Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Report on DigiNotar hack indicts Iran (sophos.com)

Submitted by xsee
xsee writes: A report released today by Fox-IT investigating the attack against certificate authority DigiNotar shows extremely poor security at DigiNotar and implicates Iran in the attack.

DigiNotar was using unpatched Windows servers with poor passwords and no anti-virus.

Submission + - Details on the Iranian Diginotar hack (google.nl)

Submitted by Anonymous Coward
An anonymous reader writes: A report came out explaining how the security incident at Diginotar could occur. Although the report itself is not yet public, news websites report some of its shocking conclusions:
- It was possible to access the secured environment directly from regular employee computers for anyone logged in to Windows;
- Administrator passwords were so simple that they could be (and were) brute forced;
- Logging did not function correctly and it is not possible to find out which certificates were created;
- Copies of keys were also held in a separate database and any employee could have abused them to sign counterfeit certificates;
- No antivirus was used and intrusion detection failed;
- The attack was discovered by July 19th and by Juli 28th it was known the certificates were used to intercept traffic.

Dutch original: http://www.nu.nl/internet/2607758/diginotar-negeerde-misbruik-en-was-slecht-beveiligd.html

Comment Re:Whoa (Score 1) 68

by Migala77 (#36507544) Attached to: Life As a Bug Hunter

Firefox doesn't use that much RAM under normal conditions. Apart from that bug when you load up a whole page of photos, the use of memory is way below any of the major competitors.

Doesn't mean that it doesn't happen, but it's usually not Firefox, it usually ends up being a plug in or extension that's using up most of the memory. Under normal circumstances you're not likely to ever use more than 500mb.

Then tell me which extension it is. Just a simple task manager, then I'll know who to blame.

Comment Re:CSS *2.1*? (Score 1) 97

by Migala77 (#36372622) Attached to: CSS 2.1 Becomes W3C Recommendation
I agree that avoiding duplication is too difficult in CSS, but fixing that and having graceful degradation to support non-supporting browsers would be a nightmare. SASS looks pretty interesting there. Would be great if there was something like this as a language-independent Apache module.

Comment Re:Double the Price, Half the Servers? (Score 4, Informative) 84

by Migala77 (#36237970) Attached to: After a Lull, Sun Server Business Grows Under Oracle

In other words, IDC is reporting that Oracle raised prices. That strategy works for a quarter or two, maybe. But it's a going out of business strategy.

Where did you read this? Nothing about the price is mentioned in the article, apart from that sales of pricier servers have increased in general. Oracle sales are more or less matching overall market growth, so neither a higher market share nor higher price is necessary for Oracle's revenue to go up.

Comment Re:Javascript is a disaster (Score 1) 305

by Migala77 (#36055774) Attached to: JavaScript Creator Talks About the Future

""+" doesn't append _two numbers_, but it can append _number to string_ - which you can have in any language with operator overloading."
function foo(x,y) { return x + y; }
foo("5",6) == "56"

In every other language I've seen, the CORRECTly expected result is 11 or error. Perl, C++, etc. The point is that you can never trust your input if you are expecting numeric.

If you think Javascript is weird, try executing this in C:
"123"+1

Comment Re:Open? Or free (as in beer)? (Score 1) 113

by Migala77 (#35865522) Attached to: Open Source Programming Tools On the Rise

I'll bet that lots of enterprise use of Open Source tools is due to the price tag, not the ability to fiddle with the source code.

If free-as-in-beer or free-as-in-speech were the issue, Open^H^H^H^HLibreOffice would be the corporate standard. Open source programming tools are simply among the best available. Right now, without any further need for fiddling. They became the best because the programmers developing them are the same as the programmers using them. They can scratch their own itch. Often only a (very) limited group of FOSS-users knows how to program, and how to 'scratch their itch' if there is something they feel needs improvement in the software. For programming tools a huge part of the user base will know how to fix the bugs/annoyances, and their efforts have a much wider appeal in their own (programmer-)community, than a similar effort would have in other communities.

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Close