Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Still far too expensive. (Score 1) 341

Reality check - the price of a generic tablet is under $100. You don't even have to get low-priced tablets direct from Shenzhen via Alibaba any more. They're on Amazon now. Many below-$100 tablets are available. Some are quite good.

Microsoft would like to think they can price their device much higher than that. But they can't. Google's own Android tablets are down to $229 and falling. Microsoft tried to price theirs over $1000, and even now they're only down to $350.

Comment Privacy-enhanced mail (Score 1) 116

From the site, there's not enough info to tell what security properties this proposal has. Mostly, they're just begging for money.

It might not be that hard to do privacy-enhanced mail today. Both browsers and some mail clients (i.e. Thunderbird) accept plug-ins, so doing encryption and decryption on the client side is possible even for web mail. You could still use Gmail, but all Google would see are big strings of random-looking text. Your browser plug-in would decrypt that when displaying Gmail output. Of course, Google's indexing and ad matching wouldn't work.

The big problem is publishing and finding the recipient's public key. The 1993 PEM scheme wanted to do this with SSL-type certs, but that never caught on. Self-signed certs are vulnerable to man-in-the-middle attacks. But suppose that you published your public key on some social network (Twitter, Flickr, Facebook...) and your mail client checked your own key at random times. Then you'd detect if someone was messing with your public key. It's not airtight, but it's better than nothing, and any widespread tampering with public keys would be noticed.

None of this requires any cooperation from, or trust in, mail servers. It's entirely client-side, where it should be.

Comment Negligence will be the keyword (Score 2) 71

When you look at the various data breeches that became public in the more recent past (especially those done as some kind of protest or out of spite, to harm a company in its goodwill) and analyze the attack vector, you cannot help but shake your head in disbelief. The vectors range from SQL injections to exploits in ancient software that should have been patched months, if not years ago. If that isn't the textbook example of negligence, what is?

Still, I'm all FOR insurance. Because insurances are notorious for requiring their customers to minimize the chance for a reason to file a claim, and your premium is usually dependent on your risk. If you invest in security, your insurance premium would be lower, and we might FINALLY see some CEOs invest in security since now they can see that it's cheaper than paying for the insurance, since they're blind to the fact that it's cheaper than paying for the fallout.

Slashdot Top Deals

Memory fault -- brain fried