Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Yes, SHA1 security is questionable.. (Score 1) 217

Because it has become easy to create 2 plaintexts that both hash out to the same SHA-1 value. See the section titled "SHA-1" which talks about attacks on the hash function.

Um, the very article you link to lists no found collisions, only theoretical attacks (where an algorithm could be used to find one faster than a brute force search).

Given that I've yet to see an actual SHA-1 collision published, it's hardly "easy" to do...

Comment Re:Hopefully... (Score 1) 229

The problem with the FireSheep discussion is that there is no current solution to this.

People keep saying that the social media sites should use https. However, they CAN'T use https for the entire session: advertising content delivery networks like AdSense don't support https, so it won't work.

Comment Re:What I don't get (Score 1) 229

As I've mentioned in other messages, this is the real problem. Advertisements can't be served over https as the major networks like Google's AdSense don't support https. This is exactly the kind of third-party content you mention.

So sites that are funded by advertisement will use http not https.

Comment Re:What I don't get (Score 1) 229

This kind of thing is the fundamental problem. Interoperability issues like this are why the major advertising content delivery networks (including Google's AdSense) don't support https.

As they don't support https, social media sites can't use https for the entire session as they wouldn't be able to serve ads, and so wouldn't make any money.

So we get insecure social media sites, as these are the only ones that can stay in business.

Comment Re:And the answer is no. (Score 2, Informative) 229

The real problem is that most social media sites CAN'T use https by default.

Most of the advertising content delivery networks (and this does include Google's AdSense) don't support https.

Thus, if the social media site used https for the entire session, then they wouldn't be able to serve ads, and wouldn't be able to fund the service. So it isn't going to happen.

There is a real problem with current web protocols that security is all or nothing. You can use http and be insecure, or use https and break all kinds of network technologies (e.g. proxy caches). There is no way to have authenticated but not encrypted data, and the browser security functions make it very hard to mix content from different sources.

Comment Re:DVDFab (Score 1) 501

There is no need to emulate a particular windows platform, you just need a stable win32 library for compatibility.

It's pretty easy to write windows software that will work on any windows version from 2000. It's not much harder to support 95+. The basics of win32 have been stable for years.

The 16bit elements are now irrelevant (unless you want to run some very old windows games). Even Microsoft doesn't support 16bit software on the 64bit Windows versions.

Slashdot Top Deals

Yet magic and hierarchy arise from the same source, and this source has a null pointer.