Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Domain vs. org validated certs (Score 1) 333

by tepples (#48627909) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

DANE, Perspectives, and other CA-free approaches are equivalent in assurance level to a domain-validated certificate from a CA. The difference between a domain-validated certificate and an organization-validated certificate is that it's a lot harder for a typo squatter to get an organization-validated certificate for, say, "bankofamerrica.com". This is why the Comodo Dragon browser warns for domain-validated certificates.

Comment: Unpossible Terrifying Fuckery (5:erocS) (Score 1) 333

by tepples (#48627735) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

UTF must stand for Unpossible Terrifying Fuckery

For a while, Slashdot did support Unicode. This allowed vandals to not only evade the ASCII art lameness filter with foreign characters but also use bidirectional override characters to impose Unpossible Terrifying Fuckery on the site's layout.

Comment: Lserver attack (Score 1) 333

by tepples (#48627577) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

let you track what certificates other people are seeing for a site

The Perspectives plug-in for Firefox uses the same route diversity technique to expose a man in the middle that attacks some routes to the server but not others. But the Perspectives white paper discloses that this approach is vulnerable to what it calls the "Lserver attack": a man in the middle between the server and its only connection to the Internet.

Comment: Forever day vulns in IE/XP (Score 1) 333

by tepples (#48627451) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

This "non-trivial number of users" is already compromised or very close to it. Because Microsoft is no longer issuing security updates for Internet Explorer on Windows XP, you can probably assume that Internet Explorer on Windows XP is insecure in other ways that could compromise your users' confidentiality.

Comment: Renewal is manual (Score 1) 333

by tepples (#48627395) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Startssl.com offers free certs

Unlike web hosting, StartSSL does not auto-renew.

contact your hosting provider, and they should be able to do this for free or a very small charge; if they want an arm and a leg, it's time for you to find a better host.

For a small site, WebFaction will probably work unless much of your audience uses Internet Explorer on Windows XP.

Comment: Because not all journals are open access (Score 1) 333

by tepples (#48627263) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Why do we need security to view academic articles

The site needs SSL's confidentiality to protect your session cookie, which represents your subscription to the journal that includes the academic article, from getting Firesheeped by an eavesdropper. And you need SSL's integrity and authenticity to ensure that the data tables in the article aren't modified in transit.

All the simple programs have been written.

Working...