Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: The impossible: DELIVERED! (Score 1) 497

by SteelRat (#31837328) Attached to: Please Do Not Change Your Password

I think you know what you're asking for is impossible, John. Is that your point?

Physical penetration tests can validate the presence of password lists in wallets, in desks, and in caches on workstations. I think I can say with confidence that there are no sources of metrics for what you have specifically asked.

So where are we then? No one can prove anything and therefore we can all claim to be correct? That's awful. That's also the state of the security industry; mountaintop sages and so called best practices sold by vendors.

Your suggestion on having a little book with them is also pretty bad. It breaks the password model of being something you know to something you have.

Remember everyone, multi-factor authentication should be a combination of something you are, something you have, and/or something you know.

If everyone did as you suggest, all thieves would have to do would be to throw an admin in the back of a van. In fact, I'm surprised that we haven't been seeing more of that anyway.

Comment: Password aging and complexity = lists (Score 2, Interesting) 497

by SteelRat (#31834706) Attached to: Please Do Not Change Your Password
If anyone gathered metrics on such practices, I would bet that for most environments, they would find that it yields the opposite effect of what is intended.

It makes strong passwords and lots and lots of password lists under keyboards, in text files, and on post-it notes.

I gave a little talk at a Toorcon event a couple years ago where I included some pictures of password lists found in the wild.

I think everyone competent knows about these things, they just choose not to say anything about it because it is a "best practice."

Comment: I've been paid for it (Score 1) 735

by SteelRat (#30277736) Attached to: Should You Be Paid For Being On Call?

As a consultant, I was paid quite a lot for being available for an on-call basis; several thousand a month.

I also didn't have to do much when things happened. I would join a call, establish that it was not my problem, and then drop off.

If you're deeply concerned for your jobs, get better at your jobs and leave your bad gigs. Retention and performance problems should correct this problem of thinking that management assholes can get people to work for free. They would never work for without compensation. Why should people who are smarter than them?

Comment: Re:Free? (Score 2, Informative) 137

by SteelRat (#28797691) Attached to: Pirate Bay's Anonymity Service Enters Beta Testing

RTFA, guy. It's not free.

Also It's been done before and well. The code has been open for a long time now. I'm just surprised it hasn't happened sooner.

The code used to be archived by some of the industry cool kids for quite a while, but I'm not readily finding it in the allowed attention span of this comment.

Comment: seriously now guys (Score 1) 416

by SteelRat (#28680239) Attached to: Microsoft vs. Google — Mutually Assured Destruction

I always suspected that Cringely was completely clueless, but now I have something to point to which by his own words damn him more than anything I could ever say.

This is the kind of writing that you can point at as an example of how some people do not get it despite their pomp and bigdealness.

The Internet

+ - SPAM: Malware knocks out U.S. Marshals Service network

Submitted by
coondoggie writes "Malware Wednesday crippled Windows-based computer systems at the U.S. Marshals Service, which hunts federal fugitives and operates the country's witness protection program, knocking the agency's network offline. The agency's press office confirmed it was having network problems and that its e-mail system was down this morning, but it was unclear if the outage extended across the entire network. The press office said a statement would be issued today, but has yet to be released. [spam URL stripped]"
Link to Original Source
Linux Business

+ - Italian firm: Microsoft Out. RedHat and IBM In.->

Submitted by ruphus13
ruphus13 (890164) writes "In what is being hailed as a good win for Open Source and IBM, Gruppo Amadori has begun to phase its 6,000 employees off Microsoft products and on to Red Hat and IBM's Lotus Symphony. From the article, "Italian food company Gruppo Amadori [is] rolling out Red Hat Enterprise Linux with desktops running IBM software, much of which is free, and some of which has open source roots. About 1,000 of the company's 6,000 employees use computers and will move to Red Hat's platform and IBM Lotus Symphony--a free software suite with long-standing open source roots, although it's not developed as open source any longer. The company will also switch from Microsoft Exchange to an IBM Lotus Notes and Domino environment hosted on Red Hat Enterprise Linux.""
Link to Original Source

+ - MS Nailed with $200M MS Word Patent Infringement

Submitted by
nandemoari writes "Microsoft has been slapped by a heavy hand for including a Canadian company's technology in Microsoft Word. A Texas federal court recently decided that the Redmond-based firm infringed on Toronto-based i4i's XML-based patent. Unfortunately for Microsoft, on Wednesday a Texas judge agreed with i4i's complaint that MS violated the patent through its system for processing Word files via embedded codes that show instructions on how information is presented. Microsoft's not taking the $200 million ruling lying down. According to Microsoft spokesman David Bowermaster, the company will request that the court overturn the order."

+ - Adobe uses DMCA on protocol it promised to open

Submitted by
An anonymous reader writes "Despite promising in January to open RTMP Adobe has apparently issued a DMCA take down request for an open source implementation of RTMP. The former SourceForge project page of rtmpdump now reports "Invalid Project". rtmpdump has been used in tools such as get_iplayer and get-flash-videos. Adobe is no stranger to the DMCA, having previously used it against Dmitry Sklyarov."

+ - Another Invasionary Species by the USDA?->

Submitted by gpronger
gpronger (1142181) writes "USDA proposes to use a Spanish wasp for weed control along Mexican-US border. Carrizo Cane, a tall reed that grows along river banks, etc has spread rapidly along the Rio Grande. The height of the reed, and the density that it grows, gives cover to illegal immigrants. The wasp lays it eggs inside the stem, causing the plant to dwarf or die.

The question to ask though, is what other agricultural plants it may go after once released?

Have we ever had a purposeful release of a foreign species that went as planned?"

Link to Original Source

"The only way I can lose this election is if I'm caught in bed with a dead girl or a live boy." -- Louisiana governor Edwin Edwards