Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - GlobalSign accidentally revokes root certificate, affecting 1000s of websites (

AmiMoJo writes: If you can't get to some of your favorite websites today, it's may not have a thing to do with your browser or ISP. The blame likely goes to GlobalSign, a Belgium-based security certificate provider. The company fouled up a clean-up of some of their root certificates links. This resulted in many "secure" websites showing up as being insecure and, depending on your web browser, unavailable.

The bad news is GlobalSign customers need to replace their SSL certificates. The really bad news is those same corrupt certificates are now on end-user systems. There they will block the affected sites for as long as week.

Comment Re: The worst? (Score 1) 140

Might be better to just patch the damn thing if you have access to it, or at the very least change the settings so that it can't be hacked by anyone else.

I seem to recall an ISP doing this some years back. They realized that the shitty Netgear mode/routers they had bought all had insecure wifi passwords. The password was a hash of the wifi MAC address, the thing that gets broadcast constantly in the clear. Anyway, they sent out updates to all devices to reset the wifi password to something really random and emailed users. They probably had a lot of support calls anyway.

Comment Re:Who should we blame? (Score 1) 140

Sounds like you want to ban real life protests as well. As all, what is a protest if not a DDoS on a particular location? The whole point is to block and area / road and make lots of noise so people can't ignore you.

Of course, most DDoS attacks are not protests, but you have to draw the line somewhere. Is manually submitting hundreds of bogus web forms censorship? What about sending thousands of letters to a TV company because a show was cancelled? That might make it hard for them to respond to other mail they are getting.

Personally I don't think a DDoS is a very effective form of protest, but at times it is a legitimate one.

Comment Re:Why bother with cops at all? (Score 1) 111

On-board AI might be preferable to a hackable radio. If someone breaks either the radio protocol or gets into the control system computers, they would have a read-made army of stun-gun equipped drones.

Could be a great way for Russia to turn the protests when Trump loses into riots, making out that the police started stunning people at random. Or just a toy for some 14 year old kid in Bulgaria.

Comment Re:Technical OR legislative? (Score 2) 125

The problem is that people buy stuff on eBay from China. It will be nearly impossible to block all those sales or hold the manufacturers to account.

In the EU at least the onus would be on the vendor, i.e. the shop that sold the thing, to ensure updates were available. Again, not that helpful for imports but perhaps eBay or Amazon could be made liable to encourage them to vet sellers. If that IoT toaster they sold 3 years ago was discovered to be vulnerable and no fix was available, the customer could return it for a partial refund. eBay and Amazon would have to be required to notify buyers too.

Comment Re:Who should we blame? (Score 3, Insightful) 140

Also the people who didn't change the default passwords. Looking at the list, most of the devices are not particularly insecure or anything, it's just that their owners did not change the default login credentials but did manage to expose them to the internet.

Also blame the engineers who didn't put in some interlocks, e.g. no requests from outside the LAN until the default password has been changed or simply force the user to change the password the first time they log in.

Comment Re:No it can't (Score 1) 150

They have made similar claims in the past. Back in the 90s I seem to recall that their fancy new computer would make predictions super accurate. In practice the Met Office seems to be one of the worst, far inferior to AccuWeather and the like.

In fact, the BBC recently ditched them, although I think it was mostly due to the cost rather than them being inaccurate.

Comment Needs improvement (Score 2) 66

I'm a long time Truecrypt user who recently tried Veracrypt. It's okay, some nice new features, but as this shows the devs don't seem to be security experts or even skilled at writing secure code.

It's also a little less stable than Truecrypt. I've had some system lockups that don't happen in Truecrypt with SSDs.

Comment Re:Yes, selecting the US president isn't "gossip" (Score 1) 326

This is a dangerous way to think.

It's similar to who people in the Soviet Union thought. Their leaders were liars, they told everyone things were great and look here's a circus to keep you entertained. Everyone knew they were lying because when they went to the shops they were mostly empty. The leaders knew that the people knew that they were lying, but everyone just carried on because they felt helpless to do anything about it and were so deep inside the system they couldn't imagine any way that it could work.

Western politics have become the same way. Politicians lie. We know they lie. They know that we know they lie. It's become the new normal. Instead of trying to deal with that, people turn to very obviously biased and obviously lying media outlets that seem to reflect their anger and frustration, while also telling them that they can't do anything about it.

I don't know how to fix it. The USSR had to collapse, but after a while went back to the same old ways under Putin.

Comment Re:Immediately turn phone off (Score 3, Interesting) 371

If your turn your phone off/reboot the moment the police turn up it means you can't film them with it. So you have to choose between filing and risking them grabbing it, or protecting your privacy.

Phones need a panic button. Say tap the power button three times quickly and it goes into a locked down mode where it records video as long as you hold the volume button down, and the moment you let go it reboots and all data is safety encrypted.

Kinda sucks that we need to use suicide bomber tactics now.

Comment Re:Supply and Demand - where is the demand? (Score 1) 380

Seems like it would be useful in an environment like a gun range where you aren't relying on it for safety. They need to get the cost down of course.

It might not have to be 100% reliable to be safer than carrying a normal gun either. Quite a lot of people, especially cops and people with children get shot by their own guns. At some point preventing that outweighs the danger of it not working when you need it.

Comment Re: Legal? (Score 1) 265

A sign warning of an electric fence if not enough in most cases. If it's right next to a public space where a kid might accidentally touch it, you are going to be held liable if negligence.

An inner fence on farm land, or protected by a normal fence is usually okay. It's all about how likely someone of limited ability (e.g. a child) is to see and understand the sign, or accidentally touch the fence when they fall off their bike or fall over drunk.

Slashdot Top Deals

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein