Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Issue is more complicated (Score 1) 925

You don't have to be nice, but be respectful. The problem is Linus has cultivated an environment where there is no respect for a person for just being a person. He only respects people that agree with him and think the way he does. Basically, it's an easy way to rationalize being an asshole and it being okay.

Comment Re:2 factor authentication would have. (Score 1) 142

Don't get cocky kid. In the RSA breach the hackers went after material used in SecurID (RSA's 2FA product). They're going after phones with the 2FA apps on them too.

Yeah 2FA is good security practice and its use will it make it significantly harder to breach a system using legitimate credentials, but the notion that it's full proof (or fool proof) is a myth.

Comment It's Better and Worse Than This... (Score 1) 130

It's better in that just because a component has a vuln doesn't mean that vuln is exploitable in all situations. Unfortunately, people are TERRIBLE at determining if a vulnerability is potentially exploitable or not.

It's worse in that the data in the NVD is often wrong and has lots of missing versions. For example, CVE-2013-5960 says "The ... in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.1 " and it lists the affected versions only as 2.0.1. The description is wrong (the issue was fixed in 2.1.0) and the list of versions is incomplete as there are more versions that are affected. Another example, CVE-2014-3604 says " in Not Yet Commons SSL before 0.3.15 ..." and then lists the affected versions as 0.3.15 - which is the version it was fixed in and it doesn't list the versions that were actually affected.

Comment Re:The root cause : poor unit testing (Score 1) 130

Sorry, but no, it's not that simple. Lots of vulnerabilities come into a project because of dependencies that are poorly managed. Project A depends upon project B which in turn depends upon project C and C has the vuln. All the unit testing of A in the world will not turn up that vuln. That requires system testing and that's a lot more involved.

My computer can beat up your computer. - Karl Lehenbauer