Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re: Is this the 21st Century? (Score 5, Insightful) 509

That's pretty much what it reminds me of. Reading these always brings to mind how advanced the Arabic people were until the strict adherence to religious doctrine basically removed many of them from the sort of social/political evolution that comes from hearing/debating ideas that aren't your own. It also smacks of the current trend of downplaying scientific discoveries as mere 'theories' that are 'equally as valid' as Christian doctrine.

Comment Re: Oh give me a break (Score 1) 349

There are always exceptions, consider Christopher Tolkiens later publishing of his fathers works and even making additions to stories that were unfinished. He was able to do that because he inherited the rights and all the notes his father had lying around.

By your logic, anyone can bastardize someone's work as long as they are dead first and screw whatever the author had planned before he died. Much like Stieg Larson, he had 3 sequels to his 'Girl with the Dragon Tatoo' series already drafted out and then he died, so anyone should be able to take his characters and do whatever since he's dead, to hell with his plans for character development or stories!

I can understand not wanting useless people to feed off the success of their parents but as a parent, I want to provide for my child (useless or otherwise).

Comment Re: Bullshit.... (Score 1) 139

Make all telcos/ISPs route out to an international networks where it gets 're-encapsulated' to appear that it's coming from outside the US. Seems like an easy way to force compliance, especially if you gently remind companies about the foreign shores they are based in (on paper at least). In fact, that being the case, I wonder if the 'technical' argument can be made that they are foreign entities, so the traffic that generates within the US borders By customers of that company could be considered a 'foreign' network and therefore not subject to any constitutional protections?

Comment Re:Worse than clickbait ! (Score 1) 393

There is also the possibility that they are monitoring particular terrorist links but don't want to divulge that. If the terrorists are communicating over text-messages and they have made any effort to compartmentalize information (even a tiny bit), any proactive actions taken by an intelligence agency would lead the terrorists to specific people that are being monitored. That's far more telling from an adversaries perspective then a generic 'all text messages are analyzed'. I am not part of any nations version of a 3-letter agency but I wonder how much damage is done by not wanting to disclose to the enemy specifics of exactly what/who/where/when things are monitored. Much like during WWII, actions needed to be weighed against the value of keeping that line of intelligence open which leads to which atrocities do you permit 'for the greater good' and which do you block. =|

Submission + - OPM hack included fingerprints (nationaljournal.com)

schwit1 writes: The Office of Personnel Management announced last week that the personal data for 21.5 million people had been stolen. But for national security professionals and cybersecurity experts, the more troubling issue is the theft of 1.1 million fingerprints.

Much of their concern rests with the permanent nature of fingerprints and the uncertainty about just how the hackers intend to use them. Unlike a Social Security number, address, or password, fingerprints cannot be changedâ"once they are hacked, they're hacked for good. And government officials have less understanding about what adversaries could do or want to do with fingerprints, a knowledge gap that undergirds just how frightening many view the mass lifting of them from OPM.

"It's probably the biggest counterintelligence threat in my lifetime," said Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace. "There's no situation we've had like this before, the compromise of our fingerprints. And it doesn't have any easy remedy or fix in the world of intelligence."

Comment Re: Citizen, I notice your resistance (Score 1) 74

I agree that everyone has something to hide, just as everyone is a target of 'cyber' attacks. However, while I have not yet read the full bill and the linked article is a bit sparse on actual fact, sharing attack data would be tremendously helpful. If private companies are able to share STIX/IOC's (with information deemed private stripped out) that information would be very useful. While I worked for an Amazon sub, we couldn't even get attack data amoungst companies that were, essentially the same. Currently if you were to ask your biggest competitor to share data, you will get a 'No, thanks' at best. Most of this seems to be from lawyers/compliance people that seem to think sharing the data will make the sky fall. There are some private companies attempting to do this but the solutions are immature and not really ready for any sort of meaningful exchange. Facebook is doing their Intel sharing but it hasn't gotten off the ground yet.

I would agree that the government is probably not the best clearing house for true threat data. Look at infraguard & cert, sure they send out useful data but it's usually late and if you want the really interesting bits, you need a clearance (which working at a private company is practically a non-starter). The security industry needs to figure this out for itself before the fed steps in and makes it the same black hole sharing data with them currently is.

Comment Re: Tricky question (Score 2) 205

Sadly this is too true. A lot of the shops out there don't understand mitigating controls or 'we tweaked a configuration so we aren't vulnerable, despite what the banner says and here's output from us actually using the exploit....see not vulnerable'. That's one of the major issues I have with PCI, it's far to common for the auditors to not understand the context of the controls, let alone how the network is configured. I remember having to argue with an auditor about how umask worked and sudo.

When we evaluate third party companies we request the most recent pentest report (depending on the data being shared) and most of what we get back is simply screenshots from some vuln scanner and clearly it says Apache so it must be vulnerable. I would love for the end customers to be more educated on what the deliverables should be for a pentest.

Slashdot Top Deals

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry