Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Yes. I've done essentially that. (Score 1) 293

Yep, the USB device (aka gadget) tells the USB host (computer) what kind of device it is. Newer phones equipped with USB OTG have the hardware to work as either end of the connection.

Some chips used in common USB memory sticks can be programmed to act as a keyboard, sending keypresses to the computer when someone plugs in the "flash drive". I built one of those myself, using a usb flash drive with my company's logo on it. If I were to leave that drive laying around the office, one of my co-workers would probably think that because it's one of a batch of drives the company ordered with the company logo on it, it's safe to plug in. They wouldn't know I altered it to work as a keyboard. Currently it's set to press the appropriate keys to rickroll someone, opening a browser to YouTube playing Rick Astley.

Comment Several vulnerabilities in corporate VPNs (Score 1) 44

There are a number of common vulnerabilities in corporate VPNs. The newest major ones, which came out in the last few months, are Sweet32 and a certificate validation bug. Aggressive mode IKE is also still quite common, though it's long been known to be less secure than desired. Just thinking about my recent experience testing corporate VPNs, without actually querying my database for exact numbers, I'd say around 50% of corporate VPNs are insecure to varying degrees.

The worst are the certificate validation issues - you can be using strong AES encryption, but talking to my spoofed endpoint and I don't even have to use a lot of CPU cracking the encryption.

Comment BEAST, CRIME, BREACH, Sweet32 etc (Score 1) 44

A large number of vulnerabilities require MITM as prerequisite. These are also the vulnerabilities most likely to go unpatched, as people think the requirement for mitm makes the attack much less likely.

In the last few years, just against https alone, and only considering high-profile, named vulnerabilities, we have BEAST, CRIME, and BREACH off the top of my head. There are twice as many that don't have cool names, they're known as CVE-2016-xxxx.

Perhaps you'll use a VPN. Some common VPN configurations are vulnerable to an attack called Sweet32.

In theory, using encryption you can communicate securely across an untrusted network. In practice, a man-in-the-middle makes securing the communication quite difficult.

Comment TEEX alpha and beta tests theirs, even small chang (Score 1) 49

I used to work at TEEX (which has some good free cybersecurity courses, btw) and they enforce a policy of alpha testing followed by beta testing. Even minor changes to already-released courses require an appropriate degree of testing. All changes must be approved by a separate department, a curriculum department which is independent of the departments which run the various types of courses.

Comment how "rogue"? (Score 2) 44

Why would a "rogue" access point that actually delivers your packets be bad? A non-moron already treats all networks more exposed than your cluster's interconnects as untrusted, this goes for granted for any public network you connect to -- especially at a security conference where there will be some attacks (even if not malicious).

Comment Re:Oh for Pete's Sake! (Score 3) 147

You need to stop pissing other people off.

How do I square that with expecting people to do at least the minimum? Should I just lower my standards so far that I suck their fucking cocks just for showing up at work and giving me bitch face? These people are grade "A" fuckups. And here's the thing, I'm more than willing to help. When the weird-ass prior mail carrier chick's classic Willys broke down, I was the only guy to stop and see if she needed help. I am polite, I smile, I say please and thank you. I do all the same shit that most of these fuckups don't bother to do. I get along great with the one postal employee who actually does her job with grace if not a smile (personally I think smiling is part of a customer service job, but I realize that people have shit days and so I don't care much) but if I rub some of them the wrong way by having some basic standards then that's just going to fucking happen.

I piss people off just by virtue of existing. I'm a gigantic part-Mexican with liberal attitudes who drives a German car in a redneck backwater full of hicks in sticks. And I do not go around telling people how backwards their ideas are, no matter how dumb I think they are. That's not my job and they don't give a shit. I treat people with more respect than they show me, and if they're not satisfied with the level of treatment they're receiving, then they can give a little more or they can fuck right off.

I stop and pick up hitchers, I stop and ask people if they're doing OK and I'll go back and get my tools and come back for them if they need me to. But I also expect people to know how to drive and keep to their side of the road and in general do their fucking job. If that's too high an expectation for you, you know where the door is.

Comment Re:TANSTAAFL (Score 1) 152

So it's not a personal law protecting your property because some other people have property too, but millions of people who work in creative industries are all getting special treatment?

If it's all so unfair, and the efforts of content creators are of such little value, the same laws do apply to you, and you're welcome to take advantage of them just like anyone else.

Comment Re:TANSTAAFL (Score 1) 152

I was with you until you said copyright hasn't benefitted us. Given that most of the best quality and most widely distributed creative content we produce today is supported through copyright in one way or another, I don't think that argument stands up in the face of the evidence. Just compare a summer blockbuster with an amateur movie on YouTube, or fan fiction with a bestselling novel, or most community-developed FOSS with its commercial competition.

Art surely wouldn't go away completely without copyright, but unless some other model was developed for funding all the people whose effort goes into making creative works under copyright today, it seems reasonable to assume that both quantity and quality would drop sharply. There's very little stopping anyone from adopting a better model today if they wanted to, including old school approaches like the patronage model that paid for most demanding works before we had things like copyright. And yet almost no-one does, and those who've tried rarely reach even the same order of magnitude of funding, which I think is a pretty strong argument that we haven't actually found a better model yet.

Comment Re:TANSTAAFL (Score 1) 152

That doesn't make sense. You're perfectly entitled not to pay for a copyrighted work that you don't find to be worth the asking price. What you're not entitled to do is have it anyway, even if you don't want to pay for it. If it truly has no value to you, then obviously the latter won't be a problem for you. But if you still want it even though you aren't willing to pay anything for it, it takes some serious mental gymnastics to argue that the work has value in one context yet not in another.

Slashdot Top Deals

Disc space -- the final frontier!