* Posts by Frank Russo

8 publicly visible posts • joined 11 Sep 2007

Trustwave admits crafting SSL snooping certificate

Frank Russo
FAIL

Why involve a CA at all?

Why would an enterprise need to involve a public CA for web snooping? In 10 minutes, an admin could create his own CA using subject/Issuer information identical to Verisign. He would then roll out the spoofed CA to the truststores on corp assets (your workstation), place the cert on the corp's proxy, and use the proxy to snoop. The users wouldn't see a warning, since their browser/e-mail client trusts the bogus CA already. If the user got curious and clicked on the browser's padlock icon (or moused over it) he would see verisign's information. Only the serial and hash would differ.

Basically, a legit admin would have no reason to obtain a certificate or device as presented in the article because the admin already has access to the client's CA truststores and the proxy. The only systems that could not be snooped would be devices that were not owned by the enterprise or accessable to the admin (if a client device is BYOD). He wouldn't want to undertake the latter, as it would/should put him in jail, which is where the admin and CA should be right now, having openly admitted to a crime.

Intentionally intercepting secure communications between devices you do not own is a crime. Saying "I'm Sorry, we were misguided" afterward doesn't fix things. It is as if your post man read all of your mail with the permission of the postmaster and then said "I'm sorry".

Ubuntu's Oneiric Ocelot: Nice, but necessary?

Frank Russo

Author is confused

Either the author is confused, or is inadvertently confusing readers.

Unity replaces "Gnome Shell". It does not replace "Gnome". Unity does a good job of providing access to the five apps that we typically run. Unity does a bad job at pretty much everything else. The only other exception is that it allows you to use Compiz, which GShell currently does not.

So Ubuntu users have the choice of a really-bad 2003-esque desktop shell, or a really bad 2009-esque desktop shell. There's really not a lot of other options. KDE has big issues with PIM currently, and is off the table. Perhaps we should give Bodhi a test-drive and see if Enlightenment provides a viable contemporary desktop shell.

Display defect may crimp iPhone 5 shipments

Frank Russo

He's not a player, he's a goon. Only goons call "reveal bubbles" by the incorrect name.

Cuba crafts extra-communist Linux distro

Frank Russo

National linux?

I see a lot of "russia fedora" and "cuba gentoo" in the the news. I see little news on the distro sites and in source code repositories that these national blends are actually upstreaming their fixes (or even making fixes). WTF is up with that?

Woman jailed for texting while driving

Frank Russo
Thumb Down

WTF is wrong you mouth breathers?

Jeez... Forget restitution and the rehabilitation of otherwise productive members of society. Just lock em up for 2 years. Make us innocent people pay for the jackarse's bed, tele, food, and housing. That should teach her good! Who needs a drivers license when you can simply get a free ride from the taxpayers.

Great job dipwads.

Frank

Swiss cops sniff out dope plantation on Google Earth

Frank Russo

Decriminalize it

Pot wouldn't need dealers if it were legalized. It's a weed. It grows almost everywhere. Anyone who wanted it could simply toss their seeds in the back garden, pick out the males, and be set year round. The only downside to this would bee the regular friendly visits from neighbors wanting a dimebag.

OpenGL 3.1 promise follows gamer revolt

Frank Russo
Thumb Down

Deprecation?

Wait, it's only the appendix that states what's deprecated. You go through the whole 3.0 spec, and at the end, it's "Oh, BTW, you probably don't wanna use these 40 things". I'm surprised that they didn't keep the dep list in their basement guarded by cheetahs.

Colombian armed robber targets karate school

Frank Russo

Ian -Shaolin

Ian,

Yes, he would have fared a bit better.... Since they would only attack one at a time...

http://www.youtube.com/watch?v=wMJ_b9uV1Lo

Frank