Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:blacklists (Score 3, Insightful) 315

If this was so simple, you'd see spam blacklists being used that way. Wonder why that doesn't happen...? Right, because you have to spam to get on the list! And to get on the new list, you'd have to have an insecure IoT device in your house.

Still, it's not a good solution. Spamming blacklists hit email providers who better are professionals (and if not, it's a DAMN GOOD idea to block them anyway), while IoT users are primarily private people. You cannot expect them to do a full audit of every piece of junk they buy.

It's time to put the burden on the makers of those shoddy devices, not expect a CS degree from anyone who wants to use one.

Comment Prevent the participants (Score 5, Insightful) 315

It's been said before here, so allow me to offer a "how" for the obvious and already mentioned "secure the damn crap people hook up to the net".

This will only work with legislature. Sorry to all my libertarian friends here, but yes, there are times when the only way to sort out a problem is government intervention. These times are when you have to force people to do something for the "greater good" when they themselves would have a (smaller) profit from not giving a shit. And if there has ever been a good example, it's this. People don't give a shit about their IoT devices being insecure, because it does not affect them directly, but these insecure devices threaten the usability of the internet for all of us.

This is one of the reasons organizations like the FCC were created. Remember that sticker? Few people notice it nowadays because, well, it's a given that devices don't create harmful interference and that they don't go bananas if they are subject to any, but this was anything but certain in the early days of electronics. And no, that sticker itself doesn't do jack, of course, but it is a promise that the manufacturer has to live up to or face a heavy fine and ban of his device.

We need something like this for the IoT devices. "This device will not cause trouble on the internet and cannot be hijacked from there". Live up to it or see your device recalled. It pains me to ask for this, but it's time to create a government entity that deals with this. Or maybe hand it to the FCC so they start doing something useful again.

Comment Re:gloves? (Score 1) 417

Pretty much this. Aren't these the FIRST areas where I'd WANT a personalized gun? Rifles that cannot be looted by the enemy and be used against you? Undeniable proof who used the pistol to fire the shot in a shootout in a seedy neighborhood?

That is where anyone who puts his money where his mouth is would WANT such personalized and traceable guns.

Comment No, you cannot have an "alternative opinion" (Score 2) 627

At least if you are a professional in a field.

Because I would expect my professional to be at the level of current science and technology. I do expect my mechanic to think that sand isn't the best lubricant for my gear box, I do expect my doctor to know that it's not a good idea to sprinkle holy water that he got from the holy pond in his garden into my open chest wound and I do expect my IT security guy to know that it's not a good idea to let the new server sit on the ley line in front of our HQ for a night to absorb the good energies.

If you want to believe that, great. But get out of your field of work before you do. If you want to offer "alternative" stuff, move into that profession instead. I am sure there is a market for that too, else people would not have invented that snake oil. But if you are my nurse and responsible for working on my child, I do fucking EXPECT you to give him or her that MMR shots and not avoid it because you "don't believe in it".

Comment Re:Incidents vs. population? (Score 1) 269

Because people are stupid and don't understand statistics.

An example: Imagine there is an ultra rare disease that one in 100 million people gets. Now imagine there is a test for it with a 0.001% error margin (i.e. 0.001% of test results are false).

Is that test worth anything?

Comment Re:There's certainly a place for that, a ROI point (Score 2) 49

You can have us for a little over 1000 a day. And you can find a LOT of security flaws in a day. I dare say hiring a pentester for 2 days can close 80% of your security holes, and since they're going for the same low hanging fruits that black hats go for, this should make you safe, unless you're a high profile target where someone really, really, really wants to hack you and is willing and able to spend the time for that.

Slashdot Top Deals

In every non-trivial program there is at least one bug.