Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - NSA Director Says Cybercrime is 'Greatest Transfer of Wealth in History' (threatpost.com)

Trailrunner7 writes: The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is "the greatest transfer of wealth in history."

U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approving a much-needed cybersecurity law — of which various versions currently are circulating in Congress. At the same time, he implored private companies to better cooperate with government agencies, many of whom remain mum because of privacy concerns.

"We can do the protection of civil liberties and privacy and cybersecurity as a nation. Not only that we can, but I believe it's something that we must do," Army Gen. Keith B. Alexander told an audience at the American Enterprise Institute in Washington, D.C.

Comment Re:Really? (Score 1) 622

Yes, and its universal availability is a result of the low bar it presents to amateurs. Anyone selling very cheap hosting has to sell a lot of it to a lot of people who aren't going to be interested in anything hard.

Comment Re:Really? (Score 2) 622

Why contribute to a project that has such a solid record of recklessly incompetent leadership? Why work to prop up an ecosystem that has developed into a vast toxic swamp?

The advantages of PHP have always been reducible to the fact that it is relatively easy for non-programmers to understand. It's accessible for people who don't have a mindset for or interest in computer science. That's not inherently a bad thing, but it is risky. As with VB before it, it is true that any crazy idiot can code in PHP, so many of them do. The choices made over the years by many in the PHP community (led from the top) to keep it an easy, accessible, and forgiving platform in order to grow rather than improve the community have had predictable results. The debacle of the recent release bungles and the ongoing failure to either obviate Suhosin for 5.4.x or make it work is demonstrative evidence that the guiding spirit of the PHP universe is still one of reckless incompetence.

Comment Re:So much for that idea... (Score 2) 99

My Japanese is worthless, but I'm not a large multi-national industrial conglomerate with operations in Japan worth millions of dollars per year that would justify my time and/or money to actually learn Japanese or hire someone who can write a press release in Japanese fluently. If I had a need to issue press releases in Japanese, I'd at least have a native speaker read them to make sure my machine translator hadn't messed up.

Comment Re:So much for that idea... (Score 1) 99

Frankly, that's paranoid. I stopped trying to understand the deep math of leading-edge crypto some years ago as my brain calcified, but I understand enough of it to know that there's no need for intentional sabotage to explain vulnerabilities to innovative attack.

My question is how *THIS* mechanism has survived as long as it has. I haven't looked at the math in depth, but the broad descriptions I've found make me expect that there must be far-better-than-brute-force attacks on it. This crack isn't the first one to prove that to be the case, if I'm reading the Fujitsu PR right. I'm hoping for a deeper explanation of why pairing-based cryptography is so attractive that what seems like past evidence of diminishing returns from increased nominal complexity didn't kill it off before now.

Comment Re:Infected? (Score 3, Interesting) 285

...but how is it 'transmitted'? That implies an installed transmitter, ie. malware.

A lot of Windows malware is transmitted via email, because there's a long history of Windows mail clients (most importantly Microsoft's crapware) being directly vulnerable and/or facilitating deceptive mail.

I have a lot of Windows malware on my Macs because I have email addresses that have been used openly and actively for 20 years and so have made it onto all sorts of indiscriminate spamming lists that are used for malware distribution. Because mail abuse is a professional focus of mine, the archives of malware-bearing spam I have accumulated is a resource, not an infection. I'm not sure why anyone else would retain all of their junk forever, but many people do so. It is a rare hour when I can't identify a log entry from my mail server rejecting mail that is almost certain to be bearing malware, and a rare week when I don't have at least one spam slip through carrying some form of malware.

If you dig down past the click-bait page referenced in the /. submission, the original source of this story is a blog post by Graham Cluley at Sophos: http://nakedsecurity.sophos.com/2012/04/24/mac-malware-study/ and it includes a breakdown of the strains of Windows malware seen on Macs. The top 2 I recognize as mail-borne and some of the other named ones are likely to end up the browser cache of any carelessly wandering user. It is an act of irresponsible fearmongering by Cluley to say (as he does) in an unqualified way that these "can still be spread to others" and compare the 20% infection rate to the 20% rate of Chlamydia infection in young men in the UK. Those in men are infective, a Mac with a Windows trojan in its browser cache or junk mailbox is not.

Comment YOU POKED MY PET PEEVE (Score 1) 194

1. It is a physical relative to steganography, which is itself a form of security through obscurity. It isn't gold bars hidden under the couch. I promise. Many of the things in my home that I might consider putting in a safe if I had one are in the class of things one would need to know about a priori to make any real start at finding them. Others are such that most people could stare right at them and not understand them to be worth stealing.

2. Most forms of security that do not involve credible threats of violence are ultimately "security through obscurity."

Comment More seriously... (Score 2) 194

But legitimate questions remain as to whether they will ever truly replace their leathery counterparts.

Legitimate questions would be much less like "Is water wet?" or "Does the Mayan calendar not actually predict the obliteration of the Earth in 2012?" or "Will Apple and Google and a few million /.ers running Kubuntu drive Microsoft into irrelevance and bankruptcy by 2015?"

The physical wallet is not going away. As long as there are legal purchases for which many people would prefer to have plausible deniability, there will be cash. Until the final merger that yields AppFedGoocrosoft, L. L. C., Our Beloved Planetary Government, (with 51% of voting shares held by Goldman-CitiSachs of America, and the financial equity held mostly by the Bain/Koch Group and the LDS Church Inc.) those of us not standing in line to be rendered into spare parts and raw biodiesel input will need some way to hold a half-dozen competing trackable-money tokens, a dozen merchant "savings club" cards, blank bits of thermal paper that used to be receipts we thought we should keep, and enough paper money for a Big Mac, a USA Today, a pack of smokes, and an hour of high-res porn on the medium du jour.

Slashdot Top Deals

"Most people would like to be delivered from temptation but would like it to keep in touch." -- Robert Orben