Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Not Suprising (Score 1) 33

In theory Multi-VA [letsencrypt.org] should still prevent getting a TLS certificate

Yeah, that's why I only said plausibly, rather than possibly, as it'd take that 1:20 shot to make it happen. But plausibly may be overstating it a bit, still.

Any certificates from LE would also appear in the certificate transparency log that currently only has EnTrust and DigiCert certificates. A few hundred pages' worth of certificates.

Given everything we've learned here, do you think they're actually monitoring CT logs? Or hiring a brand reputation service to do it for them? I would bet a lot of money on the answer to that question being no. As you said, asleep at the switch :)

Comment Re:Naturally (Score 2) 94

Hah - as soon as we can get people to understand that LLMs aren't actual intelligence, the better off we'll be. OpenAI has done some wonderful work and marketing with ChatGPT to make people believe otherwise, though. Once they understand what LLMs are (both their real value and their limitations), people can start actually leveraging them in their lives instead of thinking the models can answer all of the open questions of the universe.

Comment Re:You are mistaken. (Score 1) 4

I could be wrong, but a quick google search seems to imply that whitehouse.gov hasn't hosted mail services since the Obama administration. If you have anything that shows it has, I'd love to see it.

Note: I'm largely basing this on the fact that the comments@whitehouse.gov email address stopped being referenced after the W administration's website. I also found some old reports on dnsspy and such from years ago (including during the previous administration) that had no mx records at all.

Comment Incorrect (Score 1) 4

The abstract for that RFC makes it clear it's optional:

organizations which support email exchanges with the Internet are encouraged to support AT LEAST each mailbox name for which the associated function exists within the organization.

Emphasis mine.

Comment Re:Naturally (Score 2) 94

I have more faith we'll be on Mars in the near future than AI taking over human jobs. That said, I think some flavor of AI will be critical to the Mars mission - at least in a "here, bold-faced checklist items for you while we wait for signal delay to get us a message from Earth" kind of way. As it is today, these technologies are great enabler and force multipliers, but they're not human-replacements.

Comment Re:not a risk to our systems? (Score 2) 33

Reputational risk isn't the same everywhere. It's a much bigger deal for B2B, for example. But people absolutely care - Take a look at the flood of people that left LastPass after their large breach. It's harder for people to walk away from the big banks or retailers, so their impact is significantly reduced. But in any case, it's not just a myth. It just has to be taken in context.

Comment Not Suprising (Score 4, Insightful) 33

I'm not surprised that a company of that size had such an issue lurking -- but how many eyes have probably looked at that DNS record over the years and looked right past that typo? Something should have eventually seen it, even if it was just DNS propagation monitoring. But the claim that it created no risk? Absolute hogwash. Without trying, a threat actor could have gotten a fifth of the traffic headed to destinations that used that same NS record content... which looks like it included their own API gateways!

Submission + - Trump Pardons Silk Road Founder (nypost.com)

databasecowgirl writes: President Trump announced Tuesday night that he had granted a âoefull and unconditionalâ pardon to Ross Ulbricht, founder of the notorious dark web site Silk Road.

Slashdot Top Deals

"It's what you learn after you know it all that counts." -- John Wooden

Working...