Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:"violence to advance their cause" (Score -1, Troll) 229

I look forward to seeing Antifa accounts suspended.

Violence against nazis, white supremacists and fascists is acceptable. It's always been acceptable and it always will be acceptable. It may not be politically correct to punch nazis, but that's too bad. Suck it up, buttercup.

Violence against nazis, white supremacists and fascists is part of our heritage. You're not trying to destroy our heritage, are you?

Comment Re:Citizen's United nixes this bill (Score 0) 200

If you think that American voters are dumb enough that they can be swayed by $50000 in false Russian advertising,

Enough of them are indeed dumb enough. Especially if the ads can be targeted using private polling data from the Trump campaign. Russian troll farm ads were never going to sway a majority of US voters, and the vote totals showed that they didn't. But if you know exactly how to target those ads in states that were very close and which had significant populations of dumb people (Wisconsin, I'm looking at you), it can be enough.

Comment Re:How to make any antivirus software safer? (Score 1) 351

I'm not so sure about that. I have a fear that Bell was right in his 2005 paper, that security is diminishing rather than growing.

The security industry is growing, don't get me wrong. We have a million security products and maybe ten million security consultants today. But the security that everyone does is on a band-aid level. As far as I'm aware, there has been zero fundamental research into information security since the 70s.

Comment Re:How to make any antivirus software safer:SELinu (Score 1) 351

SELinux suffers from a complexity flaw. Setting up a tight policy for a production system is not an easy task. I was evangelizing SELinux for many years (my name is in their contributors list). The complexity issue was clear from the start, I was always hoping it would be solved one day, but it still isn't.

So today you have SELinux in all the major distributions, but it's not really much used. Even if it is run in enforcing mode, the policy is very generous. That puts it on the level of a firewall - another layer of security, but it still lets a lot of stuff through.

A tightly configured SELinux is a very hard target. I went to hacker conferences a few times, put up my SELinux notebook and wrote IP address and root password on a piece of paper posted right above it. The real root password, with SSH root login enabled. One time a guy managed to put a file into the root home directory, because I had forgotten one policy rule. That's it. SELinux can be configured very tightly, but at that time, there were maybe two dozen people in the world who could do it. That's not acceptable for commercial purposes. Who wants a system where if you lose your one guy who can handle it, it might be impossible to find a replacement?

Comment Re:How to make any antivirus software safer? (Score 1) 351

So I used the same password for all of them (A big nono)

Says who? The same guys who tell you that a password needs to have special characters and numbers. Oh look, this year the guy who wrote that rule originally apologized and admitted that he basically pulled it out of his ass at that time and thinking about it again, it's complete nonsense.

For all the sites that are not important to my life, which is about 95% of my accounts, I use only two passwords. One for forums and games and such where I really don't care at all and one for places that matter to me. If anyone gets one of these from a breach at any of these sites, omg he can post in my name to some forum...

but more interested in covering their asses and be able to blame somebody when things go wrong.

It's more of a "nobody ever got fired for buying IBM" problem. When you set up your security system, one issue is liability. By following "best practice", you can get out of liability. That is what top management cares about the most.

Comment Re:How to make any antivirus software safer? (Score 1) 351

I couldn't care less about trends on /. -- I have been giving conference speeches about this for half a decade now, pointing out what exactly we can do better when it comes to integrating users into infosec instead of considering them the enemy.

Slowly, personal security is becoming important. I'm not talking awareness campaigns, I think that's a snake-oil business. I'm talking screening, training, proper procedures and also not treating your employees like shit. In my fathers time, you didn't need rallys - people were actively interested in what is good for the company, because the company was actively interested in what is good for the employees. Bring back that give-and-take relationship and you have done wonders for infosec.

You completely misready my post. Nowhere did I put all the responsibilities on IT and nowhere did I claim that users and their capabilities and intentions could be ignored. You need to figure these things into your security. That's the point. You can't just take the cheap way out, say "ah, users are idiots" and put all the blame on them. If users are idiots, it is your job to make the system idiot-safe. That's why airplane doors don't open in-flight, because a drunk passenger might mistake it for the toilet. Right now, too many computer systems will happily open that door and then we go around shouting that users are idiots.

Comment Re:look at Europe (Score 1) 158

Yeah you can bet it wont be the upper reaches of any company.

According to the law, it will be. Liability lies with top management, not with any IT guy. The company boss can shout at the IT guy, but the judge will shit on the CEO.

Also, where does this fine go? Who gets it? I get the punishment aspect, but if you force a company who already isn't spending enough on Cyber to push that same money into a fine, where will they get the money to put in better security?

They will find it somewhere, or they will be fined again.

This is a strawman argument. "Sorry officer for robbing the old lady. I was hungry. Don't fine me, because if you take away my little money, I will be hungry again and rob another old lady." - seriously? You think that argument will fly?

Comment Re:Citizen's United nixes this bill (Score 4, Informative) 200

The CU verdict explicitly states that anyone, regardless of nationality, can put money into US elections, as money is speech.

The CU doesn't mention nationality. In fact, it did not overturn existing laws banning foreign campaign expenditures. And, it has specific language about transparency in campaign spending. In the majority opinion, Justice Scalia specifically said that Congress needed to pass laws requiring that all campaign expenditures should be transparent.

All this new bill does is codify what the Supreme Court decided in Citizens United.

Comment Re: Super PACs (Score 1, Insightful) 62

Unfortunately that runs afoul of that pesky concept of "no taxation without representation."

What, you think "no taxation without representation" is in the Constitution? It was a a fucking slogan. The group of wine snobs that were the "Founding Fathers" were just looking for ways to get out of paying their own taxes. They weren't looking to establish some legal precedent.

If "no taxation without representation" was part of the Constitution, then we wouldn't charge any taxes to the millions of Americans that are denied their voting rights in red states every single election.

Slashdot Top Deals

"Inquiry is fatal to certainty." -- Will Durant