Have a habit of overreacting to kids and not having any clue how a bomb would actually be detonated. Sad thing is they'll probably miss the real thing if it's ever in front of them. Glad I don't live there anymore.
This is typical when something goes end-of-life (EOL). They're not "breaking" it, they're just not supporting it anymore. Even if they did "break" it users would have to update to the broken and version and when it didn't work they'd just move back to the previous version.
What's irresponsible is users not knowing (or caring) about what third party software they're using and whether it's secure or not.
"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."
No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.
"There is absolutely no difference in having a billion devices with the same keys/certificates and trying to use the data of all transmissions to them to crack them (reversal them) versus a singe certificate like google.com's and having billions of connections per day to that single point."
Sure there is. It means if I can pwn ANY of those devices from any vendor then I can attack ALL of them. I as vendor A may have gone to the expense to make sure no one can read my firmware. But cheap ass vendor B over there did not. My software supplier provided the same cert to both of us. Now, a vulnerability in his product can be used to attack mine. THAT is the difference.
... this is a case of the squeaky well gets noticed.
I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.
is a license to break the law. Cops need to be held accountable for their misdeeds, just like everyone else. Maybe the cops that are afraid to be recorded don't know how to do their jobs while following the law.
Slashdot Mirror
Have a habit of overreacting to kids and not having any clue how a bomb would actually be detonated. Sad thing is they'll probably miss the real thing if it's ever in front of them. Glad I don't live there anymore.
It might be, but which is the greater wrong?
Yeah, but the Supreme Court can always reverse itself. Just ask Marco Rubio.
The Net interprets censorship as damage and routes around it.
"... he is a widely respected University of Chicago faculty member writing in Slate."
He may be less respected after publishing that article.
I think we should have an intelligence test to be allowed to vote...
You really don't understand this, do you?
This is typical when something goes end-of-life (EOL). They're not "breaking" it, they're just not supporting it anymore. Even if they did "break" it users would have to update to the broken and version and when it didn't work they'd just move back to the previous version.
What's irresponsible is users not knowing (or caring) about what third party software they're using and whether it's secure or not.
"After six months, manufacturers have failed to fix the issues."
That kind of crap will eventually cause Congress to enact legislation to make manufacturers liable for unpatched vulnerabilities.
And he revealed very legal spying techniques. You forgot to mention that.
AES used in GCM mode is essentially a stream cipher.
I think that simple fact escaped him.
"The public/private key encryption is used in the beginning of the handshake to exchange a stream cypher usually something like DES."
No one with an ounce of up to date crypto knowledge uses DES. Perhaps you meant AES.
"There is absolutely no difference in having a billion devices with the same keys/certificates and trying to use the data of all transmissions to them to crack them (reversal them) versus a singe certificate like google.com's and having billions of connections per day to that single point."
Sure there is. It means if I can pwn ANY of those devices from any vendor then I can attack ALL of them. I as vendor A may have gone to the expense to make sure no one can read my firmware. But cheap ass vendor B over there did not. My software supplier provided the same cert to both of us. Now, a vulnerability in his product can be used to attack mine. THAT is the difference.
lol
And maybe the Russians were wrong or lying. And that's just one instance troll.
Yeah, really. It went into how we spy on other governments - which is not illegal.
"No one is saying Do NOT spy. It's spy on a smaller set of people."
And the people they concentrate on is a much smaller set. It's not like they're recording everyone's conversations.
And one way you get a VALID reason to really look at someone is by mass surveillance, looking for anomalous things.
If the Snowden revelations had been confined to "illegal government surveillance" I would agree, but it went far, far beyond that.
"Instead of concentrating on real threats"
They don't know who the real threats are. It's kind of hard to know who the real threats are without spying on people...
Bzzt. Wrong answer. They're (apparently) not YOUR definition.
lol Dude, I've been working doing products for nearly 30 years now.
... this is a case of the squeaky well gets noticed.
I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.
If you don't have security then you can't know that the system is doing what you want...
With a really long passphrase with weird characters. They'll spend the rest of the natural lives waiting for it to be cracked.
"Just use it as an editing and remote-access tool over a secure connection or to a USB stick you don't expose to search procedures."
Forget the "secure" connection. There's a much larger attack surface there for people to exploit.
is a license to break the law. Cops need to be held accountable for their misdeeds, just like everyone else. Maybe the cops that are afraid to be recorded don't know how to do their jobs while following the law.