Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

briansmith Re:The problem is not Java (309 comments)

No matter what we do to the browser's TLS implementation, this attack would still be possible via Java, because Java has its own TLS implementation.

We are already working on proactively mitigating any improvements on the BEAST attack that could be made to work using native browser features that would be affected by changes to our TLS implementation. But, right now, there are no known ways to implement the attack using built-in browser features.

more than 2 years ago
top

To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

briansmith Re:Won't help (309 comments)

There may indeed be other vectors for an attack that use built-in browser features. However, some characteristics of how the browser manages connections and how it formats HTTP requests would defeat most (all, as far as we know at this time) variations of the attack that use built-in browser features.

more than 2 years ago
top

To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

briansmith Re:Totally overblown. (309 comments)

An applet cannot steal the cookies directly but it could cause the JVM to send the cookies in HTTPS requests on its behalf.

more than 2 years ago
top

To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

briansmith Re:Totally overblown. (309 comments)

The applet doesn't have to guess anything with the Java-based attack.

more than 2 years ago
top

To Stop BEAST, Mozilla Developer Proposes Blocking Java Framework

briansmith Re:Java still there (309 comments)

Implementing that workaround in the browser will not help when the attacker users Java, because the Java Plugin does not use the browser's TLS implementation; it uses its own.

An Oracle engineer is the one that came up with that technique for interfering with the exploit.

We are going to implement it. I am finalizing the patch now.

more than 2 years ago
top

New 'No Military Use' GPL For GPU

briansmith How about human rights-based licensing? (1109 comments)

Look at the BSD license, which contains the following clause: "Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution"

Imagine a modification of this license to also add this clause (lifted and slightly modified from the Apple Computer Inc. hiring policy):

"I support the equal rights of all people regardless of their race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, military or veteran status."

Would this be a good license? I think so. Notice that it doesn't prevent anybody from using the software, even if they disagree with the statement, as long as he keeps the clause intact when he distributes it. Yet, if the software presents this message in its slash screen every time it starts up, it sends a message. Not only is it saying that the creator and/or distributor believe in this message, but that the user does too, because it is on his/her computer.

The effect would be to discourage (not prevent!) people who do not believe in equal human rights from using the software. In particular, extremist evangelicals like Osama bin Laden, Jerry Falwell, Pat Robertson, Hitler, et al. would prevent themselves and their followers from using their software, but only by their own edicts, not through any action of yours.

more than 7 years ago

Submissions

briansmith hasn't submitted any stories.

Journals

briansmith has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>