14 posts • joined 11 Nov 2011
Re: Theoretical ?
Because it's trivial for a sniffer to read the inner packet. Considering that your proposed "packet wrapping" protocol will have to be well known for a useful number of servers to actually support it, sniffers will know about it too.
It's called security by obscurity, and it works very badly.
"The lab [...] is a virtual organisation involving several universities."
So not really organised then.
HTTPS does not prevent tracking.
"The move also quietly undermines Mozilla’s crusade in the past years on maintaining the privacy of netizens by using Do-Not-Track to anonymise users' searches."
"Do not track" does absolutely nothing to anonymise users' searches. All it does is add an extra HTTP header, "DNT: 1", indicating to the server that the user does not want to be tracked. This is a political, not a technical, approach, and I worry that users will think it actually gives them some sort of real protection. In fact I think it's rather amusing how a web browser can basically say, "please do not track me! Thanks. And by the way, the unique identifier you gave me last time is ac2983b6."
Using HTTPS by default is a good thing, even if it is only for Google searches. HTTPS authenticates the server and provides confidentiality from anyone intercepting or tampering with the connection between your browser and the web server, so your ISP, or the shady laptop user in the corner of the café, cannot see what you're searching for. It has nothing to do with whether the web server can track you or not.
"Additionally, using HTTPS helps providers like Google remove information from the referrer string."
If Google suppresses tracking when you use HTTPS (which I doubt), it's because Google decided to do that. Using HTTPS neither helps nor hinders.
"If you happen to click on an ad on a page you hit then the encryption is removed and advertisers can see who you are and where you’ve been."
Advertisers probably see that information without your clicking on it. HTTPS is to stop people intercepting your connection, it does nothing to control what the remote server does with the information you send it. (Note that advertisers don't intercept TCP connections to gather data, Google gives the data to them.)
Re: Easy peasy
I always have the referer header disabled. The only problems I've noticed (that I remember) are an on-line banking site not working, and the links to W3C's mark-up validator. Try it. It breaks fewer sites than you might think, and it's very easy to put it back again.
Re: <- Obligatory
*views image information*
It's a PNG. Bother.
Never admit as a balls-up what you can get away with calling a "technical error".
The C library was not at fault.
This is an integer overflow vulnerability resulting from the mistreatment of the return value of memcmp.
The memcmp function can return any integer, but MySQL converted its return value to my_bool (a typedef of char), causing an integer overflow if memcmp returned a value outside the range of a char (typically -128..127). An implementation of memcmp that returned values in -128..127 would hide this vulnerability, but another, equally valid implementation of memcmp returned values outside that range.
What is most shocking is how few programming languages (even "modern" languages like Java, Caml, ...) actually bother to handle integer overflows properly.
Re: Disk encryption?
It need only delete the encryption key. Besides, is overwriting with random data really that insecure? This just seems like the idea of someone who likes blowing things up and selling replacement storage devices.
And the problem with disk encryption was...?
The article starts with:
"The Raspberry Pi – if you can get your hands on one – isn't the only small, inexpensive ARM computer around these days."
Pity the article didn't mention any ARM computers remotely as cheap as the raspberry pi.
And how is that any better than using a window manager on a single screen?
I'd have thought that would've been obvious. Perhaps if you think of the question slightly differently: if you could afford a space flight, would you do it, or would you spend the money on something else? Considering what else you could do with the money, compared to how short a space flight would be, I'm not surprised.
Then it would be typical...
that we'd be trying to communicate with many cheap probes in low-Earth orbit, to find out why they all failed to leave their orbits.
A real pocket computer
"My Ben Nanonote never leaves my pocket, very portable but the keys lack travel for comfy typing (does fine for a quick note or an on-the-go Quake or Nethack game though)."
And you do all that, without even taking it out your pocket? Amazing!
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Review Fiat Panda Cross: 'Interesting-looking' Multipla spawn hits UK