Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - Is Whitelisting The Answer To The Rise In Data Breaches? (forbes.com)

MojoKid writes: It doesn’t take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called “whitelisting.” It’s not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it’s pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working.

Comment Re: If you like it (Score 1) 171

You blame him for the health insurance providers taking the opportunity to use him as a whipping boy and take out their aggravation that their golden goose isn't looking too healthy?

In other news, Reagan said that trickle-down economics would work, and George W. showed up on an aircraft carrier claiming victory over a war that wasn't over yet, which we started because of falsified intel. Clinton said he didn't have sex with that woman, either.

Comment Re: And That, Ladies and Gentlemen ... (Score 4, Insightful) 194

Your theory flies in the face of history. Spam now represents the majority of email sent and they only need a fraction of a percent in return in order to reap a significant reward to justify their efforts. This particular clever exploit has been around how long undetected? And all they have to do is take the same code and inject it into the next extension they buy, or roll out. This is even better than spam.

Google's main reason for getting involved in this one is that it's leeching off of their core business. I guarantee that's not something they'll let slide.

Comment Re: RSA sold you out (Score 1) 464

If my entropy is real then knowing the algorithm doesn't help. The problem with the dual elliptical approach used by the spec was that the "randomness" was baked in, and then made to be the default used by RSA. The spec actually allowed for users to change the baked-in numbers; this hack by the NSA relied on success through the ignorance of customers rather than real cryptography. More social engineering than computer engineering.

Comment Re: Nobility (Score 1) 653

Americans have historically held the attitude that ousting people out of their land is their God-given right, using that justification to murder millions of people. Why shouldn't we start doing it to each other? The irony is delicious.

Meanwhile the percentage of poor people in the United States is about to become the majority, and in a democracy, the majority rules, whether by ballot or by baseball bat. Saying "let them eat cake" is usually not a good sign of where things are going.

Slashdot Top Deals

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...