and change with the rotating DNS entries, people will get frustrated and stop using the service. And this is exactly what the opposition wants. It's time that many of these types of technologies go through redesign again. And they must be redesigned from the protocol level. TPB succeeded where Napster didn't because the content being traded was not hosted with TPB. But they are still centrally located for the purpose of search and front end to the users. Anytime a bellybutton can be poked, it will be. So the protocol must be designed to prevent ANY centralized management. Next, any protection mechanisms (trust models, etc) that are built into the protocols used must be extremely well thought out. When analyzing for protocol weakness, rules matter. If only certain nodes are allowed to be "trusted" ,then you can better bet that those wishing to exploit it will design a node to be trusted. Protocols must also be non-differential at all levels, from the handshake of the SSL layer down to the initial HELO to the transmission characteristics of how it sends data. If the protocol can be differentiated, it can be blocked, tracked, hacked, or otherwise interfered with. Simply wrapping it in Tor isn't going to work. There are ample talks out there on how Tor traffic can be characterized and interfered with.

+ - Bittorrent brings Bleep ->

mitcheli writes: From the "Not-on-my-watch" Dept:
If you want the security of knowing your voice, text and picture messages can’t be intercepted, direct peer-to-peer communication with end-to-end encryption is the gold standard: and that’s what BitTorrent offers with its Bleep app. Every conversation is between you and your friends. There is no cloud to hack because messages are never stored in the cloud. For text messages and photos, Bleep offers the choice of Whispers – where both text and images disappear when they’ve been read – and Messages, which stores them locally on the device. You can also make voice calls with the same peer-to-peer encrypted technology

Link to Original Source

Comment: Re:Minecraft Mods (Score 5, Informative) 315 315

Minecraft Mods are an excellent way. My youngest latched onto those with no issues. Ironically, I tried to teach my 13 year old Apple's Swift language and he was totally uninterested, but mu youngest is latching right onto it, finding ways to modify our test game we're working on, and reciting back to me what objects, methods, and attributes are. I think he even understands inheritance and method overrides. He's got the tree structure of nodes in SKNodeKit down as well. And he's 9. And to think, the 13 year old was the one who expressed a desire to learn how to write games. To each his own...

Comment: Won't work in the US (Score 2) 62 62

Cash payments, while really nice for the drivers, would open them up to attack. In markets like DC. Uber drivers have to have clear signage indicating they are driving for Uber (see how many you can spot on the street corner sometime). But if they have this signage, there's nothing saying they can't be carjacked or mugged.

Comment: Re:There's a shock... (Score 3) 100 100

It somehow doesn't surprise me that Apple is still hosting the exploited CA cert. They released patches to a number of openssl (which OSX does use) that supposedly fix the high level vulnerabilities of late (Security Update 2015-3?) But at the same time, the version that's running is 1.0.1g ... and there have been several high level vulnerabilities such as the down channel exportable encryption bug that still haven't been addressed. Thinking Apple needs to step up their game!

Comment: What does it all mean? (Score 1) 83 83

While I like Apple just as much as any other Mac fan and have been known to be ding as a troll when commenting on Microsoft posts, I have to ask my self one good question about all the litigation between Apple and the world. When will this litigation cross the threshold of aggressiveness and open up Apple to review by regulators as acting in a monopolistic fashion? (dread the thought! I have zero desire to run Internet Explorer on my iPhone.)

Comment: Of all the stupidity (Score 2) 107 107

Clearly some lawyer has some teenaged kids he's looking to put through school. But food for thought here. Having just gotten into analysing the ECMs in my car and figuring out how to analyse the performance characteristics of my car, I appreciate the ability to figure out what's going on with the vehicle without paying $1000's to the mechanic. That being said, I have serious doubts that a public/private key cryptographic authentication mechanism on the vehicle ECM would be shared with the consumer that purchased said vehicle and would ultimately eliminate the ability of people to work on their vehicles.

Comment: Net Neutrality and it's effects on Cell Providers? (Score 1) 550 550

So Some cell providers in the US provide "x" amount of GB's of data on a rate plan and when that data is used up, they turn off access to the Internet (blocking) and other providers will allow you to use "x" amount of data and then throttle back your remaining data (throttling) to dial up modem speeds (EVDO or less). Since these rules prohibit blocking and throttling, what will Net Neutrality do to cell phone plans?

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost