Follow Slashdot stories on Twitter


Forgot your password?

Comment To add a little context... (Score 5, Insightful) 121

When you say "local sheriff", it makes it sound like he's the sheriff of some small town. In fact, Tom Dart is the sheriff of Cook County, which contains Chicago, is the second most populous county in the U.S, and his department is the second largest in the U.S.

People claiming Dart is drumming up publicity are pretty much correct. Keep in mind, we're talking Chicago here, so consider the history of the political machine here. Dart also refused to evict renters from houses when their landlords lost the mortgage. In a way, this is an honorable thing to do, but the way it played out, everyone read it as once again more publicity for Dart. The Craigslist case just further proves his motives.

Comment Why this is a bad idea (Score 1) 193

Does anyone else worry about sending sensitive information over a service like Twitter, which has had security issues in the past? And, assuming this works over DMs, what if a user instead accidentally uses a reply or just a straight Twitter post? What sort of information have they just inadvertently exposed?

Comment Bad name for pen-testing (Score 4, Informative) 205

Aside from the usual gripes about the efficacy of pen-testing, this gives pen-testing a bad name. The firm I work for does this exact same ploy, and so do teams from the Big 4 and various security firms, but they are always planned ahead of time. You have to do this sort of thing in a controlled manner (or as controlled as possible.) Usually, these things are dropped in a parking lot, the the payload is innocous, because a customer (or member in the case of a CU) can pick it up. These guys exposed themselves to a lot of liability and can screw it up for honest hardworking sellout hackers such myself and others.

Comment Re:Worse than that (Score 2, Interesting) 225

Did you bother even reading the article? The code is in httpd.c, which obviously handled both types of connections. I almost hate SSL sometimes because people equate it with security -- but not encryption or integrity, but that somehow it's a magical fix-all for whatever the security flaw is. I see this kind of thinking in IT people in charge of the enterprise and it scares me. Security is not about having a setting enabled, and it certainly requires much more analysis than a simple dismissive suggestion.

Comment Re:Why do we trust Javascript all of a sudden (Score 2, Insightful) 156

But there have been many browser exploits recently, and they've been in virtually every component of the browser. This flaw has nothing to do with JavaScript itself, just the implementation. Flaws have been found in XML and HTML rendering engines, third-party components, URL handlers and many other pieces of the browser. If we're going to disable every feature that's potentially vulnerable, we might as well stay off the Web.

Comment Postini works (Score 1) 176

In my humble and largely anecdotal experience, Postini works well. We send out e-mail that can often be flagged as SPAM when we perform penetration testing, and Postini seems to be the toughest to get around. We see in-house devices such as IronMain, and outsourced services such as MXLogic and FrontBridge/hosted Exchange, but Postini seems to do the best at stopping illegitimate messages. The company I work for uses this it as well, and logging into my Postini inbox I see a lot of spam but no false positives. I think it's a pretty good solution if you don't want to handle SPAM in-house.

Slashdot Top Deals

"Joy is wealth and love is the legal tender of the soul." -- Robert G. Ingersoll