Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:So let me get this right... (Score 1) 351

by Heembo (#29677841) Attached to: Null-Prefix SSL Certificate For PayPal Released

*applause* It's even worse - the new ASP output encoding API's only encode for HTML Entity - what about JS, CSS, HTML Attribute and other encoding contexts that you need for secure programming to stop XSS? Not to mention DOM based XSS where you need to encode for JS Variable AND HTML Attribute, in some cases. Web Security Programming is not easy - and its frankly impossible if you don't have the right tools.

Comment: Re:Solution: Public Key Auth (Score 1) 327

by Heembo (#26251907) Attached to: The Slow Bruteforce Botnet(s) May Be Learning

Ah, that makes sense.

My comment about secure password treatment stands true for enterprise applications, but for a honeypot it makes total sense to log passwords.

But, suppose you had an administration console to the honeypot that you did NOT want hackers to have access to - like some honeypot report/statistical sub-application - well, for that sub-app you would want to take my advise about password treatment.

Comment: Re:India (Score 1) 386

by Heembo (#26251671) Attached to: Study Abroad For Computer Science Majors?

Oh comon - Bangalore College is a degree farm. That one college pumps out more grad's than all of the US probably. It's not the college or the education - it's the individual. Can you play in the world of computers and discrete math? Can you deal with 6 different programming languages to build a modern website? Some folks with PhD's cant play in this world - while some who never went to school are software engineering masters. The only thing my CS degree got me is a piece of paper - and some practice in learning about computers. All that knowledge is not mostly useless - but the understand that CS is all about constantly learning new stuff - priceless.

You knew the job was dangerous when you took it, Fred. -- Superchicken