jhaar - Slashdot User

Comment Re:iDrive has the same problem (Score 1) 176

by jhaar on Thursday July 24, 2014 @12:47AM (#47520619) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

You're still paying money with those concerns?? Just move your money (and data) to SpiderOak and be happy: good client-side crypto can be done properly.

Comment Do you trust Phil Zimmermann? (Score 5, Informative) 237

by jhaar on Tuesday July 24, 2012 @01:29AM (#40745833) Attached to: Microsoft Won't Say If Skype Is Secure Or Not. Time To Change?

Then check out his latest venture

https://silentcircle.com/

Comment Re:Why should we trust openssl? (Score 5, Informative) 53

by jhaar on Thursday November 24, 2011 @06:56PM (#38161426) Attached to: Dutch Government Officially Trusts OpenVPN-NL

you don't know what you're talking about. Openvpn was never affected by the "renegotiation bug" as it doesn't use SSL for that component. As it runs over UDP and TCP, it had to come up with its own way of doing that - hence no problem.

That in combination with HMAC authentication makes it basically immune from that issue anyway...

Comment Re:Hard shell, gooey centre security obsolete (Score 3, Interesting) 123

by jhaar on Friday February 19, 2010 @09:27PM (#31206802) Attached to: Windows 7 Can Create Rogue Wi-Fi Access Point

Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?

Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?

Just wonderin...

J

Attack On a Significant Flaw In Apache Released 203

Posted by kdawson on Friday June 19, 2009 @10:17AM from the take-it-slow dept.

Zerimar points out a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. From Rsnake's introduction to the attack tool: "In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools."

Comment Re:The Six Million Dollar 'Net. (Score 1) 254

by jhaar on Thursday March 15, 2007 @10:59PM (#18370935) Attached to: Researchers Scheming to Rebuild Internet From Scratch

FYI: it's "better, stronger, faster"

(dee-doop, dee-dee, dee-doop, dee-dee, DA DA DA DA DAAAAA!....)

Slashdot Top Deals