×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Major Security Vulnerabilities Uncovered At Frankfurt Airport

Aethedor Re:Real terrorist threat level (82 comments)

Tell me how. You say it's easy, but I say it's only easy if we allow it. Yes, you can give me a 911 kind of story, but those are easy to prevent (close the cockpit door in thise case).

7 hours ago
top

Major Security Vulnerabilities Uncovered At Frankfurt Airport

Aethedor Re:Real terrorist threat level (82 comments)

Bingo! Image you were a terrorist, angry and filled with hate. What would you do? Hijack an airplane, place a bomb in a crowded train station or empty a gun in a supermarket? I'm sure it won't be the airplane hijacking, because that's just too much trouble. To see what threat level a country really has, don't look at the typical place the government is focusing on. Be creative, think like a terrorist and look for the weak spots. You'll find that from a technical point of few, it's very easy to commit a terrorist attack.

What makes it hard to do: find an idiot willing to sacrifice their own life for it. Yes, the middle east seems to be full of them. But you should know most people in terrorist organisations only joined them because them wanted to belong somewhere. No one wants to be alone. When family members joined the group, telling you all sorts of (false) stories about how great it is and how bad the other side is, it's hard not to go along. But that doesn't automatically make them people we should fear. Going with the flow is easier than doing something on your own. Fighting along side your fellows is easier than going to a foreign country on your own to commit a terrorist attack. Because that means you have to make decisions of your own, making up your own mind about it all instead of blindly following some leader.

Yes, I'm sure there will still be a few people actually traveling to another country and actually commit a terrorist attack. But how much damage can one person do? If he's successful he'll maybe kill ten people. How much of a threat is that? In the days after, more people are killed but other means but we don't speak of them. We're all used to those threats, they're part of our life. What makes a terrorist attack threatening, is that it's new to most people and we allow the media to blow it up to huge proportions. We believe every bit of fear the media spreads and we want them to spread fear, because that feels like the most natural response.

The best way to deal with the terrorist threat is to realize that it's very small and to accept that it's there. For most people count, you'll never ever see a terrorist in your whole life and they certainly won't get you killed. And for those few unlucky people who get killed by a terrorist, be lucky that you weren't killed by something as stupid as crashing your own car into a tree.

9 hours ago
top

Major Security Vulnerabilities Uncovered At Frankfurt Airport

Aethedor Re:You'd think they'd have learned (82 comments)

Yes, they did. They learned that that was just an incident, that it is impossible to guarantee 100% security, that even if 100% security was possible it would make flying very unpleasant, that you should not give in to terrorist threats and that driving a car is far more dangerous than flying and everybody accepts the risk of traveling by car. The last 25 years proof that they are right.

11 hours ago
top

Major Security Vulnerabilities Uncovered At Frankfurt Airport

Aethedor Real terrorist threat level (82 comments)

Given the fact that security at airports is not very good and nothing really bad has happened in the last decade, what does this tell us about the real terrorist threat level in Europe?

Don't let yourself get scared by politicians who rule by using fear. Learn from the hard facts!

12 hours ago
top

The Cost of the "S" In HTTPS

Aethedor Re:Yes (238 comments)

Caching: You can cache Facebook's images, stylesheets and Javascripts just fine.
Proxying: Not just fine. You need a man-in-the-middle proxy for that and its root certificate installed on every client. Otherwise, it's just routing, not proxying.
Firewalling: Firewalling based on hostname / port, yes. Firewalling based on bad content (malware), no.
Parental control: Same as firewalling. And blocking this kind of content is not only done by IP address, but often also by words in the hostname. This cannot be done when you can't read the hostname in the HTTP request.

about three weeks ago
top

Longtime Debian Developer Tollef Fog Heen Resigns From Systemd Maintainer Team

Aethedor Re:Not resigning from Debian (550 comments)

RemainAfterExit=yes

about a month ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

I agree with most of what you've said. However, I don't think it's lust for power, it's lust for money. Yes, the weapons industry was threatened by the Cold War ending and America needed a new enemy to keep that industry running. The terrorists became that new enemy. However, it's a relative small amount of people to whom this cause applies. The rest of us simply repeat and believe their call: fear the terrorists!

about a month ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

Personally, I believe mainstream media are partly to blame with their 24/7 "breaking now" mentality.

Of course, people started to become numb for that. Remember, the media's job is not to bring the news, but to sell the news. Keep that in mind when reading / listening to the news.

about a month ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

Politics is mostly to blame for that. Even here in the Netherlands we have awareness campaigns like 'Netherlands against Terrorism'. We don't have any significant terrorist threat in the Netherlands. None of us has ever seen a terrorist and will most likely never do. So, the only thing that campaign does is put fear in our minds.

about a month ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Re:Fear (58 comments)

I agree. But I also believe that if someone took the time and specially the courage the tell the people the truth, he/she would get even more votes. But to do so, that person first needs the proper understanding of this matter. And that's where the problem starts.

about a month ago
top

European Parliament Considers Sharing Passenger Information By Default

Aethedor Fear (58 comments)

And the reason for this all: fear. Fear for terrorists, fear for being held responsible, fear for the unknown. We live in a world in which we no longer accept any kind of risk. No matter how low that risk. Well, at least risks we are aware of. We fear terrorists, we fear ebola, we fear being robbed in the streets while at the same time we smoke, eat unhealthy food, practice dangerous sports and get in the car. Every day we do things that are more dangerous than the things we fear most.

Yes, terrorists should be stopped, but not at all cost. And there is no way to make 100% sure no terrorist will ever hit us. So, stop pretending we can! Stop wasting our time, money and privacy to give us false security! And if a terrorists hits us and kills 20 people, is say: that's bad but it isn't the end of the world. Life goes on. In the same time more people are killed for other reasons and we don't even hear about them!

Look at Boston. Despite all the anti-terrorist measures in America, it was still possible to do this kind of attack. And what happened to Boston? Nothing, they moved on. And that's how it should be done. Yes, it's easy for me to say because I haven't lost any family or friends in that attack. But that is the right way to look at it for politicians. Respond to it with logic and common sense and not with fear and emotion. Because that only makes it worse!

about a month ago
top

OpenBSD 5.6 Released

Aethedor Re:Thank you! (125 comments)

Penguins are simply parasites living on property no one wants anyway.

Than how can a penguin be a parasite?

about 2 months ago
top

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

Aethedor Re:PHP flame (76 comments)

What a cheap flame. And how not original. And you're wrong. SQL injections can be done with every language. To solve this, all it takes is a programmer who understands what he's doing and knows about a vulnerability that has been known for about 20 years and for which there is NO excuse for not knowing it.

It's not really hard do to it right, even in PHP. And there is a simple proof for that.

about 2 months ago
top

Drupal Fixes Highly Critical SQL Injection Flaw

Aethedor Re: It's not that hard to do it right (54 comments)

You might want to take a look how the Banshee PHP framework deals with SQL. With its SQL driver and the security_audit script, it's really hard to have an SQL injection error in your code.

about 2 months ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

Aethedor Strong passwords are irrelevant (549 comments)

Having a strong password is not really relevant. If it complies to the basic rules of password strength, it's good enough. Because cybercriminals will not try to guess or crack your password. They'll hack the server or your computer, probably via malware or an exploit. What's more important is: did the website developer stored the password in a secure way and did you use a different password for every website?

about 2 months ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

First, know that it's not that I think all CAs are bad and evil. It's just that I don't know them and I don't know their procedures. Every CA that I 'trust' but has issued certificates only to websites that I never visit is a potential threat. Because that trust can be broken but I don't suffer from removing them from my list.

If you want to do this right, request a list of issued certificates from every CA and check if you ever need a secure connection with any of those websites. If you do, keep the CA. If not, remote it. Because this is quite some work, the best thing to do is remove the obvious ones, like CAs from China, Turkey, Taiwan and other countries from which you don't visit websites, keep the ones you clearly need (likely CAs from your own country) and make your own choice about the rest.

about 3 months ago
top

Security Collapse In the HTTPS Market

Aethedor Re:HTTPS is not flawed (185 comments)

I encourage you to try PolarSSL. It's really good and easy to learn. I replaced OpenSSL with PolarSSL in my own open source project within a few days and the only thing I regret is not doing it earlier.

about 3 months ago
top

Security Collapse In the HTTPS Market

Aethedor HTTPS is not flawed (185 comments)

From a technological point of view, it's a good protocol. It works and when implemented correctly, it's very secure. However, a PKI is not much about technology. It's mostly about organisation. In other words, it's not about PK, but all about I.

And that's were most things go wrong. Yes, Heartbeat was about technology, but people who paid attention moved away from OpenSSL a long time ago. There are more than enough alternatives. GnuTLS and PolarSSL for example. Apple's gotofail was also about technology, but name me one piece of software that is 100% bug free.

The real problem with HTTPS is how it's organized. When I install a browser (or get one via the OS), I also get a shit load of CA's which I'm supposed to trust. CA's from China, Turkey, Taiwan and other countries from which I don't even speak the language. I will never need a certificate from one of those CA's, because I will never need a secure connection with any website protected by their certificates. If the people from Iran were wise enough to realize that they don't need Diginotar because they don't speak Dutch, they would never be at risk because of Diginotar's epic failure. The first thing I do when installing a web browser is get rid of all the irrelevant CA's. Just to be sure, just to be safe.

And that's what's wrong with HTTPS. That's what needs to be fixed. Trust shouldn't be imposed by a browser maker. Trust should be earned.

about 3 months ago
top

Remote Exploit Vulnerability Found In Bash

Aethedor Re:Not vulnerable (399 comments)

Never mind my previous post. The weblog article has been changed, so the claim of not being vulnerable seems to be false.

about 3 months ago

Submissions

Aethedor hasn't submitted any stories.

Journals

Aethedor has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?