Slashdot videos: Now with more Slashdot!
That was the pitch made by Shawn Henry, president of CrowdStrike, in his keynote presentation Wednesday opening the Black Hat 2012 conference in Las Vegas. Until March 2012, Henry was the executive assistant director of the FBI, with responsibility for all of the FBI's criminal investigations worldwide, including cyber investigations, the critical incident response group, and international investigations. Two examples: Business must get proactive about fighting threats and must think hard about what to keep off the network entirely."
Link to Original Source
Link to Original Source
If the content on the hard drive were under a copyright, then making a copy without the permission of the license the content was under or without the permission of the owner of the content is copyright infringement
int read(int fd, &char[n] buf; size_t n);
&buffer will point to the address of the last element of the buffer.
&buffer is outside the buffer range -->> BUG, C programming 101.
if the function as stated above requires that n be the buffer size, then:
1. You will always be passing a pointer to outside the buffer size.
2. You will always be required to read ONLY the full size of the buffer.This will prevent reading more than what the buffer can hold, but it will also prevent reading less than the buffer size. Solving a problem due to programmer carelessness by handicapting other programmers since they will no longer be able to call "read" to read data of various sizes that are under the buffer limit.
The problem with the second form, which the standard UNIX/Linux "read" call, is that you're lying to the language. You're not passing a pointer to a char. You're passing an array of known size. But C won't let you say that. This is the cause of most buffer overflows.
The API takes a pointer to a memory address, and writes n bytes from the beginning of the pointer address.
The API does not care if you gave it an array or not and thats a good thing because you can then read data to not only arrays, but to any arbitrary position in the array.
Why aren't SSL certs only to encrypt the transmission so data can't be packet sniffed? Why must the cert also certify that foo.com's owners paid $X for a cert?
SSL uses PKI(public key infrastructure). PKI provides two things, authentication and encryption. Authentication is critical because it proves the encrypted message is going the the recipient and there is nobody in the middle.
Why must the cert also certify that foo.com's owners paid $X for a cert?
It only certify that foo.com owns the certificate, it says nothing about how much the certificate costs.A certificate is a signed public key.
If I connect to mybank.com, can't I clearly tell from the URL that I'm going to where I think I'm going?
If you type "mybank.com" on your browser, your browser will make DNS request to get "mybank.com" IP address. Somebody could high jack the DNS request and return "iownyou.com" IP address and all of your data will send there instead of "mybank.com". Here is the part where the authenticity of the connection comes in.
In contrast, when I ssh between computers, I don't need any certs for that. Assuming I typed the host's name correctly, I'm going to where I think I'm going. Right?
When you ssh to a new computer, you will be presented with the other computer signature and asked if you trust the connection is coming from where you think its coming from and it is your responsibility to authenticate the connection. The CA system puts the responsibility on somebody else. The way ssh works is equivalent to self signed keys online. They will give you encryption but not authenticity. If you go to "mybank.com" and they say "we are mybank.com, trust us,we are who we say we are, here is an encrypted connection, use it to send your bank info", would you proceed? i hope you wont.
Does it matter if a contributor is an individual, an individual contributing on behalf of a company or company contributing as long as the code is of good quality, is offered in ways that agrees with the norms of the community and does not violate any license used by the community? Microsoft is contributing code because they are either using linux or they have people they are supporting who are using it hence they are part of the community effort. It doesnt matter how little any individual or company cares about the GPL, all it matters is that they conduct themselves in a way that does not violate it.