Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment she's boring (Score 0) 250

by Wikipedia (#47081633) Attached to: Facebook Refuses To Share Employee Race and Gender Data
Anyone else find Sheryl Sandberg boring? Seriously, come up with some new and interesting technology. All she ever says is "women women women blah blah blah..." and I'm all for extreme fairness: the best person to do a job is the best D*MN person to do the job! To HELL with all this "fit in with the corporate culture", that's discriminatory!

Comment Re:Surprise, anyone? (Score 0) 300

by Wikipedia (#46900751) Attached to: Yahoo Stops Honoring 'Do-Not-Track' Settings
I'd like to see a lawsuite concerning crawling information in robots.txt. I don't think it would stand up, it's a voluntary, community-created standard. It's a polite way of saying "this is dynamic information or private". If it's private, then don't make it public! The first things hackers and pentesters do is traverse robots.txt

Submission + - OpenSSL: The New Face Of Technology Monoculture (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: In a now-famous 2003 essay, “Cyberinsecurity: The Cost of Monopoly” (http://cryptome.org/cyberinsecurity.htm) Dr. Dan Geer (http://en.wikipedia.org/wiki/Dan_Geer) argued, persuasively, that Microsoft’s operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond’s monopoly, or at least to lessen Microsoft’s ability to ‘lock in’ customers and limit choice. “The prevalence of security flaw (sp) in Microsoft’s products is an effect of monopoly power; it must not be allowed to become a reinforcer,” Geer wrote.

The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer.(http://cryptome.org/cyberinsecurity.htm#Fired) (AtStake was later acquired by Symantec.)

These days Geer is the Chief Security Officer at In-Q-Tel, the CIA’s venture capital arm. But he’s no less vigilant of the dangers of software monocultures. Security Ledger notes that, in a post today for the blog Lawfare (http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/), Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn’t proprietary software managed by Redmond, however, it’s common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed.(https://securityledger.com/2014/04/the-heartbleed-openssl-flaw-what-you-need-to-know/)

“The critical infrastructure’s monoculture question was once centered on Microsoft Windows,” he writes. “No more. The critical infrastructure’s monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them," Geer writes.

What happens when a critical and vulnerable component becomes ubiquitous — far more ubiquitous than OpenSSL? Geer wonders if the stability of the Internet itself is at stake.

“The Internet, per se, was designed for resistance to random faults; it was not designed for resistance to targeted faults,” Geer warns. “As the monocultures build, they do so in ever more pervasive, ever smaller packages, in ever less noticeable roles. The avenues to common mode failure proliferate.”

Slashdot Top Deals

egrep -n '^[a-z].*\(' $ | sort -t':' +2.0

Close