Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Openwall Linux 3.0: no SUIDs, anti log spoofing (openwall.com) 2

solardiz writes: Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source.

Comment Re:I wonder... (Score 1) 1172

Nope, it's available :) $ whois didglennbeckrapeandmurderayounggirlin1991.com [Querying whois.verisign-grs.com] [whois.verisign-grs.com] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net/ for detailed information. No match for domain "DIDGLENNBECKRAPEANDMURDERAYOUNGGIRLIN1991.COM". >>> Last update of whois database: Tue, 10 Nov 2009 16:15:08 UTC

Comment Re:A nice piece of work (Score 1) 300

"The weakest trusted CA in the world compromises the entire public key infrastructure."

That's a slight overstatement. It compromises the entire public key infrastructure for which that CA is the root of trust.

If you removed all MD5-enabled CAs from your trusted roots list, you remove the potential of being fooled by a forged cert. Certs issued by other CAs, unaffected by the brute-force MD5 collisons, remain as trustworthy as they ever were.

Granted, for most people the chain of trust ties back to the default CAs that ship with their browser, and if any of those CAs is vulnerable, your faith in any cert validated as 'trusted' by your browser goes down, and most people don't bother looking at what CA issued the cert so long as their browser deems it trustworthy, but it's a little more nuanced that 'compromises the entire PKI infrastructure.'

I suspect browser patches will be out soon, removing trust for affected CAs entirely, not trusting them past a certain date, or at least giving warnings when MD5 signature verification is found along the chain of trust.


Submission + - TiVo 3 & HD to get TiVoToGo and Multi-Room Vie (tivocommunity.com)

MBCook writes: "A post on the TiVo Community Forum by TiVoPony this morning confirmed that the Series 3 and TiVoHD boxes will receive a software update (planned for November) allowing both Multi-Room Viewing and TiVoToGo. The update will also contain a feature letting you move videos from your PC to your TiVo so you can watch them on your TV, unofficially named TiVoToComeBack."

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)