Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:Sell it to black hats then... (Score 1) 144

So they're trying to protect the site's reputation AND their users' security.

Sure, they take the notification seriously and are patching by all apparent counts --- i'm not doubting that they are concerned about their site's security as well.

That doesn't fully speak to the purpose of the "responsible disclosure" policy, and why they've decided to smite the researcher, however.

Comment: Re:Sell it to black hats then... (Score 3, Insightful) 144

by mysidia (#49542317) Attached to: Groupon Refuses To Pay Security Expert Who Found Serious XSS Site Bugs

Groupon doesn't fear bad PR. If it was afraid of bad press, it would have folded long ago.

Possibly they don't mind bad press, but i'll bet they mind press that says their site is insecure, or that if you do businesses with them, "Your identity/credit card number might get stolen"

That's probably why they got fussy and denied the researcher's bounty, when a note that a XSS bug (without substantive details) had been published.

Sounds like maybe the "responsible disclosure" policy was about protecting the site's reputation, not their users' security.

Comment: Re:...and adults too. (Score 1) 605

by mysidia (#49542237) Attached to: Bill To Require Vaccination of Children Advances In California

Can you explain why?

Because there are too few of them to pose a significant risk. There is an acceptable margin of non-vaccinated people.

And the number of people who are immunocompromised, or cannot have vaccination due to legitimate medical reasons is such a small number, that they fall within the margin of acceptable risk.

The number of people attempting to avoid vaccination for the sake of convenience, Or based on unqualified hearsay or personal opinion, far exceeds the acceptable margin.

Therefore, yes, as a whole: this group of people is more infectious and a much more serious public health danger.

Comment: Re:Good for them (Score 4, Insightful) 144

by mysidia (#49542043) Attached to: Groupon Refuses To Pay Security Expert Who Found Serious XSS Site Bugs

They should disclose these vulnerabilities to build a safer Internet, not to line their pockets.

A safer internet doesn't put food on their table.

It's Groupon who is lining their pockets, when they could be building a safer internet by actually paying money for security. It's the reluctants of companies to take security seriously and spend time and money on it that leads to an unsafe internet.

And then we get dumb things like this "responsible disclosure program," which is really not about protecting users, but protecting Groupon's reputation. That is to say... it's a PR-protecting policy, not a policy for protecting users' safety. The unintentional disclosure they referenced regarding ONE of the 30 vulnerabilities didn't even reveal meaningful information about the vulnerability, therefore: Groupon was not concerned about exploit details being disclosed, but ONLY the fact that there was publicity being generated that said their site was insecure.

The researchers need the bounty proceeds to justify spending the time researching to discover them. It's the companies that are lining their pockets, by avoiding hiring people like these folks and other security professionals to do this ----- instead offering small bounties, only available if they DO discover something wrong after spending possibly thousands of hours beating around looking for something wrong.

Comment: Re:...and adults too. (Score 2) 605

by mysidia (#49538215) Attached to: Bill To Require Vaccination of Children Advances In California

Not being vaccinated is more like not digging a fire break around my house.

Your living spaces are right by each other, but you don't want to install the fire barrier required by the building code to stop rapid spread of fire, because you heard it through the grape vine that fire barriers fail catastrophically and cause cancer.

It doesn't matter what your opinion is; the authority having jurisdiction can deny you the right to occupy that structure, and issue an order that it be remediated into compliance within 10 days or will be demolished.

Comment: Re:...and adults too. (Score 2) 605

by mysidia (#49534229) Attached to: Bill To Require Vaccination of Children Advances In California

It isn't the community's job because it is no job at all. Property rights, living rights, trading rights, and travel rights are all pretty fundamental and it requires no effort to not interfere in them.

Wrong. It does require efforts to support these legal rights. Property rights require assignment of rights to a scarce public resource (land). Property rights require ownership records, police and courts to protect, and support infrastructure. Travel requires maintenance of roads.

They are not human rights; or more specifically, they are not among the inalienable rights. They are rights that can be and are withheld, not given to, or taken away from people.

Property/travel/trade rights are frequently withheld from people who fail to pay taxes, fail to appear when summoned by the court to appear, or who fail to meet other standards or fulfill other duties that have been imposed upon them; Even people travelling in a dangerous manner, can lose travel rights due to DUI, can get fines for speeding --- ultimately resulting in restriction of travel (loss of license), or jail time, in some cases.

Refusing to take vaccinations is really no different fundamentally from refusing to do other thinks required.

Comment: Re:...and adults too. (Score 1) 605

by mysidia (#49533629) Attached to: Bill To Require Vaccination of Children Advances In California

Why should your right to drive how you want

Driving is a highly-regulated activity, and as officials are apt to repeat often: your eligibility for a license to do so is a privilege, not a right.

The same is true, also... regarding your ability to access public goods in any manner.

You have the right to equal protection under the law; however, so you have protection from being deprived of the privilege, except if you fail to meet a standard required by the law.

Disobeying a traffic law can lead to failure to meet the standard: resulting in revocation of any privileges the law sees fit to revoke.

So vaccination could be the same.....

It seems like people might have more second thoughts about this whole home schooling thing; if in addition proof of vaccination or medical exemption were required not only to access schools, BUT also for the person to take a GED exam after, to obtain or renew driver's licenses, to board a plane or train, to enter a concert or other public event, to open a bank account, to transfer real property, or to obtain a passport.

Comment: Re:...and adults too. (Score 5, Insightful) 605

by mysidia (#49533571) Attached to: Bill To Require Vaccination of Children Advances In California

No, it really isn't. You have a warped sense of right and wrong if you feel it is justified to force vaccinations on others for your own health benefit.

It's part of the social contract. If someone feels that it isn't their civic duty to take the proper vaccinations required and demanded of them for their part in protecting society, Then it's not the community's job to allow these people to live in our cities, hold claims to land, conduct trade, or access or public roads or other venues.

Such rights only exist under the civilized society, AND if you choose to live in the civilized society, then you MUST take every obligation that comes with that choice --- that choice is only available if you also are to pay your taxes, and respect the well-being of other people, for example: by not killing them, or robbing from them, BUT, also, taking the required steps to see that you are not making them sick or putting their lives at risk through your own negligence.

Failure to receive the minimal recommended and required vaccinations is negligence.

It's no different than creating a humongous unreasonable fire hazard in your backyard, and claiming you have no duty to prevent it from catching your neighbor's house on fire; that just aint so..

Such people who would refuse vaccination for no provable and rationally justifiable medical reason --- can and should then be put into quarantine or deported / removed from civilized areas, with steps taken to ensure they stay out until they agree to vaccination.

Comment: Re:I call bullshit on anything from Forbes (Score 2) 132

by mysidia (#49531575) Attached to: New Javascript Attack Lets Websites Spy On the CPU's Cache

any program that can control what happens within its address space can manipulate data moving in and out of the CPU cache.

Yes, but it cannot observe what data from other processes is moving out of the cache The attacking process already has to know what bits the other process might have in the cache that they are attempting to time. The cache side-channel attacks are using statistical techniques... in artificially constructed scenarios: where only one other process has shared data you want to do a timing attack against.

It only works when the spying process knows the bits; And the timing at which those shared known bits are accessed, reveals information that can be used to infer other bits

Cryptographic algorithms are susceptible to this, BUT the algorithms and implementations can be made resistant through various methods.

Comment: Re:Must hackers be such dicks about this? (Score 2) 270

by mysidia (#49498135) Attached to: FBI Accuses Researcher of Hacking Plane, Seizes Equipment

Only because it's socially unacceptable to even joke about that / most people don't find that very funny / some people may not recognize it as a joke, and it can cause panic since the joke is too "believable", so even jokingly it's a terrorist threat.

On the other hand..... "Dropping O2 masks"; isn't the same.

Even if it's not a joke: how exactly is that life-threatening?

Dropping O2 masks falsely would be property damage for the airline, since now they would incur additional expenses after the flight to restore/reset safety systems, not a life-threatening event in itself.

Comment: Re: Decent (Score 1) 482

by mysidia (#49491023) Attached to: Seattle CEO Cuts $1 Million Salary To $70K, Raises Employee Salaries

The argument you made was that money woes are caused by people spending poorly

Not woes, BUT worries, and the argument I made is to counter the claim that he removed all money worries from his staff, AND spending poorly is just one of the examples of additional spending It doesn't matter necessarily if it's "poor" spending or not, only that it is more spending, as even people spending within their needs will spend more, and therefore, there will sometimes be money worries regardless. It looks like the dramatic generalizations here are coming from you....

But even I would be pleased if my CEO cut his pay by 93% and used the money to bump my salary up even a modest amount.

I never suggested any employees wouldn't be pleased by the bump up. Only that most of them will probably still have money worries occasionally, as their spending is likely to increase ----- a salary bump up does not make it so people no longer need to budget or think long and carefully about available choices, to avoid problems.

Comment: Re: Decent (Score 2) 482

by mysidia (#49486225) Attached to: Seattle CEO Cuts $1 Million Salary To $70K, Raises Employee Salaries

With a newborn, child daycare will cost me $1515 per month. An increase in my salary will help me be in the office 5 days a week vs. working from home

Your story is anecdotal and does not apply to the population in general. Your story also does not contradict my proposition.

There are intelligent or beneficial uses of additional $$$ and bad ones. There is well-planned budgeted constrained spending, and impulsive spending.

You chose to not spend money on childcare before, and work from home which can be career-limiting, why would you do that? What did you spend money on instead... was it well-planned, did you avoid waste, prioritize your purchasing plans, save as much as possible, and pay as little as you needed to on other things?

The way that you would even consider refraining before and then plan on spending the extra money on Daycare in advance, instead of splurging on 100 additional pairs of new shoes or $600 i-Toys you can buy just shows you probably aren't like most of the population.

Comment: Re:Decent (Score 3, Insightful) 482

by mysidia (#49485331) Attached to: Seattle CEO Cuts $1 Million Salary To $70K, Raises Employee Salaries

What he just did was remove all money worries from his staff.

Not necessarily. When people earn more money, they tend to spend more less efficiently or for things they want more than need. If they have poor discipline, now they are eligible for more credit and can rack up bigger debts faster.

Often people spend more money than they should, Or they have a "spending disorder", such as Shopping Addiction OR Binge + Buyer's Remorse, and it ultimately results in money worries.

In other words: money worries are not exclusively caused by low salaries. Money worries can be caused by insufficient education/poor resource management, and psychological problems as well.

Comment: Re: Must example set of him (Score 1) 629

He wasn't charged with hacking. The charge was unauthorized access.

The student had authorized access to the computing system. The student logged into the system with higher privileges without permission than the student was intended to access the system with -- using the credentials to another user's account which the student learned using lawful means (There was no surreptitious spying, keylogging, deceptive/fraudulent activity, or attacking of the computer system required to get access to the login used).

No. This is the equivalent if locking the grade book away when the student knows where the key is. It's the changing of the grade that is wrong not the finding of the key.

Ok, sure... the teacher locked the grade book away, then in plain sight of the students set the key on the desk, or left the key in the lock. The point is there is no 'breaking and entering' involved here.

The teacher/staff of the school are totally complicit in any wrongdoing, due to inadequate supervision and improper precautions. If they expected to secure their accounts, they should have actually chosen a password for the Password field, instead of using their name: which all the students are told on 1st day of class, therefore the teacher actually indirectly disclosed her password on the 1st day of class, most likely.

Except, the student didn't look at or change the grades; although the student in theory could have. Even if the student did change the grade... a criminal charge would be ridiculous. Just give the student an academic penalty and a disciplinary charge --- fail the course, suspended pending review by a disciplinary committee and possible expulsion.

Anyone can hold the helm when the sea is calm. -- Publius Syrus