Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:So let me get this right... (Score 1) 351

*applause* It's even worse - the new ASP output encoding API's only encode for HTML Entity - what about JS, CSS, HTML Attribute and other encoding contexts that you need for secure programming to stop XSS? Not to mention DOM based XSS where you need to encode for JS Variable AND HTML Attribute, in some cases. Web Security Programming is not easy - and its frankly impossible if you don't have the right tools.

Comment Re:Solution: Public Key Auth (Score 1) 327

Ah, that makes sense.

My comment about secure password treatment stands true for enterprise applications, but for a honeypot it makes total sense to log passwords.

But, suppose you had an administration console to the honeypot that you did NOT want hackers to have access to - like some honeypot report/statistical sub-application - well, for that sub-app you would want to take my advise about password treatment.

Comment Re:India (Score 1) 386

Oh comon - Bangalore College is a degree farm. That one college pumps out more grad's than all of the US probably. It's not the college or the education - it's the individual. Can you play in the world of computers and discrete math? Can you deal with 6 different programming languages to build a modern website? Some folks with PhD's cant play in this world - while some who never went to school are software engineering masters. The only thing my CS degree got me is a piece of paper - and some practice in learning about computers. All that knowledge is not mostly useless - but the understand that CS is all about constantly learning new stuff - priceless.


Submission + - My merchant is not even close to PCI compliant (

Heembo writes: One of my merchants is storing all credit cards for the last 10 years in a password protected MS Access database that is on their poorly managed active directory network as well as in their custom, poorly coded registration system. What do I do besides stop doing business with them and change my card?

Slashdot Top Deals

"We shall reach greater and greater platitudes of achievement." -- Richard J. Daley