Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:So let me get this right... (Score 1) 351

by Heembo (#29677841) Attached to: Null-Prefix SSL Certificate For PayPal Released

*applause* It's even worse - the new ASP output encoding API's only encode for HTML Entity - what about JS, CSS, HTML Attribute and other encoding contexts that you need for secure programming to stop XSS? Not to mention DOM based XSS where you need to encode for JS Variable AND HTML Attribute, in some cases. Web Security Programming is not easy - and its frankly impossible if you don't have the right tools.

Comment: Re:Solution: Public Key Auth (Score 1) 327

by Heembo (#26251907) Attached to: The Slow Bruteforce Botnet(s) May Be Learning

Ah, that makes sense.

My comment about secure password treatment stands true for enterprise applications, but for a honeypot it makes total sense to log passwords.

But, suppose you had an administration console to the honeypot that you did NOT want hackers to have access to - like some honeypot report/statistical sub-application - well, for that sub-app you would want to take my advise about password treatment.

Comment: Re:India (Score 1) 386

by Heembo (#26251671) Attached to: Study Abroad For Computer Science Majors?

Oh comon - Bangalore College is a degree farm. That one college pumps out more grad's than all of the US probably. It's not the college or the education - it's the individual. Can you play in the world of computers and discrete math? Can you deal with 6 different programming languages to build a modern website? Some folks with PhD's cant play in this world - while some who never went to school are software engineering masters. The only thing my CS degree got me is a piece of paper - and some practice in learning about computers. All that knowledge is not mostly useless - but the understand that CS is all about constantly learning new stuff - priceless.


+ - My merchant is not even close to PCI compliant->

Submitted by Heembo
Heembo writes: One of my merchants is storing all credit cards for the last 10 years in a password protected MS Access database that is on their poorly managed active directory network as well as in their custom, poorly coded registration system. What do I do besides stop doing business with them and change my card?
Link to Original Source

A CONS is an object which cares. -- Bernie Greenberg.