Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:So let me get this right... (Score 1) 351 351

*applause* It's even worse - the new ASP output encoding API's only encode for HTML Entity - what about JS, CSS, HTML Attribute and other encoding contexts that you need for secure programming to stop XSS? Not to mention DOM based XSS where you need to encode for JS Variable AND HTML Attribute, in some cases. Web Security Programming is not easy - and its frankly impossible if you don't have the right tools.

Comment Re:Solution: Public Key Auth (Score 1) 327 327

Ah, that makes sense.

My comment about secure password treatment stands true for enterprise applications, but for a honeypot it makes total sense to log passwords.

But, suppose you had an administration console to the honeypot that you did NOT want hackers to have access to - like some honeypot report/statistical sub-application - well, for that sub-app you would want to take my advise about password treatment.

Comment Re:India (Score 1) 386 386

Oh comon - Bangalore College is a degree farm. That one college pumps out more grad's than all of the US probably. It's not the college or the education - it's the individual. Can you play in the world of computers and discrete math? Can you deal with 6 different programming languages to build a modern website? Some folks with PhD's cant play in this world - while some who never went to school are software engineering masters. The only thing my CS degree got me is a piece of paper - and some practice in learning about computers. All that knowledge is not mostly useless - but the understand that CS is all about constantly learning new stuff - priceless.


Alarm Raised For "Clickjacking" Browser Exploit 308 308

Shipment Date writes "ZDNet's Zero Day blog has some new information on what looks like a scary new browser exploit/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash. The threat, called Clickjacking, was to be discussed at the OWASP conference but was nixed at the last minute at hte request of affected vendors. From the article: 'In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you.'"

Slashdot's Disagree Mail 426 Screenshot-sm 426

Everyone likes to belong to something. Whether it be for fun, a sense of belonging, or a need for attention, a group gives you a feeling of solidarity. Surrounding yourself with people that share common goals and ideas can be comforting. Sometimes however, you realize that you hate the people you've surrounded yourself with. Your religion doesn't allow you to read anything that has profanity or you've subscribed to Slashdot thinking you could learn more about hockey. This week's collection is composed of people who don't want to play, read, or be associated with us anymore. Read below to find out how bad they want out.

Submission + - Robotic suit amplifies human strength->

Heembo writes: "CNN is reporting that Sarcos Inc. from Salt Lake City has been demonstrating a suit can multiply a person's strength and endurance as many as 20 times. This project is a result of a two-year contract US Army worth up to $10 million, and initial field tests are planning to start next year. Although the The Army's exoskeleton research dates to 1995, this is the first project to yield results so astounding that Raytheon bought Sarcos' robotics business last November.

"It takes no special training (to use the suit), beyond learning to relax and trust the robot.""

Link to Original Source

The brain is a wonderful organ; it starts working the moment you get up in the morning, and does not stop until you get to work.