Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re: Simple. (Score 1) 265

First of all, it might come as a surprise for you, but not all people live in the US of A. Where i live, "search and frisk" is not something that i know to have been done to anybody that knows anybody i know.

Second of all - you probably get my point despite the maybe-not-so-universal analogy i gave. Maximum you should do, is null-route the portscanning ips automatically. Me - i just ignore them and have done so since the early nineties. If your network security relies on people in the internet NOT portscanning you, you are screwed anyway.

Comment Re: Simple. (Score 2) 265

Then stop plugging some sophos bullshit here and install something free and open that lets you block things. For example pfsense or m0n0wall. I am sure there are others, but these are the ones that i use.

If you have a decent firewall you dont actually care about portscans. You have a couple of ports open and you need to make sure that services running on these are safe. Alerting you with portscans will not improve your security one bit. The only useful thing you could do is automatically drop packets after n different port accesses in a given time - but alerts? Why bother?

If in real life someone touches your doorhandle, are you gonna sue? If he tries to pick or break the lock, sure. But portscan is an equivalent of rattling your doorhandle.

Comment Re: Exploit will be sold, kept secret from Apple (Score 1) 100

Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.

Except to their potential customers to whom they have nothing to sell.

"We have sold it to customer Y exclusively, but come to us with any other needs"

IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.

No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.

Government agencies do not need exploits, they can order a backdoor, and probably have.

I am just saying it smells like a publicity bullshit.

And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.

In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.

Comment Re: Exploit will be sold, kept secret from Apple (Score 1) 100

What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.

That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.

Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.

IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who supposedly have vulnerability info that can be used. That "market recognition" can be monetized later much more easily than a certain exploit on a certain IOS version with a certain browser that only a minority of people have installed.

I am saying that these guys are just bullshitting.

Just because you don't like the idea of it.

I don't like the idea of what? I have not expressed any like or dislike towards either jailbreaking as such or this exploit buying matter. I am just saying it smells like a publicity bullshit.

Comment Re: Exploit will be sold, kept secret from Apple (Score 1) 100

Which sound very unlikely.

Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.

No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.

Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.

What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.

I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I am saying that these guys are just bullshitting.

Comment Re: Exploit will be sold, kept secret from Apple (Score 1) 100

Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook.
For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection - ios 6?

Slashdot Top Deals

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Working...