Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re: Good (Score 1) 75

It cannot inspect ssl/tls traffic unless you add certificate authorities, which may be impossible without root. Yes, the local VPN can inspect plain text traffic, intercept DNS resolution, and block outgoing connections- that's the point. Open source solutions are ideal for this case.

Comment Re:Good (Score 2) 75

Silly they use an external VPN. On Android, local loopback VPNs like Mobiwol work great. All the apps's traffic goes through the VPN, which is local, so you can allow/deny on the fly (can filter foreground vs background too). Mobiwol could easily add some DNS-based blacklists (aka hosts file) and do add blocking plus firewall.

One would have to really trust an external VPN provider to ship all your traffic through. Which if you run your own VPN service or do trust one, it's safer than sending all your plain-text data through random wifi or cell carriers.

Comment Re: So, in other words... (Score 2) 69

Because you have checked the following In Chrome settings:
  * Use a prediction service to help complete searches and URLs typed in the address bar
  * Enable phishing and malware protection

Incognito mode doesn't do much other than [tries] not write to local browser history or store cookies. But it fails at that too.

Comment Re:HTTPS-specific cookies and security .. (Score 2) 66

On the server side, if you only use a single cookie as a session ID (securely randomly generated), then you won't read any injected cookies, but this doesn't prevent leaks.

If a subdomain is compromised, say, then they may read your session ID set by (and any other cookies) if they can get you to visit the compromised site (e.g. by modifying a regular HTTP request if they're in the middle).

If you append a session ID to every URL, then you don't need any cookies. Attackers won't read anything if you visit a compromised site, and your server will ignore any injected cookies.

Of course, make sure all your services are only available over HTTPS (HTTP -> HTTPS redirects, which everyone uses, are not safe from MITM attacks if you use cookies).

Comment Phone as a pager (Score 2) 246

Would the phone as a pager idea really work? The towers would broadcast messages, and if your device matched the message, you would get a notification to connect to the network? Could you get 1-way text messages this way? If this were implemented on the cell networks, could I read all the broadcast or text messages in my local area by modifying my radio?

Comment Re:The problem is Android (Score 0) 208

To use Android effectively, you must root your device and freeze/remove unwanted apps. With root, you must also use a firewall to block or limit network access to you still want to use.

You must also mange your radios well - only enable Bluetooth and GPS when you need it, otherwise keep them off; toggle mobile data and wifi when you roam which means don't leave wifi on while you leave your residence or workplace, and don't leave either on at night or for extended time. (Yes there is a lag in the morning when you turn on wifi and all the background apps sync at once to get email, messages, updates, etc. but you trade that for longer battery life by not using as many charge cycles.)

Managing both software and hardware is a bitch, but if you spend a bit of time to learn, you can get great battery life and overall performance (less background apps), and enjoy enhanced privacy (block ads, prevent data leaks, don't respond to wifi/BT pings, etc).

Comment Free APIs (Score 1) 359

As we can see, much software is only available as a service (SaaS). Some of the software powering those services is Open Source, some is Free Software, and some is neither. The power in these types of systems is more about the data, and access to the data, than software.

Do you see any licenses that could be created to surround access to data, such as APIs? Perhaps an API could be licensed as Open Access or Free Access, allowing the users to do what they like with the service or data. Granted, the organization providing Free Access could close or simply halt access to the API. Are there licensing mechanisms developers can use today to grant their users better access to their user-supplied data?

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre