Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Phishing Attack Uses Domains Identical to Known Safe Sites

JThaddeus writes: Current versions of Chrome and Firefox are vulnerable to a phishing attack that uses unicode to fake the appearance of a legitimate website. Additionally fraudsters can use their unicode domain names to get certificates from LetsEncrypt so that the the browser URL is visually indistinguishable from the site it is copying.

Submission + - DNA confirms cause of 1665 London's Great Plague

JThaddeus writes: The BBC reports that a 17th Century mass grave uncovered in London confirms the identity of the bacteria responsible for the Great Plague of 1665-1666. "Testing in Germany confirmed the presence of DNA from the Yersinia pestis bacterium — the agent that causes bubonic plague — rather than another pathogen." The grave contains approximately 3,500 skeletons. Teeth were removed from some of the skulls, and their pulp tested at the Max Planck Institute in Germany. Positive results were found in 5 of 20 individuals tested. It is estimated that the Great Plague killed nearly one quarter of London's population (then about 350,000). The article also adds, "To reassure anyone worried whether plague bacterium was released from the excavation work or scientific analysis, it doesn't survive in the ground."

Comment It's OK to be in the minority (Score 4, Insightful) 585

In fact, in my experience, the majority is wrong quite a lot.

Fortunately, this is not a popularity contest. The question is whether the government can compel a company to rewrite its products to make it easy for the government to snoop on its customers. If they can, it's only a small jump to forcing companies to include a backdoor in their products in the first place.

Comment Re:Apple - standing alone (Score 1) 339

Actually, ignoring the unique hardware key associated with the Secure Enclave (because it can't be read by anything except the Secure Enclave), each iPhone does have several other unique identifiers that can be used to lock OS firmware to the device, such as the serial number, the cellular radio IMEI, and the Wi-Fi and Bluetooth MAC. As already pointed out, Apple could hard-encode those values in the firmware update and sign that. The resulting binary could not be used with any device where those identifiers did not match. Bad actors could not just change the numbers to match a random victim's phone, because the Apple signature would not match the binary. This is discussed at

It is true that even having the source code for firmware creates a risk, but that risk cannot be turned into an exploit without Apple's secret key. And of course if someone gets Apple's secret key, all iOS devices are in trouble.

I think the real issue we should be talking about is whether the government can force companies to redesign their products to help the government spy on their customers. If it can do this, then why can't the government similarly require that circumvention mechanisms be built into devices in the first place to make snooping easy?

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer