Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

+ - How Java Changed Programming Forever

Submitted by snydeq
snydeq writes: With Java hitting its 20th anniversary this week, Elliotte Rusty Harold discusses how the language changed the art and business of programming, turning on a generation of coders. 'Java’s core strength was that it was built to be a practical tool for getting work done. It popularized good ideas from earlier languages by repackaging them in a format that was familiar to the average C coder, though (unlike C++ and Objective-C) Java was not a strict superset of C. Indeed it was precisely this willingness to not only add but also remove features that made Java so much simpler and easier to learn than other object-oriented C descendants.'

+ - Poll: When it comes to polls...

Submitted by TheCreeep
TheCreeep writes: I always vote
I sometimes vote
I never vote
I vote randomly
I complain about lack of options
I look for the CowboyNeal option

Comment: Re:Password updating (Score 2) 150

I agree to some extent - frequent changes hurts more than it helps. Changing password shall be when it's considered necessary, and it's only you that uses the password that can decide that.

But to increase security a 2-factor authentication shall be used, so that you need to combine with a keycard or similar in order to gain access. That will make it harder for anyone that wants to gain access to the net.

But if you want higher security you should also build your net within a company on segments so that there are several separate segments of the network within the company. E.g. Human Resources should run their segment, Management another etc. That way a security compromise would not be as serious as if it was on a non-segmented network. This will of course require separate servers for the different segments and internal firewalls.

+ - Linux Dev's Purported 4096 bit RSA Key Factored 1

Submitted by Anonymous Coward
An anonymous reader writes: A PGP subkey for Kernel developer Peter Anvin from a public Sks Keyserver was discovered to be divisible by 3. The weak key was discovered by a web service which calls itself the Phuctor which has since factored two other keys as a chews on an sks keyserver dump. Whether the key was generated weak or if it was strong before becoming corrupted on a keyserver it is extremely troubling that such a weak key representing such an important Linux developer could be served.

Comment: Re:Fuck you. (Score 1) 616

by Z00L00K (#49712241) Attached to: Editor-in-Chief of the Next Web: Adblockers Are Immoral

Enforce too much ads and people will go elsewhere, but now we have the adblockers so people will go wherever they like. That's the reason why people no longer watch TV - they can't avoid the ads that spams them with perceived higher audio volume, stroboscopic effects causing epilepsy and doubling the time a show goes on.

Ever considered why some sports are more available on TV than others? Baseball and American Football - you can inject ads often. The long full course yellows on motorsports are great for ads - and they are a lot longer and more frequent today than a few years ago.

Also look at magazines that have died over time. A magazine that was once popular and thin grew fatter and fatter with ads while a lot of the content became watered down and suddenly people stopped buying that magazine.

That said - I can live with ads if they aren't impacting on the stuff I want to access. Often a text ad of around 10 words is enough to catch the attention of anyone that's interested. Throwing up a full page ad covering the content alienates the visitor completely and will result in people looking for a belt-fed shotgun to clean out the company behind the ad.

+ - Banks Conspire 2

Submitted by Jim Sadler
Jim Sadler writes: I'll keep it short. Why do banks, charge cards and others have such lousy password software? My bank allows twenty letters or numbers but not all combinations of letters and numbers. Then on top of that one can not use symbols or ASCI symbols in ones password. Needless to say pass phrases are also banned. For example "JackandJillwentupthehilltofetch1394pounds of worms." would be very hard to crack and very easy to recall.
              I can't imagine why such passwords would be so hard to handle for financial institutions and they have everything in the world to lose from sloppy security. So just why, considering that these institutions complain of mega money being lost, do they not have a better password system? Do they somehow gain when money goes missing?

+ - In a First: FDA issues Safety Advisory for Cyber Risk of Drug Pumps->

Submitted by chicksdaddy
chicksdaddy writes: In what may be a first, the Food and Drug Administration (FDA) has issued a Safety Communication regarding vulnerabilities in a drug infusion pump by the firm Hospira that could make it easy prey for hackers, The Security Ledger reports.

The FDA Safety Communications notice regarding the Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems (http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm446809.htm) was published on Wednesday. The notice advises hospitals that are using the pump to isolate it from the Internet and “untrusted systems.” It follows disclosures by two, independent security researchers in recent months of a raft of software security vulnerabilities in the pumps, including Telnet and FTP services that were accessible without authentication.

The FDA said it and Hospira “have become aware of security vulnerabilities in Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems” as well as the publication of “software codes, which, if exploited, could allow an unauthorized user to interfere with the pump’s functioning.”

An unauthorized user with malicious intent could “access the pump remotely and modify the dosage it delivers, which could lead to over- or under-infusion of critical therapies,” the safety advisory warned.

The advisory follows a warning by the Department of Homeland Security in April. DHS’s Industrial Control System Computer Emergency Response Team (ICS-CERT) warned of drug infusion pump management software sold by Hospira contains serious and exploitable vulnerabilities that could be used to remotely take control of the devices.).

The FDA notice regarding the Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems was published on Wednesday. The notice advises hospitals that are using the pump to isolate it from the Internet and “untrusted systems.” It follows disclosures by two, independent security researchers in recent months of a raft of software security vulnerabilities in the pumps, including Telnet and FTP services that were accessible without authentication.

The FDA said it and Hospira “have become aware of security vulnerabilities in Hospira’s LifeCare PCA3 and PCA5 Infusion Pump Systems” as well as the publication of “software codes, which, if exploited, could allow an unauthorized user to interfere with the pump’s functioning.”

An unauthorized user with malicious intent could “access the pump remotely and modify the dosage it delivers, which could lead to over- or under-infusion of critical therapies,” the safety advisory warned.

The advisory follows a warning by the Department of Homeland Security in April. DHS’s Industrial Control System Computer Emergency Response Team (ICS-CERT) warned of drug infusion pump management software sold by Hospira contains serious and exploitable vulnerabilities that could be used to remotely take control of the devices.(https://securityledger.com/2015/04/drug-pumps-vulnerable-to-trivial-hacks-dhs-warns/)

he issuance of a “Safety Communication” for software vulnerabilities is novel. The communications are typically used to issue specific and actionable guidance concerning safety related issues with medical devices or products used by health professionals in the field.
This is believed to be the first such communication issued for a software vulnerability in a specific product. In June, 2013, the FDA issued a safety communication regarding cybersecurity of hospital networks and medical devices. (http://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm356423.htm)

Link to Original Source

Comment: A good patent is worth a lot. (Score 1) 125

by Z00L00K (#49687381) Attached to: Ask Slashdot: Security Certification For an Old Grad?

If the patent is really good it can be worth over 10 times the graduation score you had over 10 years ago.

Add an up to date certification and a good CV and you may not have too much trouble getting a decent job unless you have a very disagreeable personality for a first impression.

I did graduate on a college level back in '87 and the last 15 years nobody have had any concerns about what I did graduate with. It's only people that graduates with titles like "Doctor" in a certain area that can ride on that for the rest of their working life.

Just show up at job interview in decent looking clothing without too many weird looking tattoos exposed. Not too strict, not too relaxed, one notch above what people usually wear to the workplace in question. Dressing too far above will cause the interviewer to feel uneasy.

The Universe is populated by stable things. -- Richard Dawkins

Working...