Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Hmmm well (Score 1) 2837

Bush jr. caused a lot of damage (and debt) with the useless second war in Iraq that we'll be suffering with for decades to come. You can draw a straight line from the second war in Iraq to ISIS. However, I think Trump will make us pine for the "good old days" of Bush jr.

Comment I've got it on an old Toshiba Satellite laptop (Score 4, Insightful) 284

I purchased a Toshiba Satellite laptop with WFW 3.11 in early '95 that I upgraded to Win 95 in September of that year. I pulled it out of the closet three years ago and it still boots up with the clean install I put on it when I moved on to newer hardware.

Ah, the bad old days of .dll conflicts, memory managers, point drivers for PCMCIA cards, and coax. I don't miss any of it.

Comment Re:this pisses me off about modern business (Score 1) 177

The policy of escorting employees off the property is SOP nowadays due to HR's fear of vindictive ex-employees causing havoc/damage to the company. Sure it is somewhat humiliating, especially if you've been employed for a long time and put alot of yourself into the organization. However, I understand the reasoning. And while I haven't had this happen to me exactly, I have had my admin privileges revoked when I was laid off. Sure it pissed me off at the time, especially as I'd been there for a long time and people should have known better than fear my retaliation. But, had I been vindictive, I could have caused a great deal of damage and idled a large number of people given a couple of minutes continued admin access to the systems, so I understand the reasoning and the necessity.

Comment Re:Code reuse exacerbates the problem? (Score 2) 83

If you have physical access to the machine, it doesn't matter. You can rewrite the BIOS. And then, yes, it is an advantage to malware authors if there's only a couple of kinds of BIOS, because their malware only has to support those kinds. So yes, reuse of code becomes a "problem" for the rest of us if viewed from that perspective. It's not clear though that life would be any better for users overall if there were more kinds of BIOS. As bad as Phoenix, Award et al can be at making BIOS that works, I shudder when I imagine vendors rolling their own. I'll live with the disease, thanks.

Yeah, I agree with with regards to the physical access vector. I have a background doing IT in a DOD TS/SCI environment for three years and a TS environment for eight with DOE. Our (those of use who knew what we were doing) had the philosophy that if you had physical access to a system then you could pwn it. AT DOE it wasn't our duty to design systems with any consideration of the "insider threat" unless it was for the use of FORNATs. Systems for US use relied mostly upon personnel and site physical security.

I do disagree that a greater number of targets being more burdensome for the black hats outweighs the security benefits of supporting a smaller code base. The former is merely supposed security through obscurity. A basic rule of thumb of security is to minimize the attack surface. One of the primary strategies to accomplish this with regard to information security in a software environment is to reduce the amount of code running.

Comment Code reuse exacerbates the problem? (Score 5, Insightful) 83

Manufacturers/vendors don't write their own BIOSs; they license them from the likes of Phoenix Technologies and Insyde. These licensors don't write a completely new BIOS and bits for each licensee, let alone for each motherboard and their variants. As such, of course there is code reuse. Imagine the probable security issues there would be if each Vendor, let alone motherboard, received a BIOS that was written from scratch. QA would be a nightmare, as would the security of the code.

The problem isn't the reuse of code. The problem is that the code that was reused had security vulnerabilities.

Comment Re: Unfair comparison (Score 1) 447

Here's a link http://www.fda.gov/NewsEvents/... to an announcement for an obesity treatment that modifies the signals of the Vagus nerve via a surgically implanted device. The study implanted the device into two groups of patients, but was only actually activated for one group, though both groups thought it was for both. I'd say that was the use of the placebo effect via surgery.

Comment Sensationalistic title and wording used in OA (Score 5, Informative) 37

The OA uses the term "Linux backdoor," but then goes on to describe it as a add-in kernel module. It's not a backdoor, but rather a rogue kernel module someone has written. The module in question, ipt_ip_udp, isn't part of the Linux kernel. It's merely a module some black hat wrote to provide remote access to an already compromised system. This is just FUD and self-promotion by NCC Group to make what they found sound much more important than it really was, no doubt to increase their client base. What crap.

To sum up, it isn't a Linux back door and it isn't a vulnerability in the Linux kernel source code. It's merely a rootkit.

Comment Re:Who uses mice? (Score 2) 361

+1 for the clit. I first learned to work the clit when I bought a Toshiba Satellite Pro 2400CT back in '94 that had a green clit. I totally fell in love with the clit as it allowed me to mouse around without the need for a hand to leave the keyboard, which I'd think a great deal of touch-typists would appreciate. I loved it so much I went out and bought an IBM keyboard with a nice red clit that cost me over a $100; which back then was 1/3 of a month's rent. Since then every Intel PC keyboard that has been attached to a system I used regularly has had one. It kinda annoyed some of my co-workers as I'd always get the KVM keyboards replaced with clit-endowed ones; praise be to the ergonomics fad which makes it easier to justify.

Unfortunately, the clit has fallen on disfavor and is mostly only available on business-class laptops. You can, however, still buy nice IBM Model M-type mechanical-keyed keyboards with a clit from the company who bought IBM's IP for their keyboard technology and the factory in which they were manufactured - Unicomp. www.unicomp.com

Slashdot Top Deals

God made machine language; all the rest is the work of man.