If you want to self-sign then set up your own trusted signer (not hard!) and distribute the signer public key to people before they use the service.
You mean, set up your own CA, and ask your customer to trust that?!?
Most would probably be naive enough to trust it...not realizing that they gave you the power to forge the certificate of their bank as well.
It's far preferable to ask them to just trust the web server certificate ("make an exception for"). That way, the web server operator does not get the power to seemlessly forge certificates for other domains.
So... say, YouTube would be responsible for the Mediaset video clips users uploads, and would have to carry the cost of censoring its users.
And why exactly would YouTube or Google care? It's not exactly as if the Carabinieri would invade the Googleplex in Mountain View to make them pay up damages.
If even the mighty Chinese can't their way with Google, how can the puny Italians hope for same?
The only law valid outside of its country is the US law, indeed that's the only country which has the military might to back it up.
when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it.
In addition to being an annoyance, this is a huge security hole.
Indeed, if this malware can append an URL to the pasted text, it can append anything. Just imagine attempting to paste some bit of information into a command line (filename, URL for wget,...), and this piece-of-shit script adds \nrm -rf $HOME\n to the selection. This nonsense is a clear sign that the javascript craze has gone way too far. Javascript should never be allowed to interfere with basic controls such as selecting and copy-pasting.
... so NASA taps into Micro$oft's advertisement budget instead!
Where most here see only sheer stupidity, what this really is is an astute solution to a very real problem: tight-ass goverments who have no dime to spare for research!
And what does this have to do with breaking an encryption scheme that was possible because Microsoft is just bad software?
Maybe, that it's necessary to define properly what the system is. Your USB stick is plugged in into a computer that is powered by electricity generated by the public power monopoly regulated by the US Department of Energy.
Now, does the Department of Energy need to be audited in order to certify the USB stick? Obviously not.
Does the computer need to be audited? It depends...
Does the password entry program that does come with the stick need to be certified? Apparently yes, as has been shown by this incident.
Or does it?
No, not really, because the problem was not one of vulnerability in that program (such as password being able to be spyied upon by a memory reader or keystroke logger), but rather in the specification (to what decryption string should a password map ==> in this case the string was a constant, so obviously not secure).
This distinction is important to make, or else some really stupid vendors will use security as an excuse to lock down their hardware so much that it can only be used on an OS which is a prime target for keystroke loggers. Be careful what you wish for!
What really should happen is that vendors of hardware encryption devices should provide specifications, and maybe open-source reference implementations of their external password entry programs. These specifications should then be audited to make sure that they make sense (no "constant unlock string", or weak password hashing functions). Ideally, the entry program should even pass the password as is to the device, and any downhashing should happen securely within the device.
...I would go a bit further: I don't want my naked image to be seen by anyone. Unless I was a porn star, which I'm not (and not intending to be one through this technology).
I guess then you would never go to a sauna, be seen by a doctor, and that during sex, your wife (or husband) is blindfolded...
It's attacking the integrity of the human body
Were you born with clothes on? Your body has the same integrity with or without clothes, clothes are not part of it.
I thought the big complaint on Linux was you couldn't run Firefox in 64-bit mode with 32-bit plugins (hence the 32-bit Flash complaint).
Unfortunately, this Gemalto middleware is also (a kind of) Firefox plugin.
I thought Linux in 64-bit mode could run legacy 32-bit application just like Windows. Am I wrong about this?
You can run 32 bit applications on a 64 bit system, but you obviously can't mix 32bit and 64bit within a single executable (...hence the problem with Firefox plugins).
Or are there, say, compatibility issues using 32-bit and 64-bit libraries, or something of that nature?
If you want to run 32 bit applications on a 64 bit system, you need to install 32 bit libraries (usually under/lib32 and/usr/lib32) in addition to your normal 64 bit applications.
Well, you can install a 32 bit Firefox (hosting 32 bit plugins) on a 64 bit system, and that's basically what I do in order to use my Lustrust crypto stick. But it's a hassle. A real 64 bit version would be so much easier.
The funny part is that this kind of software (and the companies that make it) must be audited by consultants specifically habilitated to do this kind of auditing (such as BSI...). In order to guarantee that the auditors have the necessary skills and integrity to perform such audits, they have to be audited and certified themselves by yet other consultants, who in turn get audited by even higher level auditors. Turtles all the way down...
But somehow, all this auditing, code reviewing and certification doesn't manage to uncover a simple date encoding bug.
It's actually worse: if during routine maintenance, a employee, partner or customer stumbled across the bug, he would be dismissed as mistaken, because such bugs are just not possible, or else the very strident auditing would have caught it.
... and now, the emperor is standing there alone on hangman's hill, without his underwear, trying hard to conceal a huge hardon with his hands... What the hell did happen to his fine clothes?
Yes, how horrible it is that for a brief moment in time, people had to revert to an older way which just works (albeit slightly more slowly).
Yes, but in 1980, there were far more bank clerks around to dispense cash over the counter... So the "older and slower" way actually got much slower than it used to be...
Heck, if you could only have a working 64bit flash plugin on Linux, all Linux users would go 64bit already.
The flash plugin is not the only binary thing missing on 64 bit Linux.... and it's quite ironic to see this kind of comment after an article about Gemalto.
These people would rather give you a blowjob than recompile their Linux driver on a 64 bit CPU!
who would have predicted that the Mayan calendar was really right? Glad I loaded up on all the MSFT back in '10.
Although I agree that MSFT performing well would be quite a (figurative) catastrophe, but in case of a real catastrophe, what good does it do to load up on any kind of stock certificate?
And yes, stock certificates are generally printed on paper that's far too stiff and not absorbant enough for the "obvious" purpose...
It's very similar to the problems faced by health services on occasions like the H1N1 vaccination program. If the vaccination efforts are successful, and no alarming wave of deaths hits the world, then "obviously it was oversold and all those vaccination programs are money down the drain".
The difference being that the Y2K fixes were indeed performed, but hardly anybody got a vaccination. The doses just sit unused in a cabinet, and will be flushed down the drain in a couple of years when they will be expired. But despite this, there was still no huge wave of death, and still lotsa moolla in the coffers of the pharma industry.
Slashdot Mirror
The Nokia E61i that I bought 2 years ago does SSL Imap out of the box. Probably nowadays all non-Microsoft and non-Apple smartphones can do it too.
If you want to self-sign then set up your own trusted signer (not hard!) and distribute the signer public key to people before they use the service.
You mean, set up your own CA, and ask your customer to trust that?!?
Most would probably be naive enough to trust it...not realizing that they gave you the power to forge the certificate of their bank as well.
It's far preferable to ask them to just trust the web server certificate ("make an exception for"). That way, the web server operator does not get the power to seemlessly forge certificates for other domains.
O, it's just a pumpkin :-(
Here's the real address goatse.fr. Doesn't Mr Sarkozy have a lovely face?
Methinks a decompiler would be a more viable option. Some people do indeed take their NDAs way too seriously!
As long as they won't annoy the little dwarf, this site won't be shut down. And even if, a mirror will just spring up in another country.
So... say, YouTube would be responsible for the Mediaset video clips users uploads, and would have to carry the cost of censoring its users.
And why exactly would YouTube or Google care? It's not exactly as if the Carabinieri would invade the Googleplex in Mountain View to make them pay up damages.
If even the mighty Chinese can't their way with Google, how can the puny Italians hope for same?
The only law valid outside of its country is the US law, indeed that's the only country which has the military might to back it up.
Screw the corporations that got locked into IE
Indeed. These corporations deserve to die, and the world will be a better place for it! Darwin knew this already more than a hundred years ago!
The risks have to outweigh the benefits.
Make the risk bigger. If you run a web site, any web site, just put Aurora on it. This madness has to stop, and the earlier the better!
Can I have some of what you are smoking?
when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it.
In addition to being an annoyance, this is a huge security hole.
Indeed, if this malware can append an URL to the pasted text, it can append anything. Just imagine attempting to paste some bit of information into a command line (filename, URL for wget, ...), and this piece-of-shit script adds \nrm -rf $HOME\n to the selection. This nonsense is a clear sign that the javascript craze has gone way too far. Javascript should never be allowed to interfere with basic controls such as selecting and copy-pasting.
Where most here see only sheer stupidity, what this really is is an astute solution to a very real problem: tight-ass goverments who have no dime to spare for research!
Well, the 2nd most. The most invasive search requires rubber gloves.
Well you'll have to wait until after June 13th 2012 for this, when Mustafa Ben'Ahmed will try to detonate a bomb hidden in his ass by farting.
1 year ago, it wasn't.
Might as well preinstall botnet clients at the factory.
No, that would be HP.
And what does this have to do with breaking an encryption scheme that was possible because Microsoft is just bad software?
Maybe, that it's necessary to define properly what the system is. Your USB stick is plugged in into a computer that is powered by electricity generated by the public power monopoly regulated by the US Department of Energy.
Now, does the Department of Energy need to be audited in order to certify the USB stick? Obviously not.
Does the computer need to be audited? It depends...
Does the password entry program that does come with the stick need to be certified? Apparently yes, as has been shown by this incident.
Or does it?
No, not really, because the problem was not one of vulnerability in that program (such as password being able to be spyied upon by a memory reader or keystroke logger), but rather in the specification (to what decryption string should a password map ==> in this case the string was a constant, so obviously not secure).
This distinction is important to make, or else some really stupid vendors will use security as an excuse to lock down their hardware so much that it can only be used on an OS which is a prime target for keystroke loggers. Be careful what you wish for!
What really should happen is that vendors of hardware encryption devices should provide specifications, and maybe open-source reference implementations of their external password entry programs. These specifications should then be audited to make sure that they make sense (no "constant unlock string", or weak password hashing functions). Ideally, the entry program should even pass the password as is to the device, and any downhashing should happen securely within the device.
...I would go a bit further: I don't want my naked image to be seen by anyone. Unless I was a porn star, which I'm not (and not intending to be one through this technology).
I guess then you would never go to a sauna, be seen by a doctor, and that during sex, your wife (or husband) is blindfolded...
It's attacking the integrity of the human body
Were you born with clothes on? Your body has the same integrity with or without clothes, clothes are not part of it.
I thought the big complaint on Linux was you couldn't run Firefox in 64-bit mode with 32-bit plugins (hence the 32-bit Flash complaint).
Unfortunately, this Gemalto middleware is also (a kind of) Firefox plugin.
I thought Linux in 64-bit mode could run legacy 32-bit application just like Windows. Am I wrong about this?
You can run 32 bit applications on a 64 bit system, but you obviously can't mix 32bit and 64bit within a single executable (...hence the problem with Firefox plugins).
Or are there, say, compatibility issues using 32-bit and 64-bit libraries, or something of that nature?
If you want to run 32 bit applications on a 64 bit system, you need to install 32 bit libraries (usually under /lib32 and /usr/lib32) in addition to your normal 64 bit applications.
Well, you can install a 32 bit Firefox (hosting 32 bit plugins) on a 64 bit system, and that's basically what I do in order to use my Lustrust crypto stick. But it's a hassle. A real 64 bit version would be so much easier.
But somehow, all this auditing, code reviewing and certification doesn't manage to uncover a simple date encoding bug.
It's actually worse: if during routine maintenance, a employee, partner or customer stumbled across the bug, he would be dismissed as mistaken, because such bugs are just not possible, or else the very strident auditing would have caught it.
Yes, how horrible it is that for a brief moment in time, people had to revert to an older way which just works (albeit slightly more slowly).
Yes, but in 1980, there were far more bank clerks around to dispense cash over the counter... So the "older and slower" way actually got much slower than it used to be...
Heck, if you could only have a working 64bit flash plugin on Linux, all Linux users would go 64bit already.
The flash plugin is not the only binary thing missing on 64 bit Linux.... and it's quite ironic to see this kind of comment after an article about Gemalto.
These people would rather give you a blowjob than recompile their Linux driver on a 64 bit CPU!
who would have predicted that the Mayan calendar was really right? Glad I loaded up on all the MSFT back in '10.
Although I agree that MSFT performing well would be quite a (figurative) catastrophe, but in case of a real catastrophe, what good does it do to load up on any kind of stock certificate?
And yes, stock certificates are generally printed on paper that's far too stiff and not absorbant enough for the "obvious" purpose...
Two digits is fine, now ... until we approach 2100.
Wrong. It's only fine until we approach 2010. "Microsoft... nothing is impossible!"
It's very similar to the problems faced by health services on occasions like the H1N1 vaccination program. If the vaccination efforts are successful, and no alarming wave of deaths hits the world, then "obviously it was oversold and all those vaccination programs are money down the drain".
The difference being that the Y2K fixes were indeed performed, but hardly anybody got a vaccination. The doses just sit unused in a cabinet, and will be flushed down the drain in a couple of years when they will be expired. But despite this, there was still no huge wave of death, and still lotsa moolla in the coffers of the pharma industry.
Does a bigger brain necessarily mean they had a higher IQ?
Yes of course. That's why horses are so smart: they've got bigger heads.
But compared to elephants, they look downright stoopid...
respite from pollution by covering up the accumulated gunk with white?
I guess you have never seen snow in a city. Hint: it won't stay white for long...