Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Bad idea (Score 1) 385

Wait till your corporations trade secrets are leaked because the FBI's collector was insecure.

So the scenario is a someone is selling hard drugs / distributing child porn / etc from a corporate VPN? Wouldn't the FBI just ask the company to provide the logs and wouldn't the company gladly comply?

I don't think corporate VPNs will be much affected/troubled by this.. Only the VPNs that market themselves as hiding internet users are likely to be affected I would say.

Not saying whether that's good or bad, I've not got enough info to know. I would be interested to know why they don't want to give any details in these cases, since I can't think why it should be any more or less private than a regular wiretap (not "hack" as the title misleadingly states).

(It's 2015 and I still need to put <br /> for newlines.. Come on guys.)

Comment Re:As a content creator and an Australian (Score 1) 109

.. content creators (a.k.a. Hollywood)

I don't think this is / will be specifically aimed at Hollywood (we Australian's do have a small film industry).. I think that was just a rabble-rousing association made by someone who wants to whip up opposition.

That you're a content creator who wants his work protected and you oppose it because of an implication it's for Hollywood shows how effective this tactic is.

FYI I am also a content creator (software dev), but since I write business software that isn't distributed and my personal software is open-source, I do appreciate the benefits of the status-quot (though the proposal isn't particularly hard-line anyway), I don't have strong views on this. I just wouldn't get too foamy at the mouth about an implied association.

Comment Re: Idiot pruf (Score 1) 228

You'd need to exploit the browser in such a way that you can POST to the modem with a custom user agent set, that'd be a pretty serious exploit, and I'd be more worried about that. You could then use the modem to try and trick around with DNS to get on other machines, but it'd be hard to do transparently. It would all have to be pretty well tailored.

Anyway I'm not saying this isn't a security hole that needs to be fixed, but that the idea that this shows the need for increased regulation is nonsense.

Comment Re:Idiot pruf (Score 1) 228

I'd be more worried about your level of reading comprehension being recorded for posterity.. "If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you."
  • This bug is only exploitable if you enable WAN administration
  • All internet traffic involving money / confidential data should be (and pretty much always is) encrypted
  • If you are sending important unencrypted data over the wire you can just listen to the wire
  • Do you really want to pay for the routers you buy to go through a bureaucratic process to establish whether the software (including third party software) has been thoroughly tested? Should that include the component parts like the processors, thttpd, linux? What would that legislation look like? How would it be enforced for overseas companies?

You'd probably get equally indignant if such legislation actually passed based on your knee-jerk reaction and US router prices shot up. ("But what about the starving family with only $100 budgeted for their router?")

Comment Re:Will this stupidity ever end? (Score 1) 228

From d-link.com executive team page: "Born in 1952, Roger Kao graduated from Tamkang University with a degree in Electrical Engineering. He went on to earn his Master’s Degree in Electrical Engineering and Computer Science from National Chiao Tung University where he also served as an Associate Professor."

Really though if you don't know whether third party software embedded in a few of your huge range of products contains a hidden backdoor when a rarely used feature is activated what kind of CEO are you?

Comment Re:Idiot pruf (Score 0) 228

Yes government should get involved in the design of routers, and write laws about software code vetting. After all the huge extra costs would be absorbed by the shareholders, not us.

If you have a serious amount of money riding on your $100 modem/router/wifi being secure from within your own network then no amount of legislation is going to help you.

Comment Re:Tor compromised (Score 1) 620

Then again since anyone can be a tor node, and there are never enough tor nodes, and tor nodes are more likely to be used for shady activity, it just takes a decent percentage of tor nodes to be compromised and you can pretty quickly build a picture of who common clients are and who they are talking to. For a server it can't be too difficult, with government resources, to track someone down through tor nodes. I'd say with a decent sized botnet and enough time you'd be able to chip away at anonymity without much difficulty.

Slashdot Top Deals

Elliptic paraboloids for sale.