Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Where to start... (Score 1) 1

The headline mentions SMS, but that isn't involved or even mentioned anywhere in the article. Their POC program sent an SMS through a third-party server.

The "researchers" are trying to sell a competitor to the built in Keychain.
Their proof of concept showed them using an unlocked keychain to add the new key. This lowers the threshold to access the keychain, because it is already unlocked. Keychain Access is buried in the Utility folder that most non-savvy users have no idea that it even exists, so they would be very unlikely to unlock the keychain in this way.

Their malicious app had to be installed around the gatekeeper system. By default the gatekeeper blocks anything that isn't secured with a trusted certificate. It would have to be turned off to install.

In short, this requires a series of dumb actions by the user, most of which are not shown in the POC video.

When you unlock a bunch of doors and invite the thief in for tea, you may find your silver missing.

Comment Re:Great--humans getting back into space (i know I (Score 1) 47

In real life, what's going to happen is the Chinese will be the only ones strong in space exploration

Given the glacial pace and lack of ambition the Chinese have displayed so far... whatever you're smoking in order to believe this has to be illegal.

Comment Re:Phones? (Score 1) 200

It's not "firmware updates" that's the problem, it's unauthorized firmware updates, as in not signed by the manufacturer, etc. So your carrier won't upgrade you past Jelly Bean, fuck you, no CyanogenMod. Although it seems the FCC is primarily going after routers with 5GHz WiFi right now, so no DD-WRT or Tomato to replace the manufacturer firmware, no matter how many security holes it had.

Comment Re:Apple can't modify Time Machine Firmware? (Score 1) 200

Um, that's the problem here. The FCC wants the non-RF side of things to be "baked in" now, too. Or at least protected by the secure bootloader type shit that you see in cell phones. If it's got 5GHz, too bad, they can't have you installing custom firmware, even when the radio itself has sufficient protections.

Comment Re:Comcast giveth and I taketh away (Score 1) 217

I understand inflation, but I'm intolerant of "government compliance surcharges" and random miscellany like that. If it comes down to the point where bare Internet costs the same as my current monthly bill, I wouldn't rule out starting an ISP that covers my neighborhood.

Submission + - FCC Introduces Rules Banning WiFi Router Firmware Modification

An anonymous reader writes: Hackaday reports that the FCC is introducing new rules which ban firmware modifications for the radio systems in WiFi routers and other wireless devices operating in the 5 GHz range.

The vast majority of routers are manufactured as System on Chip devices (SoC), with the radio module and CPU integrated in a single package. The new rules have the potential to effectively ban the installation of proven Open Source firmware on any WiFi router.

ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and others have created the SaveWiFi campaign, providing instructions on how to submit a formal complaint to the FCC regarding this proposed rule.

The comment period is closing on September 8, 2015. Leave a comment for the FCC.

Comment Re:Mirrored drones = deadly disco balls? (Score 1) 125

The mirror coating is barely reflective to a laser, and will burn off just about as quickly as the camouflage coating which you propose. What is needed to have any real effect is an ablative laser coating which continues to be reflective as it is burned away. AFAIK no such material exists as of yet, in spite of being prophesied in roll-playing games (i.e. Battletech.)

Hm. It seems to me that the ideal way to handle this is to have the material ablate in such a manner that it leaves a cloud of particles hanging in the air, forcing the laser to burn through the cloud as well.

Comment Re:Thank You All (Score 1) 198

Since I am certain you will not see my previous response to another poster, I think it would be wise for me to paraphrase the poster's response and my response for you:

Enterprise Architect should not be logging on with administrative credentials. An Enterprise Architect has two arms, Sysems/Networks Administrators and Information Assurance. Systems/Networks give you reports and implements what you want. Information Assurance validates (amongst other things). You need to do nothing in that arena.

Comment Re:Architect != sysadmin (Score 1) 198

The role that everyone seems to be ignoring here is IA. Information Assurance should be the read only underlings that validate things are the way the EA thinks they are.

In summary: The Enterprise Architect needs no accounts other than that required to log on to their workstation. The System and Network Administrator personnel implement what they are told. The Information Assurance personnel guarantee to the Enterprise Architect that what was told the System Administrators was properly implemented.

Comment Re:How does it know (Score 2) 77

Not true. It's much more sophisticated than that. I've tested the "smart" blocking vs the "block all plugins" settings and it definitely allows more than just the biggest element through, but it does block the ads.

On sites where there are Flash navigation elements, or smaller Flash applications -- they are still apparently unblocked but auto play videos are blocked.

There's more to this than meets the eye. And it's not just as simple as allowing the biggest Flash element to load.

Comment Re:Comcast giveth and I taketh away (Score 1) 217

Sure, but: 1) they're making a lot less than if they were selling me both, and 2) a bare Internet connection is (at least hypothetically) replaceable. Once you've made the decision to drop TV programming, there's not a lot to holding you to a particular ISP.

Many people are unenthusiastic about their work.