Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Dictionary attack? (Score 1) 44

"By all appearances, Apple's assertion that this is a collection of information obtained from other sources, rather than an actual iCloud leak, appears to be true"

"Most of the people admitted to reusing the password on other major sites, though a few claimed they hadn't."

I re use passwords too. There ain't no one who doesn't. That some had unique passwords is significant, yet you gloss over that. You can think that some users are lying, but i'll bet its for real. I re use passwords, but for very important services they are of course unique. Having remote whipe on a phone seems to fall in that category, so I am inclined to believe that some are telling the truth.

If even one is, it means that somewhere got compromised. Maybe they only have a few hundred accounts, but still, they probably do have the ability to do what they say they can do, and most users should change their passwords in any case.

can't be too careful...

Comment Re:Bluecoat (Score 1) 71

The root certs in question were not widely deployed and were revoked long ago not that that excuses the CA from issuing them.

It could still be useful if someone were to extract them on one of the few deployments in existence.....
Just because the cert has been "Revoked", does not mean people are not still running around with hardware or software that will trust it. Because many applications don't even bother to check for revocation, example: Firefox doesn't check CRLs, instead they have their own proprietary CRL service that only bothers with high-profile site names --- too much latency would be re-introduced by turning proper revocation checks back on.

Comment Re:DMCA doesn't work on patents (Score 1) 29

This is true, but an enterprise with an infringed patent would likely find some kind of Copyright claim to make in order to file a DMCA letter.
Then if the infringement claimed in the DMCA letter were disputed by the offender, the lawyers would bring up Both the copyright AND the counterfeit goods, trademark, and patent infringement issues.

Comment Re:Block on the phone. (Score 2) 74

I like the idea of moving as much decision making as possible to the phone, but I don't want a whitelist. That would require me to make the effort to whitelist people, plus having the prescient power of anticipating which strangers I want to hear from (e.g. whoever found my dog and called the number on her collar). I'm ok with getting a call from a stranger, as long as their "return address" isn't forged. If the return address is correct, and they are annoying, I can blacklist 'em. Allowing strangers to call me is the best default. Not perfect (it's easy to imagine some failure scenarios), but best.

Comment Re:So what? (Score 1) 392

This just removes the fig leaf. .. Anyone who's serious about security wouldn't rely on the ISP being on their side-- one would already be using strong encryption etc. for all communication if one were actually concerned about security.

This really is the best way to look at things.

If people want "privacy laws" then those laws shouldn't be about what's not allowed to happen; the laws need to be about what is required to happen (the goal being to encourage common sense practices, because nobody can protect your privacy for you.). Make it so that businesses and people can't access government's network services without going through a darknet, for example. Do not allow any plaintext email communication with the government. Put into "REAL ID" that the issuing authority also has to sign the identified person's key and include the fingerprint on the ID card. Don't allow government money to be spent on computers containing any software which can't be audited and maintained. And so on.

Don't make anyone protect their privacy overall, but do make it so that they have to pay lip service to common sense in any interaction with government (and then let convenience and economy of scale take it from there; lazy people will then do the right thing). Or, just don't have privacy laws since, obviously, we don't really care. Pick one or the other.

Comment Re:It's not about the screen size, it's field of v (Score 1) 127

I have a projector. When I watch a movie at home the screen is filling as much of my vision as a pretty large movie theater.

That's nice. I don't. I know exactly one person who does.

I also honestly have MUCH better sound, and that is with a middle of the range receiver with cheap speakers (but there are five of them plus a subwoofer).

Me too, although that puts me in a minority. I think my upstairs neighbours would get upset if I cranked it up to the level of bass I can physically feel; like I get in a cinema.

Sure. This is great for those who have a projector and a surround sound setup. And who absolutely have to see the latest movies. But then I can see pretty much anything older than 3 months for a fraction of the cost.

Comment Re:Municipal/County Fiber (Score 1) 171

That's pretty funny, since I'm looking at my last CenturyLink (telecom) bill and it contains a specific line item fee for "franchise at 3%."

Apparently my city can, and does, franchise the local telecom, despite this special "federal regulated" status they hold.

No..... For a Telecom, that is basically also what they call part of the basic permitting necessary for access to rights of way. FCC S-253 has allowed municipalities to impose their building codes, construction schedules, etc and charge a nominal fee to recover no more than their costs of managing the public right of way. The municipalities are not able to impose further obligations, For example, they cannot set out any questions or requirements about services, they cannot require financial information, They cannot make Approval or Denial based on the discretion of officials in the muncipality.

n Bell Atlantic-Maryland, Inc. v. Prince George's County, 49 F. Supp. 2d 205
(D.C. Md 1999)


Google Reducing Trust In Symantec Certificates Following Numerous Slip-Ups ( 71

An anonymous Slashdot reader writes from a report via BleepingComputer: Google Chrome engineers announced plans to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. Google's decision comes after the conclusion of an investigation that started on January 19, which unearthed several problems with Symantec's certificate issuance process, such as 30,000 misused certificates. In September 2015, Google also discovered that Symantec issued SSL certificates for without authorization. Symantec blamed the incident on three rogue employees, whom it later fired. This move from Google will force all owners of older Symantec certificates to request a new one. Google hopes that by that point, Symantec would have revamped its infrastructure and will be following the rules agreed upon by all the other CAs and browser makers.

Comment Sounds a lot like USB-Câ power delivery (Score 2) 65

My eyes kind of glazed over reading the description but none of this sounded like anything you can't already do with USB-C power delivery mode. You can already run a 1080p display off of your cell phone, both power and data on the same cable. If you hook it up to a capable hub you can plug in your mouse and keyboard too

Slashdot Top Deals

Why won't sharks eat lawyers? Professional courtesy.