ISPs Violating Net Neutrality To Block Encryption
Mail servers can be configured to not offer login unless starttls is used. That should prevent a plain text connection. That still leaves open the issue of mitm with certificates that the client shouldn't trust. Are there any email clients that lock starttls to a specific certificate or warn that the certificate suddenly changed?
Banks Report Credit Card Breach At Home Depot
The chip and pin readers at Home Depot are not enabled. I had to swipe a card that had a chip. Maybe they will install the right software.
Scientists Find Traces of Sea Plankton On ISS Surface
If plankton was taken to the ISS via an updraft and it's viable (survived the delta V of impact). It would seem likely that impacts with passing objects that are above escape velocity could also occur. If that's true, plankton might be found all over the solar system.
Supervalu Becomes Another Hacking Victim
Do chip and pin cards even work in the US? I've tried at Home Depot, Staples, Walmart, USPS, and even a small haircut place and the cards don't work. One place even yelled at me for trying to use the chip slot.
Eavesdropping With a Smart TV
Watch out for Ethernet over HDMI bridging one device that has network access to another that you think doesn't have access.
Target Moves To Chip and Pin Cards To Boost Security
Citi sent me a chip card on request. I don't know if it's configured for chip/pin or signature. I've tried readers that have chip slots but I have yet to find one in the US that works. One company asked their supplier and was told the card slots were disabled.
My laptop can read the chip id but I don't want to try anything else since it might lock the card.
Security Industry Incapable of Finding Firmware Attackers
A good start would be a list of hardware vendors that sell equipment that have hardware jumpers or switches that write protect the BIOS and other flash devices.
Michaels Stores Investigating Possible Data Breach
I asked Chase and they didn't seem to know what I was talking about. Citi was able to replace my card with a chip/pin card. Get one before you travel or you might need to leave your stuff a a restaurant while going to an ATM.
NSA Says It Foiled Plot To Destroy US Economy Through Malware
I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....
Ask Slashdot: How To Diagnose Traffic Throttling and Work Around It?
It can be used for data logging and collecting stats. An old off-the-shelf method was to use an Ethernet to 15-pin AUI module and break off the transmit pin. Today it's easier to use port mirroring if you trust the hardware.
Ask Slashdot: How Do I Request Someone To Send Me a Public Key?
Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.
As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?
The New Ethanol Blend May Damage Your Vehicle
Don't put it in small engines either. The 10% stuff caused a leak in a generator fuel tank. It leaked at the shutoff valve/tank seal. The tank was almost empty or I might have lost the house.
Behind the Scenes At NASA's Mission Control Center
A familiar street name. You had a good location. I rented a room, just a few doors down, when I co-oped at JSC during the early 80's. It was a very easy commute.
Ask Slashdot: Stepping Down From an Office Server To NAS-Only?
Make sure your service agreement allows you to destroy a failed drive, for credit, instead of doing an RMA.
Ask Slashdot: Equipping a Company With Secure Android Phones?
I suspect that no off the shelf product is secure from the network side. The hardware needs to have two independent blocks: a communications module and a application module. The two need to be linked with a well defined API so that the communications module can't change the application code and there is a good point for an audit. There are probably regulatory issues like GPS to emergency services, not being able to hang up an emergency call, etc. You need to be able to load the application code from a secure interface with signed code etc. A smart card slot for application module key material would be a plus. Good luck trying to find one and good luck getting approval to sell one with these features.
Doctors "Fire" Vaccine Refusers
A lot of people must skip vaccines. I just received an email saying that basketball practice was canceled due to a measles outbreak. It's sad that we could probably eliminate many of these diseases.
The Gradual Death of the Brick and Mortar Tech Store
I wonder about Fry's too. Our local store hasn't restocked surface mount resistors in months. Nothing like paying for over night delivery to get a badly needed 470 ohm resistor just because the peg is empty.
Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?
Stop the trouble before it occurs: Make sure your service agreements allow you to destroy drives before getting an under warranty replacement.
Christmas Always On Sunday? Researchers Propose New Calendar
Metric won't happen without a really big stick. Fuel pumps would probably change in less than 24 hours if there was a 1% tax on sales measured in gallons.
Carrier IQ Software May Be in iOS, Too
There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.
wkk2 hasn't submitted any stories.
wkk2 has no journal entries.