The way I see it this problem comes down to detecting MITM attacks, not trying to prevent them.
People need easy, automated ways to communicate with each other to check if they're seeing the same public keys as everybody else.
If we use other site's certificates to sign the certificates being compared it will become exponentially difficult for the NSA to intercept and alter the information arriving at your PC. Only need ONE good certificate needs to get through and the whole attack against you will fail. . That one good ones should come from your browsing history. The most trustworthy certificates are the oldest ones because it's very difficult to alter history no matter how big your spying budget is..
Webs of trust rely on humans to make them work. Humans are fallible, evil, can be bribed to change sides, etc.
Look at Tor. Tor works when there's not many evil nodes but the evidence is that the NSA is setting up tens of thousands of their own nodes all over the place. The chances of not going through several NSA-owned nodes is very slim.
So what? It's not Sony's nor anyone else's responsibility, to make that OEM version of the software work with something else. If you don't like it, buy the parts and build your own computer.
People have been hashing passwords since the 1970's. It's a solved problem, one extra line of code and all programmers know about it.
If these sites are storing passwords in plain text it's because they WANT to store them in plain text. They're using them for something (eg. sniffing people's email/Facebook/bankaccount/whatever).
No amount of crypto theory is applicable to these sites because they're not interested in it.
I can't understand in any way, that a site that size can be running with plain text passwords. In 2012.
Don't attribute to stupidity anything which can adequately be explained by malice.
Maybe somebody wanted your password. Lots and lots of people use the same password for everything. Maybe these sites were using people's passwords to sniff their Facebook accounts, their email, who-knows-what...?
It really is the way some CEOs think, and what they'll order their programmers to do.
This is just like saying you're "being guilty until you prove yourself innocent "... The FDA should have to prove harm, rather than the soap companies proving effectiveness.
What's to prove? Customers are being tricked into paying extra for something that's useless. That's harm, right there.
Slashdot Mirror
Also check out "Space Patrol" - well worth it!
https://en.wikipedia.org/wiki/...
An app that can probably run well on an average-spec web server with Apache and a free copy of sqlite.
I prefer "Space Patrol", made in the UK in 1962.
https://en.wikipedia.org/wiki/...
Yeah, it's puppets, but the detail and the attention to science is really good.
What happened to sending in the robot with a bomb to kill the suspect?
That's step 2 of this plan for "confrontation with civilians".
The way I see it this problem comes down to detecting MITM attacks, not trying to prevent them.
People need easy, automated ways to communicate with each other to check if they're seeing the same public keys as everybody else.
If we use other site's certificates to sign the certificates being compared it will become exponentially difficult for the NSA to intercept and alter the information arriving at your PC. Only need ONE good certificate needs to get through and the whole attack against you will fail.
.
That one good ones should come from your browsing history. The most trustworthy certificates are the oldest ones because it's very difficult to alter history no matter how big your spying budget is..
A web of trust can be compromised, too.
Webs of trust rely on humans to make them work. Humans are fallible, evil, can be bribed to change sides, etc.
Look at Tor. Tor works when there's not many evil nodes but the evidence is that the NSA is setting up tens of thousands of their own nodes all over the place. The chances of not going through several NSA-owned nodes is very slim.
And replace it with....what?
It won't work, silly.
Wouldn't it have been better to keep the headphone jack and sell a bluetooth barometer?
Um, no.
Air pressure varies with weather/temperature/etc.
If a company is taxed more it just raises its prices. Customers are really paying the tax.
And ... this is the correct thing to do.
This way only the people who buy Apple products have to pay extra, not everybody.
Furthermore with 100 Mb/s everywhere I could start thinking to move into the countryside.
You think every single person will have a full 100 Mb/s bandwidth available? Nothing shared?
And so it begins.
Call me when the manager that told him to do it gets locked up.
THAT will be news.
Why on earth would Apple want you to listen to free FM radio?
iTunes is a big part of their business and selling bigger data plans makes their carriers happy. FM radio is lose-lose from their point of view.
So what? It's not Sony's nor anyone else's responsibility, to make that OEM version of the software work with something else. If you don't like it, buy the parts and build your own computer.
Where, exactly, do I buy parts to build a laptop?
Huh?
People have been hashing passwords since the 1970's. It's a solved problem, one extra line of code and all programmers know about it.
If these sites are storing passwords in plain text it's because they WANT to store them in plain text. They're using them for something (eg. sniffing people's email/Facebook/bankaccount/whatever).
No amount of crypto theory is applicable to these sites because they're not interested in it.
I can't understand in any way, that a site that size can be running with plain text passwords. In 2012.
Don't attribute to stupidity anything which can adequately be explained by malice.
Maybe somebody wanted your password. Lots and lots of people use the same password for everything. Maybe these sites were using people's passwords to sniff their Facebook accounts, their email, who-knows-what...?
It really is the way some CEOs think, and what they'll order their programmers to do.
I'd use it to see how much open sauce there is in my fridge.
Unfortunately, mosquitoes have no souls.
That doesn't mean that hell isn't full of them.
If only the answer to that question could be in the second line of the linked article. Life would be so much easier...
Gee, if only the biologists were as clever as Slashdot posters.
Yep. AC's parents think his generation were responsible for destroying the language, his grandparents think it was his parents. So it goes.
Placebos can be very effective.
This is just like saying you're "being guilty until you prove yourself innocent "... The FDA should have to prove harm, rather than the soap companies proving effectiveness.
What's to prove? Customers are being tricked into paying extra for something that's useless. That's harm, right there.