Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internetâ"only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Phishing is good (Score 1) 249

If by succeeding, you mean completely failing to have any significant role in online commerce, and not being a significant source of information beyond currently trending events, then sure. Call me when there's something equivalent to Wikipedia that's built into Facebook without linking out into the Internet as a whole, or something equivalent to Amazon, or something equivalent to airline and hotel reservation websites, or....

So no, Facebook is not succeeding as a replacement for the Internet—only for the very narrow slice of the Internet that was previously dominated by MySpace.

Comment Re:Never saw that coming (Score 1) 249

It's not always a home ISP that's doing subtle MITM modification. It might be someone malicious in the same coffee shop as you.

Assuming DNSSec gets deployed as it should, someone in the same coffee shop will be able to passively snoop, but won't realistically be able to be in the middle of the communication unless the infrastructure is badly broken. After all, two hops over Wi-Fi should always realistically have higher latency than one hop plus a DHCP response. The biggest weakness is UDP-based DNS. For that matter, you could disable UDP-based DNS today, and you'd pretty much kill any hope of MiTM attacks by anybody other than your ISP. Arguably, you probably should.

Or it might be a government agency using the Fullscreen API to spoof the chrome of the entire desktop environment.

At that point, your endpoint is untrusted, so the communication is untrusted, period. There is no security mechanism that can have any real benefit if you cannot trust the browser itself or the operating system under it.

Comment Re:i cant believe what im seeing. (Score 1) 69

my one wish before I die --assuming I can merge-- is to see the second sign for the exit to interstate 10. Could this app be the miracle ive prayed for between prayers for the sweet release of death? I sure hope so.

Fear not, my friend, for I have heard tales of a land beyond the jam—a mythical place called the O.C.—where giant mice and princesses roam the streets and the terrors of Hollyweird are but a distant memory. But to get there, you must turn left now, for your current path leads only to drowning after you drive off into the ocean at Huntingdon Beach. Beware the Tides of March.

Comment Re:Never saw that coming (Score 1) 249

Without TLS, how do you ensure that a man in the middle isn't altering the information that you retrieve from said "Informational websites with no credentials"?

You don't, but it almost never matters. MiTM attacks tend to be harder than passive sniffing, and there are very few reasons why any ISP in its right mind would do so. They're far more likely to do blocking, or redirect a streaming site to their own streaming site, or other absurdity that's easy to spot.

Comment Information wants to be free (Score 5, Insightful) 53

Well, your information, not ours.

FTFA (and a major WTF)

All of the documents would have been uploaded by their owners, but they may not have realized that each document could be made public, which is Docs.com's default uploading setting, compared to files created or edited with Word and Excel Online, which are private until set otherwise.

Comment Re:but you arent a traditional CA (Score 1) 249

The few times I've used Let's Encrypt was during testing phases, as a place-holder until I had the time to get a "real" cert. My company has an inane procedure to get purchase orders to pay for anything, so often it takes a couple of weeks to get to the point of being able to purchase anything via a "new vendor". If you can't afford $5 or so to get a year-long cert, then your either not serious about your site or doing something wrong.

Or you have more than the one subdomain that most CAs allow for $5 certs. Even with a limit of five for Let's Encrypt, it takes two certs for my main domain. Bare domain, www, images, git, homeserver, kinji, and I feek like I'm still forgetting one. A wildcard domain cert starts at two hundred bucks.

Slashdot Top Deals

May Euell Gibbons eat your only copy of the manual!

Working...