Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Never take security advice from a guy who can't (Score 1) 165

From my reading of the Mega response, the crypto applied to the static content was to ensure the integrity of the files as transmitted, not the privacy.

They are free to add an arbitrary amount of additional integrity checking of the static files, both of the cryptographic and non cryptographic nature. I wouldn't be surprised if they already do because it is trivial and a normal thing to do.

Comment Any Resemblance (Score 2) 329

Any resemblance between the actions of the European Commission and due process is entire coincidental.

The European Commission gets to act as investigator, prosecutor, judge, jury and executioner, with no oversight.
It's then left to the courts to clean up, years after the self serving commissioner has moved on from his or her round robin appointment at the commission.
 

Comment Re:LOL (Score 1) 117

>You don't understand software security, do you
Actually I do. It's my job. Well mostly hardware security, but they overlap.

SQL injections are a problem of untrusted data being mistaken for trusted code. When data cannot be mistaken for code it makes it very difficult for traditional SQL injection to happen. SQL promotes the problems of data/code confusion because it is a text string that contains both and constructing and handling that string correctly has provided lots of scope for error.

Keeping your data data and code code is great for mitigating SQL injection. It does nothing for a vast collection of other aspects of software security (E.G. xss, buffer overflow, side channels etc.), but for SQL injection, type safety in language and database API is just the ticket.

Slashdot Top Deals

Money isn't everything -- but it's a long way ahead of what comes next. -- Sir Edmond Stockdale

Working...