Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Correct program (Score 1) 147

I have come across vulnerabilities in consumer products, banks, and governments (though no airplanes). Here is a policy I use and I have not yet gone to jail, have gotten all problems fixed quickly, and usually gotten credit or some reward even if not requested.

  > Hello, I have inadvertently found a security issue in your product, it allows you to do XXX which is not expected. I am publishing this on my security blog in [48 hours / 5 days / 2 weeks].

Any time I have deviated from this process even a little the results have been much worse.

Comment: Re:Trus but verify... not (Score 4, Informative) 67

Speaking with experience on the receiving side of DARPA contract negotiations.

DARPA projects are not like kickstarter (BYO vision and get money) or like NIH (have reputation and get money); rather they do require actual competency and demonstrated ability to win them. The projects are managed like real engineering projects, requiring lots of documentation up front, thorough project planning, and plenty of checkpoints. However, aside from this good accountability, they do not exert direction on the projects, prescribe technical solutions or gain direct contact to your engineers for day-to-day operations.

Comment: Wrong solution (Score 1) 672

by fulldecent (#49510573) Attached to: William Shatner Proposes $30 Billion Water Pipeline To California

Water scarcity in California is a political problem with a political solution.

To better understand why a pipeline is a non-starter...

From the perspective of the cashew farmer: would you rather buy cheap water from the local utility or expensive water from the Great Lakes?

From the perspective of the pipeline investor: would you invest in a project to send water to CA when the people most likely to buy it will have ever more restrictions on water use?

And now for the solution to this and many problems...

Simply remove use restrictions and let the market properly set the price of this scarce product.

Comment: Sand in the hand (Score 0) 407

Guess what, senators?

If you won't let me hire foreign workers and bring them here to work on mutually beneficial terms, then I will simply keep them offshore and pay them to work from there.

Americans are SO uncompetitive for certain types of labor. A few laws wont bridge the chasm.

Comment: Get off my lawn (Score 5, Interesting) 230

I was in a similar situation a few years ago. It involved write access to other people's brokerage accounts.

FINRA, SEC, and FBI are all good points of contact and they have a straightforward complaint/action process. Assuming that you mailed a letter to the CEO first. Otherwise, I just now post live exploits to my blog at http://privacylog.blogspot.com... and usually give the vendor a heads up.

You will not get credit for the find. The TLAs will not invite you to give a speech. You will not get a career out of this, or even consulting money. Your end game is getting the thing fixed and moving on. Do this by posting your story which proves how innocent you are and giving the people an honest chance to fix it. Imagine you are in front of a jury of idiots. If you are saying "I wrote down this URL, then I typed it back in and some else's bank records came up... then I found out I made a typo". This is a perfectly reasonable story, there is nothing to be afraid of.

When it is not necessary to make a decision, it is necessary not to make a decision.

Working...