Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security

The DNSSEC Chicken & Egg Challenge 77

wiredmikey writes "To begin DNSSEC implementation or not: that is the question facing a host of enterprises, notably any that engage in e-commerce or online financial transactions (online retailers, banks, investment firms, hospitality and travel, etc.). These businesses find themselves in a catch 22; there are obvious security benefits to adopting Domain Name System Security Extensions or DNSSEC, but there are some severe downsides to being too early in the adoption curve – downsides that are becoming more and more apparent every day. While DNSSEC is getting rave reviews for successful deployment at the foundation levels of the DNS, problems are lurking just ahead, since very few widely utilized end-user applications are able to actually utilize DNSSEC at all. Simply put, DNSSEC can only work if it is supported throughout the hierarchy from publisher to visitor..."
Worms

Stuxnet Worm Infected Industrial Control Systems 167

Sooner Boomer writes "ComputerWorld has an article about the Stuxnet worm, which was apparently designed to steal industrial secrets and disrupt operations at industrial plants, according to Siemens. 'Stuxnet has infected systems in the UK, North America and Korea, however the largest number of infections, by far, have been in Iran. Once installed on a PC, Stuxnet uses Siemens' default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs — so-called PLC (programmable logic controller) programs that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.' If the worm were to be used to disrupt systems at any of those locations, the results could be devastating."

Comment Re:More common? (Score 1) 58

Actually, you are factually incorrect here. The methodologies youre describing do make it more difficult, but we have plenty of insight into what's been happening - it's just either close hold or not making the news. Just because -you- don't know, don't assume "we" don't know.

Comment Re:oh, please (Score 1) 147

I fully expect /. to be blocked by TSA there
Ionno - No one gave a crap that I looked at Slashdot when I worked there. Good job taking a poorly worded bureaucratic ass-covering and attributing Dan Brown levels of +eleventy-billion conspiracy powers to it. And feel free to jump to my website, resume, art site, whatever for a pretty decent counter-example to your a$$-hattery here.

//God, some people, they do need babysitters and soft walls.
Image

Anti-Speed Camera Activist Buys Police Department's Web Domain 680

Brian McCrary just bought a website to complain about a $90 speeding ticket he received from the Bluff City PD — the Bluff City Police Department site. The department let its domain expire and McCrary was quick to pick it up. From the article: "Brian McCrary found the perfect venue to gripe about a $90 speeding ticket when he went to the Bluff City Police Department's website, saw that its domain name was about to expire, and bought it right out from under the city's nose. Now that McCrary is the proud owner of the site, bluffcitypd.com, the Gray, Tenn., computer network designer has been using it to post links about speed cameras — like the one on US Highway 11E that caught him — and how people don't like them."

Comment Re:Cyber warfare: FUD for vendors. (Score 4, Insightful) 205

Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.

You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.

Comment Different how? (Score 2, Interesting) 42

Im not a fan of the IRS, but let's be real: 1. There are almost no government agencies or civilian organizations that don't have fairly terrible security...2. These checkbox requirements dont really tell a story. 2. These checkbox requirements dont tell a story of the actual level of security. You'd have to take a look at the whole architecture to figure out whether, for example, those UNIX passwords actually were important or not.

Comment Re:Nervous reactions (Score 1) 452

No. 1. That wasnt run by the government and it was a joke - even to the government. 2. Do you think the government changes decades old policy in the space of a week or two with such large implications? Not without a lot more motivation.

However, the simulation WAS accurate insofar as it portrayed how the gov't deals with the internet...so it's going to be a fun time the more they get involved ;)

Slashdot Top Deals

We can predict everything, except the future.

Working...