Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:cost and benifit (Score 2) 74

Passive AV software is about eliminating malware AFTER it has taken root on a system. Active AV injects itself into critical checkpoints. Microsoft, to their credit, has taken proactive steps to close the exploits that malware have used enter a system. Steps like including Flash player updates with Windows updates. Is it perfect? Of course not. But it's gone a long way to the point of making AV software the "low hanging fruit" of attack surfaces.
I'll also echo what many have said - WSE and SPI Firewalls (Stateful Packet Inspection is the prerequisite of NAT is what actually protects you) have been the only thing I've been using for years.

Comment Re:pfsense (Score 2) 403

The worry isn't the new processes. It's the systemd process itself. I'll grant that having systemd pre-reducing privileges is better than expecting the daemon process to reduce privileges on its own. At what point will running systemd without networking be essentially non-optional due to widespread community adoption? I feel many of the worries of the parent of your post are still valid.

Comment Re:Again... (Score 1) 278

Let's not forget that the Snowden documents are now a year and a half old. A year and a half ago, everyone thought the ciphers and protocols were good enough. Fast forward to the eve of 2015 and we know better. We have a new sense of what is state of the art. We know not to use ciphers with static keys that could be subject to subpoena requests and so on a so forth. I'm not so naïeve to believe that new ciphers will stop them in their tracks. The still have incredible resources to draw upon. We just have new speed bumps.

Comment Re:If only PJ was still running groklaw! (Score 1) 173

I suspected it was last straw. She was looking for an excuse.

That said, however, lawyers in good standing enjoy a legal privilege of being able to discuss matters with clients in confidence and be able to withhold those discussion from the government. If you can't communicate privately the privilege is eviscerated.

Perhaps she wasn't so much worried about herself than the confidential sources she used?

Comment Re:Embedded Systems (Score 1) 641

And don't forget to ask what language was that high level language written in?
Ruby - written in C
Erlang - written in C
Node.js - written in C with a few x86 and ARM assembler bits
Perl - written in C
Python - written in C

And the truly mind-numbing one: GNU C compiler - written in C.

Comment Re:Locking USB... (Score 4, Informative) 97

Lock Switch? Then you don't understand the problem. The problem is that in many USB Flash are two chips: a computer and memory. The host PC communicates with the USB controller and the controller talks to the memory. Most controllers are just a version of the 8051 CPU with USB logic bolted on. The lock switch would be a high-level function that returns an error on a generic block device write command. Hacking the USB device isn't hacking the flash memory, it's hacking the firmware on the 8051. The Device Firmware Update function of USB that allowed that 8051 computer to be reprogrammed should be disabled.

Comment Re:Folks.... (Score 2) 185

For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for

Slashdot Top Deals

Wishing without work is like fishing without bait. -- Frank Tyger