Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission + - Metasploit Creator HD Moore to Launch Venture Fund (securityweek.com)

wiredmikey writes: Well known security expert HD Moore announced that he is leaving Boston-based security firm Rapid7 to help launch a new venture capital firm focused on helping early-stage security firms get to market faster.

Moore is the creator of the open source penetration testing framework Metasploit, which Rapid7 acquired in 2009. Moore says he will continue to work on Metasploit and will remain active in the community even after he leaves Rapid7 on January 29.

Submission + - DoD Award to Recognize Drone Operators (securityweek.com)

wiredmikey writes: According to a Pentagon memo due out today, the US military will create a new way to recognize drone operators and other service members who contribute to America's fighting efforts from afar. The military is set to introduce a new "R" designation — known as a "device" — that can be attached to medals given to drone operators and other non-combat troops, such as cyber warriors who hack enemy networks.

Former defense secretary Chuck Hagel nixed a proposed new combat medal for US troops who launch drone strikes or cyber attacks, after a torrent of criticism from veterans and lawmakers. Drone pilots have complained of low morale, long hours and of the psychological impacts stemming from killing people remotely.

Submission + - Ask Slashdot: Security Policy for IoT Gadgets in the Office (securityweek.com) 1

wiredmikey writes: Rafal Los raises an interesting point about new Internet of Things (IoT) devices that may be coming into the office after Christmas, and the possible security risks associated.

He uses an example of the Amazon Echo which is “always listening” and raises the question of how welcome it would be in an office where confidential and highly sensitive conversations are frequent.

"How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn’t be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who’s addressing all the other gadgetry?"

Submission + - Facebook Threatens Researcher Over Instagram Hack (securityweek.com)

wiredmikey writes: A researcher claims he was threatened by Facebook after he responsibly disclosed a series of vulnerabilities and configuration weaknesses that allowed him to gain access to sensitive information stored on Instagram servers, including source code and the details of users and employees.

Wesley Wineberg says he discovered a remote code execution (RCE) vulnerability that allowed him to read a configuration file containing credentials needed to access database, which revealed roughly 60 accounts belonging to Facebook and Instagram employees. Wineberg also discovered that the server had been running on Amazon’s EC2 service and a list of more than 1,400 systems had been hardcoded into the /etc/hosts file.

While Facebook confirmed the existence of the RCE vulnerability and promised a $2500 reward, Facebook later agued that he violated user privacy when he accessed the data. Furthermore, Wineberg claims Facebook’s CSO, Alex Stamos, contacted him via the CEO of Synack, the vulnerability research firm he works for.

“Alex informed my employer (as far as I am aware) that I had found a vulnerability, and had used it to access sensitive data. He then explained that the vulnerability I found was trivial and of little value, and at the same time said that my reporting and handling of the vulnerability submission had caused huge concern at Facebook,” Wineberg said. “Alex then stated that he did not want to have to get Facebook's legal team involved, but that he wasn't sure if this was something he needed to go to law enforcement over.”

Stamos allegedly attempted to convince the researcher and his employer to keep the existence of the security holes private and delete all data obtained from Instagram systems.

“In my opinion, the best course of action was to simply be transparent with all of my findings and interactions. I am not looking to shame any individuals or companies, but I do believe that my treatment in this situation was completely inappropriate,” Wineberg said.

Comment Re:Another reason for Mozilla to shit their pants. (Score 1) 61

This new version of Chrome should be yet another reason for Mozilla to collectively shit its pants in fear.

Good. I hope they become irrelevant, simply due to what their attitude towards Opera users was ten years ago - and especially the attitude of Asa Dotzler, one of the most horrible trolls ever to have existed on the internet.

Soon enough, Mozilla will drop to Opera's market share. I'm going to laugh, oh how I'm going to laugh!

And then I'm going to start hoping that Opera falls from 2% to 0%, because they had an incredible browser and fucked it up exactly like Firefox did, by chromifying it entirely and alienating their decade-long users. Did they gain market share by making a Chrome clone? Nope. Quite the opposite.

Comment Re:Why the hell would anyone use Go? (Score 2) 185

Why the hell would anyone use Go?

(Serious question, since our editors didn't tell us why Go was created, what Go's intended purpose was and whether or not anyone is actually using Go.)

As a software developer here that likes to fiddle with all languages, the second paragraph from Wikipedia seems to answer your question nicely: "It is a statically typed language with syntax loosely derived from that of C, adding garbage collection, type safety, some structural typing capabilities,[2] additional built-in types such as variable-length arrays and key-value maps, and a large standard library."

So from the first few words someone might know C and desire garbage collection to be handled for them? Golang might be a better selection for them than Java.

Personally for me, the built-in primitives for concurrency make it a great language for tinkering in realms of software design that were once onerous to me. But that's only one of a few of the language's goals.

Maybe a better set of questions would be for an elevator pitch on why someone should use golang? Or perhaps if they have dropped some goals of golang for others as development went forward?

Comment Re:Wisdom of naming it "Go" (Score 2) 185

There's already a game called Go, which has about a gazillion articles on how to program it. Couldn't you come up with a name that would be less ambiguous? Now, when you see a user group for "Go programming", you have no clue which one it is.

In conversation, I refer to it as golang. You are right on your point about potential for confusion but I don't think your example is apt anymore. Googling for programming go appears to yield only results about golang. Also, it is not without tangential benefits like being able to call Go developers "gophers."

I think when I first started programming Groovy long ago I stumbled upon a website promising that software development was groovy ... that's no longer the case when I google for groovy programming resources.

In short the success of your language is a big enough concern than the name of your language is negligible (with the exception of negative words). The search results will follow.

Slashdot Top Deals

"Love may fail, but courtesy will previal." -- A Kurt Vonnegut fan

Working...