How far away from it do you need to be for your cellphone to work?
Posts by Drew 11
199 publicly visible posts • joined 28 Sep 2009
Whiffy kitchen after last night's chips? Clear the air with SPACE PLASMA
Not fake news: Facebook reinvents SVG
IETF plants privacy test inside DNS
Japanese cops arrest serial 'foot licker'
Trump's plan: Tariffs on electronics, ban on skilled tech migrants, turn off the internet
The entire world is in the middle of a major WTF! moment right now.
But, just as Obama's "Hope" pledge never came to pass, I imagine in the next short while, Trump will be led into a room where he will meet a bunch of people he's never seen in his life, and be told who actually runs the joint, and given a list of what he'll be allowed to do and what he won't.
I hope.
User danger declines as two thirds of Chromistas now use HTTPS
Uncle Sam emits DNS email security guide – now speak your brains
Apple fans using Chrome on alert for Mac malware
Mozilla plots TLS 1.3 future for Firefox
Thanks, IoT vendors: your slack attitude will get regulators moving
We're on the road to DNSSEC
"It's no surprise, though: another key measure to secure the DNS, DNSSec, was first written in 1997 and after nearly 20 years has gone nearly nowhere."
The #1 Registrar in New Zealand, 1stDomains, doesn't offer DNSSEC capability. That is despite their claim to offer "the most advanced domain name management tools available"
When asked (last month) when they would get with the program, the answer was "Unfortunately, we do not have any plans to provide support for DNSSEC at present. Again, we apologise for any inconvenience this may cause for you."
So that's the kind of stupidity we're up against.
Perhaps if TLD Registries offered a small registration rebate on each domain that had DNSSEC enabled, things might change?
Judge nailed for trying to bribe Fed with fizzy water (aka Bud Light)
How a chunk of the web disappeared this week: GlobalSign's global HTTPS snafu explained
Re: Web-o-trust, smmeb'ol'thrust
"Here's the thing about a self-signed certificate: how do I know that you issued it?"
See: DNSSEC+DANE
Bypasses all this CA rubbish - which is why the browser authors don't want to bake it into their browsers.
How about a "PPS:" in the actual article about that, to raise awareness?
GlobalSign screw-up cancels top websites' HTTPS certificates
Re: Money minting exercise
With DANE you can do away with the CA system altogether. DNSSEC is used to prove you are who you say you are.
As . .uk and .co.uk are already signed (dig +DNSSEC co.uk), Vulture Central would just need to sign theregister.co.uk, enter the keys into the appropriate fields at their registrar
Then, ONCE THE BROWSER WRITERS BAKE DANE INTO THEIR PRODUCTS, you no longer need CA's and you won't need to manually authorise self-generated certs.
The time for DANE is now.
Now might be a good time for everyone to pressure the browser writers to finally include DANE capabilities, so website owners can take control of their own security and disconnect from this CA disaster.
Maybe Vulture Central could try to remember to put a little dig in about that everytime a CA TITSUP happens?
See...
###
Mozilla:
https://wiki.mozilla.org/SecurityEngineering/WorkingSessions/09-18-13-NetworkTeam
"I think we all agree it's not the right way forward. And slow"
https://wiki.mozilla.org/NSS:BurnDownList
"Nice to have, but doesn't solve all the problems, and there is no commitment that a majority will use it."
###
Chrome:
https://bugs.chromium.org/p/chromium/issues/detail?id=50874
"Closing this out as WontFix, as there are no plans.
The ISC number is not accurate for what real world users experience, and is biased by crawls that have a number of experimental limits.
DNSSEC and DANE (types 2/3) do not measurably raise the bar for security compared to alternatives, and can be negative for security.
DNSSEC+DANE (types 0/1) can be accomplished via HTTP Public Key Pinning to the same effect, and with a much more reliable and consistent delivery mechanism.
While not desiring to stifle discussion, we've continued to evaluate the security and usability benefits and costs of DNSSEC and DANE, and will continue to do so, but for now, this is neither something we plan to implement nor would support landing."
###
Now might be a good time for everyone to pressure the browser writers to finally include DANE capabilities, so website owners can take control of their own security and disconnect from this CA disaster.
Maybe Vulture Central could try to remember to put a little dig in about that everytime a CA TITSUP happens?
See...
###
Mozilla:
https://wiki.mozilla.org/SecurityEngineering/WorkingSessions/09-18-13-NetworkTeam
"I think we all agree it's not the right way forward. And slow"
https://wiki.mozilla.org/NSS:BurnDownList
"Nice to have, but doesn't solve all the problems, and there is no commitment that a majority will use it."
###
Chrome:
https://bugs.chromium.org/p/chromium/issues/detail?id=50874
"Closing this out as WontFix, as there are no plans.
The ISC number is not accurate for what real world users experience, and is biased by crawls that have a number of experimental limits.
DNSSEC and DANE (types 2/3) do not measurably raise the bar for security compared to alternatives, and can be negative for security.
DNSSEC+DANE (types 0/1) can be accomplished via HTTP Public Key Pinning to the same effect, and with a much more reliable and consistent delivery mechanism.
While not desiring to stifle discussion, we've continued to evaluate the security and usability benefits and costs of DNSSEC and DANE, and will continue to do so, but for now, this is neither something we plan to implement nor would support landing."
###
Confirmed: UK police forces own IMSI grabbers, but keeping schtum on use
Apple chops woeful WoSign HTTPS certs from iOS, macOS
HP Ink COO: Sorry not sorry we bricked your otherwise totally fine printer cartridges
Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January
Hollywood offers Daniel Craig $150m to (slash wrists) play James Bond
Russian spy aircraft are flying over Britain – and the MoD's cool with it
Valley VC Peter Thiel becomes an official Trump delegate
A Logic Named Joe: The 1946 sci-fi short that nailed modern tech
NZ unfurls proposed new flag
In the final round of ranking, the winning flag scored 50.53% to 49.47% for it's stablemate, so it was damn close. More people liked the flag that came 2nd (and thus is no longer in the running).
The ~10% of "informal" votes (read: spoiled), give a clue as to how many people who bothered to vote didn't like any of the choices. Add those to the 50% who could even be bothered to mail back the envelope, and you start to realise that the old flag is probably going to be a keeper.
http://electionresults.govt.nz/2015_flag_referendum1/results-by-count-report.html
Seized: Fake EFF .org linked to hackers hitting NATO, White House PCs
Re: Anybody remember whitehouse.com?
Way back in 2004 Ms Rogalski of the Hilton.com legal dept sent out threatening letters to domain owners accusing them of using Hilton's brand in links to their websites. hilton.example.com type of stuff.
Real nasty wording - "Deactivate these links within the next 24 hours or we will be instructing our solicitors to take whatever legal action is necessary as well as seeking costs against you."
She hadn't found these "links" anywhere on a website, she'd just typed them into her browser and found they worked so as far as she was concerned, they existed.
I suggested she take a stroll down to the IT department to get tutored in "wildcard DNS" and also that she'd be better off going after bigger fish such as
http://hiltons.hotels.are.great.for.sex.com/
http://upmarket.prostitutes.always.use.hilton.hotels.for.sex.com/
or
http://hilton.sucks.compared.to.sleepinn.com
I never received a reply. No apology for the nastygram, no "thanks for setting me straight".
She still works for Hilton apparently, so it must be a fail-upwards organisation.
The stories I could tell...
Apple supremo Tim Cook rules out OS X fondleslab, iOS merger
They've already destroyed OSX by dumbing it down to the iOS level. Last decent version of OSX was 10.6.8
Ever since then they've been busy turning great computers into giant iPhones. Safari used to have control of cookies down to the singular level, then they changed it so you could only delete all cookies for a particular website and you couldn't go in and see what each cookie had stored inside.
Fuckers.
I guess it's one way to force your users over to Linux.
Radio wave gun zaps drones out of the sky – and it's perfectly legal*
Hey, Facebook – these are the new Like buttons you should have used
11 MILLION VW cars used Dieselgate cheatware – what the clutch, Volkswagen?
The idea probably came from VW's Mexico factory, taking a leaf out of the local petrol company's book.
If you request the amount of petrol equal to the quantity the local standards authority uses to test petrol pumps for calibration, you get the correct amount of fuel delivered.
If you request any other value, the petrol pump diddles you by displaying a higher quantity than it actually delivers through the pump. The diddle factor is station-owner-defineable.
Top QLD sex shop cops Cryptowall lock; cops flop as state biz popped
Brit school claims highest paper plane launch crown
Google's Chrome to gag noisy tabs until you click on them
If you read anything today about ICANN taking over the internet, make sure it's this
Google to block access to unofficial autocomplete API
UN corruption cops commence probe into domain-name and patent body WIPO
Ah Francis. The man that once suggested the Internet would have been better off if it was patented.
He's always batting on about how "cybersquatting" is rife and destroying intellectual property, yet in 2011 only 9000 domains UDRP'd out of 220 MILLION total domains. See: http://www.circleid.com/posts/20120516_2011_udrp_filings_up_at_wipo_down_at_naf_and_still_infinitesimal/
The guy is a joke. Seeing him taken down a peg or two would be quite enjoyable.
Uber app will soon maybe track you 24/7, cry privacy warriors
"These updated statements don't reflect a shift in our practices, they more clearly lay out the data we collect today"
Read: "We're already tracking you 24/7 and have downloaded your contact. It's just that some spoilsport in the legal dept told us we had to stick that in the T&C's before someone found out we were doing it surreptitiously and sued our arses off."