Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Part of a botnet != ultimate attack target (Score 1) 161

Against a bandwidth consumption attack, patches to the machine that is the ultimate target of the attack are ineffective, but patches to the machine that would form part of the botnet are effective.

A firewall would take care of that.

Such a firewall would have to be installed at the ISP. Otherwise, the attack traffic sent by your unpatched, Internet-connected Windows PC would congest a subscriber's link, keeping legitimate traffic from getting even as far as the firewall. In addition, if the firewall is vulnerable to other attacks, your unpatched, Internet-connected Windows PC could be used as an amplifier to attack it.

I know of no IoT devices or any significant number of non-PCs that run Windows.

That's not the point. Your unpatched, Internet-connected Windows PC could be used as an amplifier to attack unpatched non-Windows non-PC devices that cannot be patched for some reason.

That is called "blaming the victim".

The existence of secondary liability and recklessness as a mens rea shows that at least some measure of victim blaming is the law of the land.

Comment Proprietary software makes anonymity unverifiable (Score 2) 28

Data is gathered and sent encrypted and in a completely anonymous fashion

Unless an application is downloaded from a repository that builds from public source, such as F-Droid, the end user has no way to verify this.

at no time is personally identifiable data shared with marketing companies or sold.

The end user has no way to verify this.

There will always be the tin-foil hat crowd that attaches some type of nefarious motive to such product improvement efforts

I think the fear is that a hostile government could subpoena private information in crash dumps and the like for a fishing expedition.

Comment 15 percent user share or revenue share? (Score 1) 128

Or you can just forget about iOS and loose only about 15% of the market

Is iOS 15 percent of the market by user count, or is it 15 percent of the market by revenue? There's a big difference. Assume for the moment that the mean iOS user spends $40 per year on apps, while the mean Android user spends $5 per year. Then 15 percent of the market by user count represents a 15 * 40 / (15 * 40 + 85 * 5) * 100 = 59 percent of the market by revenue.

Comment Re:Would you prefer an interpreted crypto library? (Score 1) 199

An add-on crypto library compiled to native code and distributed as a PHP extension

use an add on binary library that runs at full speed but that the user can install together with their scripts through dynamic loading

That depends on two things: whether the shared hosting provider has configured the interpreter to allow such dynamic loading, particularly from within the subscriber's home directory, and whether the shared hosting provider allows the subscriber to install a compiler and corresponding headers to compile said library. As the PHP manual states:

The main reason for turning dynamic loading off is security. With dynamic loading, it's possible to ignore all open_basedir restrictions.

Comment Re:Let's Compare App Stores (Score 1) 128

[Buying a Mac instead of another computer] Seems liike the most versatile and most economically smart decision.

Unless you rely on sharing a computer with someone else in the household, such as a college student not living on campus. In this case, the computer you already have is $0, while the Mac is $599+.

Comment Undervalued currency (Score 1) 128

I understand if you're a kid or teen and jobless and your parents are on a budget, but as an adult likely earning decent money working in the tech industry

Even if so, someone living in a developing country will still feel the effects of the country's currency being undervalued compared to the United States dollar or the euro.

Comment Re:Not silly at all, consider context (Score 1) 128

You can start by giving me a list of things you can do on your iPhone that I can't do on an Android.

Buy music from a recording artist who makes his work available through iTunes but not Google Play Music or Amazon Music.

Play Tiny Wings.

Communicate with other people who use FaceTime on a Mac, iPhone, or iPad.

Comment Part of a botnet != ultimate attack target (Score 1) 161

For one thing, patches are ineffective against a bandwidth consumption attack.

Then updates don't matter and shouldn't be forced.

I was unclear. Against a bandwidth consumption attack, patches to the machine that is the ultimate target of the attack are ineffective, but patches to the machine that would form part of the botnet are effective.

I'm told a lot of these attacks target Internet-exposed devices other than PCs, such as modem-routers and older smartphones.

Then that has nothing to do with Windows updates and they shouldn't be forced.

They have much to do with Windows updates if a botnet is used to "target Internet-exposed devices other than PCs", and the machines that would form part of the botnet run Windows.

How do you think new vulnerabilities come about?

New vulnerabilities tend to be introduced with new functionality, not with patches focused solely on security.

The user is the only person who should get a say in what happens on their computer.

By that reasoning, the user should be held responsible and liable for all use of the user's computer as a botnet agent. If someone adds your unpatched computer to his botnet, and someone uses your computer to DDoS someone, you should go to jail for recklessly participating in said DDoS.

Comment Bandwidth consumption; no root; nonexistent patch (Score 1) 161

Are those other people unpatched too?

For one thing, patches are ineffective against a bandwidth consumption attack. For another, I'm told a lot of these attacks target Internet-exposed devices other than PCs, such as modem-routers and older smartphones. An ISP subscriber might not have authority to make and apply updates to the modem-router that the subscriber is leasing from the ISP, and the ISP might have neglected to do so. Or an update might not exist at all.

what happens when the attacker takes advantage of a vulnerability that is introduced by an update?

Is this nearly as common as an update removing a vulnerability?

Slashdot Top Deals

"The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay." -- Arthur Miller

Working...