schon - Slashdot User

Comment Re:Secrecy or Transparency? (Score 1) 145

by schon on Saturday December 20, 2008 @10:52AM (#26183659) Attached to: Court Allows Arkansas To Hide Wikipedia Edits

the security of systems relies at some point on the obscurity of certain pieces of data

No it doesn't. Obscurity is neither a necessary or desirable element of security.

Whether it be a user password or a map of a network topology

The first of these isn't obscurity, and the second should not result in the ability to compromise a system, so keeping it obscure won't help security (in fact, the belief that keeping it obscure is beneficial actually *reduces* your security.)

Obscurity is information that is obscured - ie hidden with the belief that an attacker won't find it. In some cases, this belief is justified (strong encryption) in others, this isn't (network topology, listening ports, etc.)

In any properly designed system (Such as Unix, or even Windows login) passwords are not obscured, they are one-way hashes, with both the location and hash algorithm known. If the passwords were kept in plaintext, and their location was kept secret, then that would be obscurity.

Even considering that the system may have been used inappropriately, is the crime worth the possible destruction of the entire network at the hands of hackers?

You're making the (extremely) flawed assumption that the *names* of people who used computers will lead to the destruction of the network, which is absurd.

Journal SPAM: ACLU: U.S. Terror Watch List Surpasses 900,000 Names 2

Journal by Jeremiah Cornelius on Thursday February 28, 2008 @08:43PM

Wow! Just by reading these words, you probably have a better chance of making this list than winning the lottery. "In September 2007, the Inspector General of the Justice Department that the terrorist watch list information in the United States had over 700,000 names, and that the list was growing by an average of over 20,000 records per month. At that rate, our list will have a million names on it by July." I wonder

Submission + - A new low in restrictive software licensing 4

Submitted by Coutal on Tuesday December 25, 2007 @05:52PM

Coutal writes: Licensing is usually looked upon as a burden by software customers, although one we're grudgingly used to living with. However, at times one encounters new lows which can still invoke sufficient outrage — a stealable license.
Recently, my i-go based pocket pc navigation unit was stolen. However, I still retained my valid serial number, certificate of authenticity, proof of purchase and even a backup of the software. I figured restoring my software to another device should be a matter of unit service or (tops) minimal fee for media restoration. Tech support, however, had other ideas in mind. They informed me that my license was stolen with the unit. No amount of explanation of the lack of logic in that statement made through. They insisted that my backups were also void because I no longer have the original SD card and that I am not allowed to use them (which kind of defeats the whole purpose of backup, as the device only stores extremely little other data than the original software — no more than a few points of interest and marginal settings).

Submission + - Is it legal to use shell commands through php? 2

Submitted by on Thursday December 13, 2007 @11:51AM

An anonymous reader writes: In my college, there's a network for computer science students. That network provides services like email, homepage hosting, etc.
Once, I created a php script which simply translated browser requisitions to shell commands. I have tried a lot of commands through my browser, for example: 'cat /etc/passwd' and 'cat /proc/cpuinfo'.
There were no links to that page and, to enter a command, the user had to type it at the browser address bar.
As you see, I simply used the service I was allowed to use the way it was designed to be used (no exploits needed). But my homepage account was cancelled (in fact, I was threatened by the admins to go to prison for that script).
Do you think they should have punished me?

Submission + - Canadian DMCA To Be Introduced Tomorrow Morning? (michaelgeist.ca)

Submitted by BfA on Wednesday December 12, 2007 @08:09PM

BfA writes: The proposed Canadian DMCA is supposed to be tabled tomorrow. Should we as Canadians roll out the red carpet for our American lobbyist overlords now?

Submission + - Icelandian calls White House, labelled a terrorist (go.com) 3

Submitted by Anonymous Coward on Monday December 10, 2007 @07:47PM

An anonymous reader writes: A 16-year-old boy in Iceland called a secret government phone number, which he thought was Bush's private number, and posed as the president of Iceland. After passing some impromptu security questions, such as President Ólafur Ragnar Grímsson's birth date (which he answered with Wikipedia), Bush's secretary told him to expect a call back. Instead, police surrounded his house and interrogated him on where he got the number, threatening to put him on a no-fly list if he didn't tell. He claims he can't remember where he got the number, but says "I must have gotten it from a friend when I was about 11 or 12."

Submission + - Canadian DMCA To Be Introduced Within Weeks

Submitted by Anonymous Coward on Wednesday November 28, 2007 @12:39AM

An anonymous reader writes: Canadian law prof Michael Geist reports that the Canadian government is about to introduce Canadian DMCA-style legislation. Within the next two or three weeks, Canadians will be treated to new anti-circumvention laws that match those found in the U.S., while the government does nothing to address the blank media tax or fair use.

Submission + - The 10 Most Ridiculous Inventions Ever Patented

Submitted by

OakDragon

on Wednesday November 28, 2007 @12:17AM

OakDragon writes: "Move over Amazon.com and Microsoft: Cracked.com (remember "Cracked?" It's back, in web form) presents their picks for the ten most ridiculous patents, including an "animal toy" that we might call "a stick.""

Submission + - The early days of 3D games (blogspot.com)

Submitted by

Christophe de Dinechin

on Saturday November 10, 2007 @06:43PM

Christophe de Dinechin writes: "What was Infogrames like when they occupied a single floor of a single building? Was Frederick Raynal already such a bright guy long before becoming insanely famous for "Alone in the Dark" (answer: yes)? How do you draw 3D using mostly additions? As the author of one of the earliest 3D videogames, I wrote a personal account of these crazy days, back when real men coded on real CPUs which had no clue about real numbers (aka floating point)."

Submission + - Game, The Operating System? (blogspot.com)

Submitted by

Heartless Gamer

on Saturday November 10, 2007 @05:37PM

Heartless Gamer writes: "Citing a c|net news article, Heartless Gamer examines the possibility of a Linux-based operating system dedicated to gaming. From the article: "The ability to 're-spin' Fedora is attracting some interest. Among the Fedora-based variations that will be available are one for gaming, one for designing microprocessors, and one for programmers." Jeff Freeman, declared to have at one point lost his mind while developing games, has also chimed in."

Submission + - Demonoid shut down by the CRIA...again

Submitted by Anonymous Coward on Saturday November 10, 2007 @05:20PM

An anonymous reader writes: Looks like the CRIA strikes again. They couldn't get Demonoid to shut down themselves, so they went up the food chain and threatened their hosting service. The only thing on http://www.demonoid.com/ as of Nov 10, 2007 is the message "The CRIA threatened the company renting the servers to us, and because of this it is not possible to keep the site online. Sorry for the inconvenience and thanks for your understanding."

Looks like they need their a better hosting service/their own hardware and probably a better ISP.

Submission + - 'Deadly asteroid' is a spaceprobe (skymania.com)

Submitted by

suthers

on Saturday November 10, 2007 @05:02PM

suthers writes: "An alert over a close shave by a threatening asteroid has been called off after it was found to be a passing spaceprobe! The alarm was raised by the Minor Planet Center, the world's official HQ for logging newly discovered space rocks and checking for any "Near Earth Objects" that threaten a devastating impact. They failed to realise this was an expected flypast by a comet explorer called Rosetta. http://news.skymania.com/2007/11/deadly-asteroid-is-spaceprobe.html"

Submission + - 99 Years Ago in Tunguska, Siberia [pics] (scienceblogs.com)

Submitted by

grrlscientist

on Saturday November 10, 2007 @04:57PM

grrlscientist writes: "In 1908, a mysterious explosion caused 770 miles of Siberian forest to be flattened. Now, scientists may have solved the riddle of what caused it.

From the article: On 30 June 1908, a few native peoples in Siberia reported seeing a bright light and hearing a series of loud explosions, accompanied by fierce winds and fire. These explosions, which flattened the pristine Siberian Taiga for 770 miles (2,000 kilometers) around, are estimated to have had the power of 2000 Hiroshima atomic bombs. However, this area is so remote and Russia was experiencing so much political turmoil that no one was able to investigate the scene until 1927, when the accompanying black-and-white images first recorded the devastation."

Submission + - Police and fire radio system vulnerabilities (tcomeng.com)

Submitted by

daryljones

on Saturday November 10, 2007 @02:49PM

daryljones writes: "It's rarely talked about, but well-known by most system engineers who are involved in police and fire radio systems. Trunked radio systems used by many police and fire departments are highly vulnerable to denial of service attacks that could quickly render them useless. In less than an hour of searching the Internet, I found sufficient information to create malicious software that would cripple Motorola SmartNet and MA/COM EDACS trunked radio systems. See http://blog.tcomeng.com/index.php/2007/how-vulnerable-are-trunked-radio-systems-to-terrorist-hacker-attacks/. The public-safety community needs to demand security enhancements, or stay with conventional (non-trunked) radio technology that is immune to software attacks."

Submission + - In Memory of Dave Morse, Amiga Co-Founder, '43-'07 (rebol.com)

Submitted by

mlauzon

on Saturday November 10, 2007 @02:23PM

mlauzon writes: "David Morse, Amiga Computer's co-founder passed away last week. I will remember him always.

Dave, was always an inspiration to me... not only from back in the old Amiga days, but in the early days of NTG (3DO), Interactive Partners, and VideoStream, the company we built together. Then, in more recent years, his interest and contribution to my vision of REBOL and IOS.

Dave was my model for how to be cool in business, and I respected him immensely for it. How many meetings I sat and watched Dave in action, or should I say, perfectly timed silence. Dave was the master of the dramatic pause... during a negotiation, purchase, contract. He knew the timing, and what it took to make the deal.

Few people have taught me so much during my life... as a role model and leader. It did not matter if we were presenting our vision to ATT, Time Warner, or Kleiner Perkins in front of Vinod Khosla, Steve Wynn and Michael Milken, Dave was always calm and trusting about it. "We'll do the best we can. If it doesn't work out, there are others who are interested." His calmness was reassuring, and it served as my strength.

Dave was one of those guys who would sit through a board meeting, say almost nothing, then at the end of the meeting would say just one sentence or two, and they would be a perfectly formed gem of thought and plan of action — the optimal direction for the company, whatever company it was.

Dave, thanks for teaching me so much. Thanks for your trust, and for making so many visions a reality. I will dearly miss you.

Source: Carl Sassenrath, CTO, REBOL Technologies"

Slashdot Top Deals