Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Good (Score 1) 38

They seem to change the dashboard at least twice a year and it's getting tiresome now. The one we had about 9 months ago was pretty good, then they replaced it with a turd that was a massive retrograde step because you have to now press like 5 buttons to do something like quit a game that previously took two. Hopefully if nothing else they've simply reverted to the previous one that worked and was fine.

Comment Re:What?!!! (Score 1) 50

Those Russian basta... Oh, um, well, thank you for pointing out this vulnerability.

Now that the US is pressuring people to dump their product, they should only tell their customers - at least for a week or two - when they find big new threat like this.

Want the warnings in a timely fashion? Pay up! B-)

Comment more like the 'fail update' (Score 3, Interesting) 38

"The top-level section has four shortcuts (your current game, two personalized suggestions, and a deal from the Microsoft store)"

So... one game and 3 ads. Thanks but no thanks, this is why i don't own an xbox.

"The first "Fluid Design" interface comes with a redesigned Home page, which is all about simplicity and customization. "

Ooo... customization! So, can I remove the useless top section that is 75% ads, and is wasting around 30% of the dashboard real-estate?

Guessing not.

Comment Re:How serious is this? How exploitable is it? (Score 1) 244

Of course, I bothered to look at at least one version of the PCI DSS spec:

This means all CDE data must be encrypted as suggested in PCI DSS
Requirement 4.1. Section 4.4 described Layer 2 specific wireless encryption protocols such as
AES that is used within WPA2 to provide confidentiality and integrity at the wireless link layer.
Higher layer encryption methods such as SSL/TLS and IPSEC and could be used to provide endto-end
cryptographic protection of card-holder data.

So it *looks* like it may have considered WPA-2 built in encryption sufficient, but 'recommended' TLS/IPSEC.... So contrary to common sense there could be implementations with weakness...

Yet the shiny new PCI-DSS compliant card payment machine we got recently for the store had a sticker on the bottom proudly proclaiming it used triple DES. I shit you not.

Comment Re:How serious is this? How exploitable is it? (Score 1) 244

Didn't catch the part about GCMP, hopefully for once sluggish wifi implementations being behind the curves mean most are using CCMP.

TKIP should already not be in use for many reasons.

CCMP always had higher security bounds than GCMP. GCMP exists for speed only because it is parallelizable and GCM was initially introduced for ethernet linksec as a workaround for the OCB patents. There is still no compelling reason for GCMP in 802.11. Modern logic is perfectly capable of keeping up with CCMP.

Comment Modularity isn't a synonym for "better" (Score 1) 167

They confirmed earlier this year their intent to reboot (pun not intended) the Mac Pro line by releasing a new design for the Mac Pro in 2018 that focuses on modularity.

Yes, we will see what that actually means. Technically speaking, the trashcan is "modular", inasmuch as you can connect modules to it (all over your desk.) That was a terrible idea. It remains to be determined if they're willing to admit that and fix it, or if they're going to keep doing "courageous" things to their users without lube. Recent idiocy like removing the 3.5mm audio jack does not bode well for future design decisions.

In their discussion, they were mostly talking about how the design was thermally limited and that bit them in the GPU / CPU upgrade path. Of course, that was stupid too, but if that's the only focus, and they still think cables everywhere is a "good" idea, then we're back to square one: the only good Mac Pro is a pre-trashcan mac pro.

Drives, memory, graphics and other cards - all of these need to be secure inside a sturdy, upgradable and serviceable chassis. Short of that, the pooch has been well and truly screwed, and the PC makers will eat the market.

Comment For now... (Score 1) 244

For now, WRT the phone, turn off your WiFi, use data, and keep the "media" uproar to a minimum unless you have an unlimited data plan. That means no video, no music, no heavy pages, etc. unless you're willing to eat your data allowance pretty quick (that assumes you've been using wifi to keep from stuffing your phone provider's pockets.)

In any event, watch your data consumption. Overages are a cash cow. And you are the cow.

WRT your home system, use ethernet, and turn off wifi until / unless you know you've got the right level of patch / amelioration.

The problem is not the Internet. The problem is wifi. So get off wifi.

...cell phone providers are going to love this.

Submission + - SPAM: Krack: Wi-fi security flaw

mrspoonsi writes: The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack. It concerns an authentication system which is widely used to secure wireless connections. Experts said it could leave "the majority" of connections at risk until they are patched. The researchers added the attack method was "exceptionally devastating" for Android 6.0. A Google spokesperson said: "We're aware of the issue, and we will be patching any affected devices in the coming weeks." The US Computer Emergency Readiness Team (Cert) has issued a warning on the flaw. "US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol," it said. "Most or all correct implementations of the standard will be affected." Computer security expert from the University of Surrey Prof Alan Woodward said: "This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.
Link to Original Source

Comment Re:Another reason why cash is garbage (Score 1) 439

Can't they just call the police on their hand-crank telephone?

I think (if we're talking about the USA here) they count as one of the groups with "more guns and henchmen" and are certainly one of the cases where you're in more danger if you do have a gun when you meet them (when they come to put your gold/gas/water/beans under "police protection" as per government instruction).

Comment Re:The baddies aren't optimising for bypassing edg (Score 1) 126

In many respects that is the same advantage linux and osx have over windows. Or pick your favorite hobby os and kernel... virtually no malware affects it.

It may not tell you much about the quality of that software, but the advantage is still real.

In other words, doing your banking from a machine running Haiku (based on BeOS) might not be a bad idea...

Comment Re:Another reason why cash is garbage (Score 0) 439

And a well-preserved shotgun shell will let you defend your cans of beans, assuming you have a shotgun to shoot it out of.

I was going to mention guns but didn't want to pseudo-Godwin the thread... Anyway, personally, I think that just makes it a certainty that you're gonna get shot, because there will always be someone with more guns (and henchmen) than you. As for hunting, there isn't much wilderness near where I live and I've got a little picture of me heading down to the local deer park to bag some venison and meeting 1000 other people with the same idea. Ain't gonna work.

A lot of gun fans seem to be convinced that they're movie heroes played by Chuck Norris, Clint or Arnie. I'm more realistic and just see myself ending up on the wrong end of my own gun.

Comment Re:Itâ(TM)s about price fixing the key market (Score 1) 60

I need a new key made for my Late-ish model Subaru and they say itâ(TM)s $350 just for a key. When I demanded to speak to the manager of the parts and service depot and demanded an explanation they only would say âoeitâ(TM)s more secure than the $2.25 key copy you got with your last car at the hardware store.

Clearly thatâ(TM)s not true at all. Can we somehow sue them for price fixing the key market?

Probably, yes. The replacement key thing is a total shakedown. At least you can clone it now.

Slashdot Top Deals

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde