Forgot your password?
typodupeerror
Government

+ - Black Hat: 6 FBI Lessons To Tighten Enterprise Security ->

Submitted by
gManZboy
gManZboy writes "How can corporate America cure its information security ills? Take a page from the FBI's terrorism-combating revamp.

That was the pitch made by Shawn Henry, president of CrowdStrike, in his keynote presentation Wednesday opening the Black Hat 2012 conference in Las Vegas. Until March 2012, Henry was the executive assistant director of the FBI, with responsibility for all of the FBI's criminal investigations worldwide, including cyber investigations, the critical incident response group, and international investigations. Two examples: Business must get proactive about fighting threats and must think hard about what to keep off the network entirely."

Link to Original Source
Businesses

+ - Netflix Latest Earnings Report Shows Trouble->

Submitted by
nmpost
nmpost writes "The beginning of the end may be at hand for Netflix. On Tuesday, the movie rental company posted its second quarter results, and they were not promising. While the company returned to profitability following a first quarter loss, Netflix had a 91% drop in net income. The company’s troubles began when it attempted to split its DVD by mail and streaming services, effectively doubling the price it was charging customers. External forces are now beginning to weigh on the company, and its doom appears to be within sight. The biggest challenges facing Netflix over the coming months is going to be competition and licensing fees. Three huge companies are competing against Netflix in the streaming arena, which has already surpassed its DVD by mail business. Amazon, Apple, and Google all offer streaming content as well. As movie and television studios began to demand higher licensing fees, Netflix will not be able to pay, while these tech giants will. Netflix will eventually be priced out of the market."
Link to Original Source

Comment: Re:Physical items? (Score 1) 292

by mhogomchungu (#40239341) Attached to: FBI Used FedEx To Sneak Dotcom's Hard Drives Out of NZ
Making a copy of something and then taking the copy is not stealing since the original something is still there.

If the content on the hard drive were under a copyright, then making a copy without the permission of the license the content was under or without the permission of the owner of the content is copyright infringement

Comment: Re:Stupid article. Important point. (Score 1) 156

by mhogomchungu (#40186991) Attached to: The Cost of Crappy Security In Software Infrastructure

int read(int fd, &char[n] buf; size_t n);

char buffer[10] ;
&buffer[9] will point to the address of the last element of the buffer.
&buffer[10] is outside the buffer range -->> BUG, C programming 101.

if the function as stated above requires that n be the buffer size, then:

1. You will always be passing a pointer to outside the buffer size.
2. You will always be required to read ONLY the full size of the buffer.This will prevent reading more than what the buffer can hold, but it will also prevent reading less than the buffer size. Solving a problem due to programmer carelessness by handicapting other programmers since they will no longer be able to call "read" to read data of various sizes that are under the buffer limit.

The problem with the second form, which the standard UNIX/Linux "read" call, is that you're lying to the language. You're not passing a pointer to a char. You're passing an array of known size. But C won't let you say that. This is the cause of most buffer overflows.

The API takes a pointer to a memory address, and writes n bytes from the beginning of the pointer address.
The API does not care if you gave it an array or not and thats a good thing because you can then read data to not only arrays, but to any arbitrary position in the array.

Comment: Re:Why so complicated? (Score 4, Informative) 62

by mhogomchungu (#38405958) Attached to: New Standard For Issuance of SSL/TLS Certificates

Why aren't SSL certs only to encrypt the transmission so data can't be packet sniffed? Why must the cert also certify that foo.com's owners paid $X for a cert?

SSL uses PKI(public key infrastructure). PKI provides two things, authentication and encryption. Authentication is critical because it proves the encrypted message is going the the recipient and there is nobody in the middle.

Why must the cert also certify that foo.com's owners paid $X for a cert?

It only certify that foo.com owns the certificate, it says nothing about how much the certificate costs.A certificate is a signed public key.

If I connect to mybank.com, can't I clearly tell from the URL that I'm going to where I think I'm going?

If you type "mybank.com" on your browser, your browser will make DNS request to get "mybank.com" IP address. Somebody could high jack the DNS request and return "iownyou.com" IP address and all of your data will send there instead of "mybank.com". Here is the part where the authenticity of the connection comes in.

In contrast, when I ssh between computers, I don't need any certs for that. Assuming I typed the host's name correctly, I'm going to where I think I'm going. Right?

When you ssh to a new computer, you will be presented with the other computer signature and asked if you trust the connection is coming from where you think its coming from and it is your responsibility to authenticate the connection. The CA system puts the responsibility on somebody else. The way ssh works is equivalent to self signed keys online. They will give you encryption but not authenticity. If you go to "mybank.com" and they say "we are mybank.com, trust us,we are who we say we are, here is an encrypted connection, use it to send your bank info", would you proceed? i hope you wont.

Comment: Re:Community Myth (Score 2) 348

by mhogomchungu (#36789870) Attached to: Microsoft Developer Made the Most Changes To Linux 3.0 Code
Linux is still "a community effort of users putting their minds together". There may have been a shift from the community made up mostly of individuals to corporations but it is still, a community.

Does it matter if a contributor is an individual, an individual contributing on behalf of a company or company contributing as long as the code is of good quality, is offered in ways that agrees with the norms of the community and does not violate any license used by the community? Microsoft is contributing code because they are either using linux or they have people they are supporting who are using it hence they are part of the community effort. It doesnt matter how little any individual or company cares about the GPL, all it matters is that they conduct themselves in a way that does not violate it.

The speed of anything depends on the flow of everything.

Working...