Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Is running mission-critical servers without a firewall a "thing"?

Submitted by Anonymous Coward
An anonymous reader writes: I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.

Submission + - EPA makes most wood stoves illegal

Submitted by Jody Bruchon
Jody Bruchon writes: The Environment Protection Agency has lowered the amount of fine-particle matter per cubic meter that new wood stoves are allowed to release into the atmosphere by 20%. Most wood stoves in use today are of the type that is now illegal to manufacture or sell, and old stoves traded in for credit towards new ones must be scrapped out. This shouldn't be much of a surprise since more and more local governments are banning wood-burning stoves and fireplaces entirely, citing smog and air pollution concerns.

Submission + - Why is math not constant.

Submitted by ruckc
ruckc writes: So, why does math vary? int ans = -1 % 5; Should ans be -1 or 4? Depending on the tool I use I get different results.

Submission + - Silicon Valley could be heading for a new stock collapse. (businessinsider.com)

Submitted by billcarson
billcarson writes: Even though for most of us the recession is far from over, analysts are worried the technology sector might be heading for its next bubble. Technology stocks are at records highs at the moment. Companies that have no sound business plan have no difficulty in raising capital to fund their crazy dreams. Even Yahoo is again buying companies without real profit (Tumblr). Andreessen Horowitz, a major venture capitalist in Silicon Valley is already pulling up the ladder. Might this be an indicator for more woe to come?

Submission + - It's All UpTo You (yougotthatlook.com)

Submitted by Anonymous Coward
An anonymous reader writes: See what becoming part of the community of Mary Kay Independent Beauty Consultants can offer you. Flexibility with your time. The latest technology. Friendship and support from an inspiring community of successful businesswomen. Open-ended earning potential. And of course, innovative of looking good , cosmetics and skin care products.And the 50% you will make . What are you waiting for? Learn more about the Business opportunity.

Submission + - Feds confiscate investigative reporter's confidential files during raid (dailycaller.com)

Submitted by schwit1
schwit1 writes: Using a warrant to search for guns, Homeland security officers and Maryland police confiscated a journalist’s confidential files.

The reporter had written a series of articles critical of the TSA. It appears that the raid was specifically designed to get her files, which contain identifying information about her sources in the TSA.

        “In particular, the files included notes that were used to expose how the Federal Air Marshal Service had lied to Congress about the number of airline flights there were actually protecting against another terrorist attack,” Hudson [the reporter] wrote in a summary about the raid provided to The Daily Caller.

        Recalling the experience during an interview this week, Hudson said: “When they called and told me about it, I just about had a heart attack.” She said she asked Bosch [the investigator heading the raid] why they took the files. He responded that they needed to run them by TSA to make sure it was “legitimate” for her to have them. “‘Legitimate’ for me to have my own notes?” she said incredulously on Wednesday.

        Asked how many sources she thinks may have been exposed, Hudson said: “A lot. More than one. There were a lot of names in those files. This guy basically came in here and took my anonymous sources and turned them over — took my whistleblowers — and turned it over to the agency they were blowing the whistle on,” Hudson said. “And these guys still work there.”

Submission + - PHP.Net Confirms Compromise (php.net)

Submitted by whtghst1
whtghst1 writes: PHP.net confirmed today their servers where compromised.

From PHP.net...

As it's possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.

To summarise, the situation right now is that:

JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
Neither the source tarball downloads nor the Git repository were modified or compromised.
Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.

Submission + - Rural Population Not Needed For Farming But For Cannon Fodder (transitionvoice.com)

Submitted by Anonymous Coward
An anonymous reader writes: US Secretary of Agriculture Tom Vilsack wants to increase rural farmers in the US, but not to grow more food. "In 2012, for the first time ever — rural America lost population in real numbers — not as a percentage but in real numbers. Although rural America only has 16 percent of the population, it gives 40 percent of the personnel to the military." See more at: http://transitionvoice.com/2013/08/rural-population-not-needed-for-farming-but-for-cannon-fodder/

Submission + - Network Scientists Discover the 'Dark Corners' of the Internet (medium.com)

Submitted by KentuckyFC
KentuckyFC writes: Network theorists have always simulated the spread of information through the internet using the same models epidemiologists use to study the spread of disease. Now Chinese scientists say this isn't quite right--it’s easy to infect everybody you meet with a disease but it’s much harder to inform all your contacts of a particular piece of information. So they've redone the conventional network simulations assuming that people only ever transmit messages to a certain fraction of their friends. And their results throw up a surprise. In these models, there are always individuals or clusters of individuals who are unreachable. These people never receive the information and make up a kind of underclass who eke out an information-poor existence in a few dark corners of the network. That has implications for organisations aiming to spread ideas who will have to think more carefully about how to reach people in these dark corners. That includes marketers and advertisers hoping to sell products and services but also agencies hoping to spread different kinds of messages such safety-related information. It also raises the interesting prospect of individuals seeking out the dark corners of the internet, perhaps to preserve their privacy or perhaps for more nefarious reasons.

Submission + - How to FIx Healthcare.GOV: Go Open-Source! (businessweek.com) 1

Submitted by McGruber
McGruber writes: Over at Bloomberg Businessweek (http://www.businessweek.com/articles/2013-10-16/open-source-everything-the-moral-of-the-healthcare-dot-gov-debacle), Paul Ford explains that the debacle known as ealthcare.gov makes clear that it is time for the government to change the way it ships code: namely, by embracing the open source approach to software development that has revolutionized the technology industry.

Submission + - Oracle attacks Open Source; says community developed code is inferior (muktware.com)

Submitted by sfcrazy
sfcrazy writes: Oracle has a love hate relationship with Open Source technologies. Oracle claims that TCO (total cost of ownership) goes up with the use of Open Source technologies, basically to build a case of selling its own over prices products to the government. Oracle also attacks the community based development model calling it more insecure than company developed products. You can read the non-sensical paper here.

Submission + - Could Snowden Have Been Stopped in 2009? 4

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com writes: The NYT reports that when Edward Snowden was working as a CIA technician in Geneva in 2009, his supervisor wrote a derogatory report in his personnel file, noting a distinct change in the young man’s behavior and work habits, as well as a troubling suspicion that Snowden was trying to break into classified computer files to which he was not authorized to have access. But the red flags went unheeded and Snowden left the CIA to become a contractor for the NSA so that four years later he could leak thousands of classified documents. In hindsight, officials say, the report by Snowden's supervisor and the agency’s suspicions might have been the first serious warnings of the disclosures to come, and the biggest missed opportunity to review Snowden’s top-secret clearance or at least put his future work at the NSA under much greater scrutiny. Had Booz Allen or the NSA seen Snowden's CIA file before hiring him, it almost certainly would have affected his employment says Dashiell Bennett. “The weakness of the system was if derogatory information came in, he could still keep his security clearance and move to another job, and the information wasn’t passed on,” says a Republican lawmaker who has been briefed on Snowden’s activities. It's difficult to tell what would have happened had NSA supervisors been made aware of the warning the CIA issued Snowden in what is called a “derog” in federal personnel policy parlance. “It slipped through the cracks,” says one veteran law enforcement official. The Snowden affair "seems to have been a result of malicious intent on Snowden’s part and staggering incompetence on the part of the CIA and NSA," writes Seth Mandel. "If the NSA wants the president to use his pulpit to defend the broad powers of the NSA, they’re going to have to give him more that’s worth defending."

Slashdot Top Deals

BLISS is ignorance.

Close