Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment FCC says wha? (Score 1) 71

I'm kinda dumbfounded this consumer freindly move wasn't squelched yet. After all the logic for the FCC nixing net neutrality and consumer privacy was because this stifles innovative revenue streams for productizing consumers. Actually I think they just said "bussiness innovation" for short. In anycase stopping robocalls seems like it will hurt someones revenue stream. You should write your congessman and demand to be productized more! Seriously, what's the angle here. My guess is that maybe the carrier's and google and all the rest want to prevent all the free robo calls and create a partner channel for authorized, paid, robocalls.

Comment Re:Dictionary attack? (Score 1) 43

If this is true then why hasn't apple sent me a password reset notice? In this particular case I agree with them not paying the ransom as there's no way to verify the passwords would be deleted.

verifying 50 is not a convincer they have millions. turning over 5 to 10% of the number would be. The fact they could easily have done that and didn't tells me they don't have this.

Of course that didn't stop me from changing my password just in case.

Comment Re:Norton (Score 1) 71

Step one: Any browser that cares about security MUST stop regarding https with CA certificates as any more trustworthy that self-signed certificates or plain http.

Why? Plain HTTP can be compromised by anyone on a hop between you and your destination. HTTPS with a self-signed certificate can be compromised by anyone on a hop between you and your destination, but can be detected if you do certificate pinning or certificate transparency. HTTPS with a signed cert can only be compromised with cooperation from a CA. The set of people that can compromise signed HTTPS is significantly lower than the set that can compromise self-signed HTTPS.

I remember in the days of IE 6 and me opening questionable porn in my youth I would get slow or weird responses from HTTP websites. I do an ipconfig of the name of the site. I then disconnect and then reboot and or sometimes do a ipconfig /release and VIOLA now when I do an ipconfig it points to a different IP address.

MITM was quite on occurrence in the old days. Of course if my DNS is pointing to somewhere else it means my PC was probably compromised but my point is changing something and a ipconfig /release fixes it shows it is easy to spoof before MS took security more seriously as it does today.

Comment Re:The Dying Days of the Certificate industry (Score 1) 71

You have a better solution? You want the US government deciding instead like ICAAN in addition to being a central point of exploit?

If you let others self sign that means you risk having the private keys known and it's game over. Let's encrypt has same problem in which they can screw up and hand out extra certificates. Also if they are hacked and private key is leaked then game over the Internet is done as we know it. This makes me not want lots of players on the CA space

Comment Re:To clarify the parent's assertion: (Score 2) 108

Newer versions are turning out to not allow bios disablement. The sad history of this, from what I can peice together is that initially you could disable it in bios. Then newver versions had "hidden" bios diablement. that is to say, no GUI bios diablement but still an editable firmware disablement. Then newer still ones, no possibility to disablement. For these some people have discovered that overwriting certain blocks (basically all blocks after the first block) of this allows disablement without the 30 second shutdown. One can see where this is headed in the next generation very easily.

Comment Unsurprising (Score 1) 38

Patents have become another "must-have" item in a scientists resume. It presumably shows you're able to create practical applications from otherwise abstract research results.

In practice, of course, you can patent pretty much anything you want if you put your mind to it, and the vast majority of granted patents are never implemented in an actual product and never make any money at all. So researchers just jump through another set of hoops to pad their CV with, usually, a completely worthless patent or two.

The researcher is happy since they got another item on their career-critical CV. The university is happy since granted patents counts toward university rankings. The granting agencies are happy since it shows their research grants are producing tangible results. Too bad the actual end result - the patent - is utterly worthless.

Slashdot Top Deals

Blessed be those who initiate lively discussions with the hopelessly mute, for they shall be known as Dentists.

Working...