Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Why do we need CAs at all? (Score 3, Interesting) 77

What you suggest exists. Its called DANE.
However browser vendors (like Google and Mozilla) have been reluctant to implement it because there are many real-world cases where DNS servers of various sorts simply dont support DNSSEC and DANE and also because DNSSEC and DANE use weaker 1024 bit keys in some places (chosen to keep bandwidth usage lower).

Comment Re:Municipal/County Fiber (Score 1) 172

The other reason the incumbents hate competition (even commercial for-profit competition) is that the new players often initially cherry pick the areas that are easiest to service. This then results in the cost-per-customer to service all the customers who remain with the incumbent goes up meaning the incumbent has to charge more to avoid making a loss on each connection (at the same time as the new player is likely undercutting the price the incumbent is charging)

Comment Re:What happened to the alternatives to SSL/TLS? (Score 1) 101

The way DNSSEC works is that everything ties back to the root namesevers and their special keys.
Unless you replaced the root DNS trust anchor in the OS/browser on every single system on your network (something that any well-written OS/browser should make it VERY hard to do) AND re-signed every single DNS request made through that network with a new set of keys chained off that new root trust anchor, you wont be able to defeat DNSSEC.

Its not like SSL where you can just add a certificate from your HTTPS-inspection tool into the root trust store on all the machines on your network (something that most browsers/OSs make easy to do) and MITM things that way.

Of course I could be wrong and there may be an easy way to MITM DNSSEC if you control all the end points AND the DNS server they talk to (but I cant find any evidence of that)

Comment What happened to the alternatives to SSL/TLS? (Score 2) 101

Various proposals have been put forward to replace various parts of SSL/TLS (including the broken CA model) with better things that can't be easily targeted with man-in-the-middle attacks.
The EFF has the Sovereign Keys project.
DANE stores security related information in DNS and is the subject of several RFC standards.
Other proposals exist to replace some or all of SSL/TLS as well.

Why are people out there in the real world (makers of web browsers and servers for example) not interested in implementing any of these alternatives to the current horridly broken system?

Comment Re:Microsoft's Actual Logic (Score 0) 419

Microsoft has a huge QA lab full of machines of all sorts where they run QA tests of every new Windows update that gets released. This would cover different CPUs, GPUs, motherboards, storage devices, peripherals and other hardware.

The fact is, you installed Windows 7 on a system where Microsoft clearly said "we wont support Windows 7 on this hardware".
Microsoft has clearly made the decision not to include Kaby Lake and Zen systems in the set of hardware they test Windows 7 patches on. Therefore, those patches are have not been tested by Microsoft on that hardware and Microsoft is within their rights to say "we haven't tested x update on y hardware configuration and in conjunction with their earlier "we wont support this" statement are within their rights to make Windows 7 patches not install on hardware configurations they haven't tested and don't support.

Again, I make the statement that if you bought a Kaby Lake or Zen CPU expecting to be able to run Windows 7 or 8 on it, you are stupid and should have bought hardware where Microsoft hasn't said "we wont support this OS on that hardware"

Comment Re:Microsoft's Actual Logic (Score 1) 419

Microsoft made the announcement that Windows 7 would not be supported on these newer chips before these chips were even available to buy. Anyone who still needed Windows 7 should have seen this and bought something with an older chip in it (or if you are a big company lots of things with older chips in them)

Comment Re:It's your own fault... (Score 1) 542

The only problem is that the GOOD TV seems to be axed after a few episodes and the crap TV keeps getting made for season after season. Pure Genius (one of the best shows of recent times) didn't even get a full season yet garbage like Survivor keeps being green-lit for season after crappy season...

Comment Re:I'll stick with HDDs for now (Score 1) 167

It doesn't matter if you have a HDD, an SSD, floppies, Zip disks, cassette tapes or stone tablets. Whatever you store your data on, if you dont have suitable backups your data is at risk.

Just because certain models of HDD may make noises in certain situations prior to failure doesn't mean HDDs are better than SSDs. I have had several HDDs go bust over the years without even the slightest hint that something was going to fail.

Slashdot Top Deals

"There are things that are so serious that you can only joke about them" - Heisenberg