Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Man-In-the-Middle Vulnerability For SSL and TLS 170

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

Comment Re:Stupid license. No thanks. (Score 1) 419

The prohibition has no effect on being able to verify the claim. If you were allowed to disassemble, what would you expect to get out of that? Assembly. You will always get assembly from a disassembler so doing that neither proves nor disproves anything. You would need the original assembly source to compare against. And if you had that, you may as well simply examine it to see that it is all assembly and assemble it to verify that it works.

Having the 32 bit sources available is enough for me to believe their claims about the 64 bit sources also being entirely assembly. Their decision to license 64 bit differently from 32 is a different question altogether though.

Comment Re:Depressing, but not uncommon (Score 1) 1251

100 is the average of the population as a whole. But if you consider any subset of that population, ie. university/college graduates, the average of that subset may be significantly different from the average of the entire population.

That said, I find the claim that US college grads have an average IQ of 95 to be very unlikely. That would be saying that college grads are less intelligent than the general population.

The Internet

Wikimedia Simplifies By Moving To Ubuntu 215

David Gerard writes "Wikimedia, the organization that runs Wikipedia and associated sites, has moved its server infrastructure entirely to Ubuntu 8.04 from a hodge-podge of Ubuntu, Red Hat, and various Fedora versions. 400 servers were involved and the project has been going on for 2 years. (There's also a small amount of OpenSolaris on the backend. All open source!)"

One of the Coolest Places In the Universe 338

phantomflanflinger writes "The Cern Laboratory, home of the Large Hadron Collider, is fast becoming one of the coolest places in the Universe. According to news.bbc.co.uk, the Large Hadron Collider is entering the final stages of being lowered to a temperature of 1.9 Kelvin (-271C; -456F) — colder than deep space. The LHC aims to re-create the conditions just after the Big Bang and continue the search for the Higgs boson."

Comment Re:In the US no one wants to buy light cars (Score 1) 1320

I'm a cyclist and admitedly bend the traffic laws a bit. Less than some, more than others perhaps. I'm not going to attempt to justify doing that. However, on the whole, I believe that I have a better awareness of the traffic around me than drivers do. Knowing that I'm in a vulnerable position relative to those in the cars is incentive to pay attention.

Just the other day I was approaching an intersection in which I had the right of way (no stop sign) and saw a vehicle slow down, the driver looked the other direction, and then continued through his stop sign without looking my direction. I slammed on my brakes and we nearly hit in the intersection. I was travelling downhill roughly at the speed limit and would still look at each intersection I passed to check for bad drivers. I think that would be an uncommon thing for drivers to do.


Submission + - Canadian Class-action Cellphone Suit Is Approved (msn.ctv.ca) 2

BeanBunny writes: A Saskatchewan, Canada court has ruled that a $12 billion class-action suit can proceed. The suit alleges that "system access fees" that the cellphone companies have charged ($7-9 per month) are unfair and constitute price gouging. From the article: "It is described as the largest class-action in Canadian history, potentially affecting every cellphone user in the country. Currently, there are 7,500 complainants signed onto the suit."

Slashdot Top Deals

Anyone who imagines that all fruits ripen at the same time as the strawberries, knows nothing about grapes. -- Philippus Paracelsus