Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment Re:A rose by any other name... (Score 1) 66

I would love to know how ... in no way shape or form do I have any interest in anything bloody animated ever appearing on my screen.

It's annoying as hell, distracting, and I'm not interested.

So, yeah, if someone gives me a plugin to disable any form of animation bullshit in HTML 5, I will gladly use it.

If HTML 5 is just a way to force me to see ads and animations, then HTML 5 is broken by design.

Comment Re:A rose by any other name... (Score 1) 66

As long as I can turn it off, I don't give a crap what they call it.

Flash has pretty much had at least one gaping security hole for every month of that 20 years.

And in the 19.5 years I've been disabling/uninstalling/blocking it, I've never felt like I was missing anything. The sooner Flash finally dies and goes away the better.

Comment Re:WTF??? (Score 1) 115

No, I'll make this explicit: this is a web-cam, pretending it's a security/alarm system.

Buy a nanny cam. Buy a better door lock. Buy a dog.

This is about the same level of protection that a typical alarm company offers you.

I very much doubt a typical alarm company is providing you with something which is broken on the level of this thing

The entire authentication process is decoupled from the actual device, and attackers can easily spoof device IDs and gain access and control over someone else's alarm system.

To make matters worse, nothing is encrypted, all communications are blurted out in cleartext, there is no message integrity protection mechanism and no sequence numbers for network packets.

Sorry, but that level of defective is beyond anything you can try to excuse.

But then again, people seem to have accepted that IoT will have security written by blind and drunk monkeys, but that it's good enough. So you buy one, and I'll continue to believe the IoT is just another opportunity for assholes in marketing to pretend they have a useful product.

Comment Re:The IoT of now and the future. (Score 1) 115

This just goes to show you that even with a security-centric product like an alarm system, even basic security features cannot seem to be prioritized over cost or first to market.

You know, looking at their company history, I'd say they're a video-centric product, which some ass in marketing decided to start selling as a security-centric product.

"The RSI Videofied system has a level of security that is worthless," concluded the Cybergibbons team. "It looks like they tried something and used a common algorithm - AES - but messed it up so badly that they may as well have stuck with plaintext."

Sorry, that's not security. That's pretending you have a product that has any business being used in security.

Epic incompetence. Be that at the management or technical levels, it really doesn't matter.

Comment Re:Is this really as typical as it seems? (Score 1) 115

My guess would be that they were told to implement it in a certain way. They may have had objections but were overruled by managment.

To the consumer, incompetence by managerial decree is impossible to differentiate from incompetence technical design.

The product's security is shit. Why it's shit is irrelevant.

So, sure, blame whoever you want. The key thing is here that as many people as possible should be told the product is so terribly insecure as to defeat its entire purpose.

Unless, of course, actual security isn't the purpose. In which case it's doubly important to tell people not to use it.

Comment WTF??? (Score 2) 115

today we hear about an IoT smart home alarm system that works over IP. Made by RSI Videofied, the W Panel features no encryption, no integrity protection, no sequence numbers for packets, and a predictable authentication system. Security researchers who investigated the devices say, "The RSI Videofied system has a level of security that is worthless.

So, the makers of the "W Panel" are lazy, incompetent people who have no business making a security system? Or they're greedy, cheap people who have no business making a security system?

Blah blah blah Insecurity of Things written by people who are either incompetent or indifferent to security, yet another product which is more marketing than substance, and yet another product which sounds like it's utterly useless.

Tell you what, can we assume all IoT shit is broken, defective, and insecure ... and then only have the stories when someone builds one which isn't?

Yet another product created purely by the marketing and sales people, and stunningly incompetently done at the tech level.

They make know something about video. But apparently they don't know a damned thing about security. This is worse than vaporware ... this is a product which is so utterly unfit for the purposes it's being sold for as to be dangerous.

Comment Huh? (Score 5, Insightful) 170

learning the basics of programming, despite having no access to the vast educational resources on the internet

Bah, when I learned programming there weren't "vast educational resources on the internet".

It's been done.

Since when the hell have we reached the point of "zomg, someone learned something without teh intertubes"??

Because if other people haven't learned to basics of coding over the last few decades without the use of the internet, I'd be completely shocked. The internet is not a pre-requisite to learning, as much as people seem to think it is.

Comment Re:OK, so I can use it anyway I choose? (Score 1) 248

If they make it part of Unicode, they should lose all ability to tell me what I can do with that character.

If they wish to have "an emoji clause", then they should be getting told to piss off and go away now.

As I said ... either it's just a character, and they have no right to ever say anything about how that character is used ... or it's a trademark they wish to restrict, and it has no business being in unicode.

But letting corporations stake out parts of the unicode standard AND continue to tell us how we use those unicode characters simply cannot be made to work, because they're incompatible things.

Comment OK, so I can use it anyway I choose? (Score 1) 248

So if KitKat and Durex get their own emojis, then I can use those emojis any way I choose and without licensing or trademark considerations?

Because that's what happens when you put it into the standard code pages.

So I can put (KitKat)(Condoms)(Donkey)(TacoBell)(IceCream)(PartyHat)(Cigarette) ... and KitKat and Taco Bell have NO legal right to say anything about how I use that image, right?

That will be awesome, and I'm sure the marketing clowns will love what happens when they make their trademark part of a standard code set. Because if you make it part of my standard character set, you turn your trademark into something which anybody can use.

What you can't do is turn your trademark into a standard part of what is in Unicode and then demand I have restrictions on how I use that trademark.

So either they are idiots who plan on diluting their trademark. Or they are idiots who think they can put their trademark into a standard character set and have no control over how it is used.

We should NOT be putting corporate defined images into Unicode unless there is an understanding that what people then DO with those things is no longer under any control by the people who asked for it to be there.

Comment Re:thats strange (Score 2) 173

But those worse figures wouldn't be what VW advertised, they would be advertising the better 'regular' numbers.

And then you would demonstrate you don't know the law around those numbers.

Car makers have ZERO option except to publish the EPA approved numbers. They MUST publish the EPA numbers. The problem is the official EPA numbers are meaningless, derived from a fairly old process, and not indicative at all of actual mileage figures.

So, using those EPA numbers, hybrid owners have been really annoyed to find they're not getting anywhere NEAR the mpg they've been told -- because the hybrids were measured using the old and not-very-useful formula. Similarly, 15+ years ago, I knew people with diesel VWs. Those cars regularly got more mpg than they could advertise, because for those cars the formula was fairly useless in the real world as well.

The important thing here is that, right or wrong, high or low ... car makers can only legally give their mpg numbers based on an EPA formula which is, effectively, an estimate based on a calculation. If they tried to use other numbers they would get into trouble.

VW would advertise based on the only number they're allowed to. They can't cherry pick the ones they like; which means you could get significantly worse or better than the EPA figure. Even if the EPA figure is pretty much known to be meaningless and out of date.

Comment Re:IANAL, but I know one & (Score 1) 65

You seem to imply there is legal "duty of care" (or whatever you'd call it).

They don't care. They never promised to care. The license probably says they don't care. The people who run the company don't care.

Taking steps to care presupposes they care. If they don't care what happens to your "sensitive data", they're sure as hell not going to take steps to protect it. Because that would involve caring.

What part of greedy corporation shielded by license agreements and only interested in their own profits do people not understand here?

Oh, and did I mention that the license probably includes terms which says you can't sue them and need to agree to binding arbitration in a forum of their own choosing?

And that forum of their choosing will simply say we don't fucking care and never promised to.

Comment Re:Uber and pirate bay (Score 4, Insightful) 52

I guess the people with money are allowed to bend the law now and apply it how they see fit

More accurately ... the copyright lobby has bought and paid for laws which they interpret how are applied, enforced outside of the judicial system, with abysmally low thresholds for evidence ... and with shockingly little penalties for them if they misuse it.

In case you have missed, copyright related laws have reached a special level of stupidity, because they've been paid for and written by the people who benefit from them. This shit is now routinely entrenched in high-level treaty negotiations, where governments act on behalf of the interests of multi-national corporations -- and literally just use whatever text provided by the lobbyists.

They're not bending any laws, they're outright financing the adoption of laws which are entirely written to give them massive amounts of latitude to do as they please without penalty.

Governments these days are pretty much openly working for the corporations in this matter.

Copyright is like kiddie porn and terrorism; it lives in a special place outside of most other forms of laws, and builds in shortcuts and bypasses to legal protections you would normally have.

This is way beyond bending the law, it's about buying their own laws.

Comment Honestly ... (Score 4, Insightful) 65

VTech doesn't use SSL web encryption anywhere, and transmits data such as passwords completely unprotected. ... Hunt also found that the company's websites "leak extensive data" from their databases and APIsâ"so much that an attacker could get a lot of data about the parents or kids just by taking advantage of these flaws

Just stop using this crap ... over and over and over and over we see these same damned stories.

Stop handing all this information over to companies who are too indifferent and incompetent to give a shit about how badly they misuse your data.

The solution of this problem is trivial and is left as an exercise for the reader.