Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Is the open-audit link really related? (Score 1) 135

The open-audit link seems to be to a piece of software that is unrelated to the text of the summary. Rather than being anything related to people willing to help audit software, it's actually a tool for auditing your network.

In addition, whilst it does seem to be GPL, you need to provide a name, and email to download it.

Comment Re:you have the source (Score 1) 566

> Crypto is about math, not programming

The theory of crypto sure, but actually implementing it is much more about programming rather than about math. Most of the attacks on crypto implementations are side channel attacks not attacks on the basic maths that underlies the primitives. The implementation is much harder than the maths.

Comment Re:Why should we trust openssl? (Score 5, Interesting) 53

That's true, though openssl has had the ability to add empty fragments to avoid the chosen plain text attack I suspect you're referring to for many years. What's strange is that the chosen solution (polarSSL) doesn't seem to have support for OCSP which is the main way to quickly revoke bad keys - particularly important in the light of the recent diginotar breach.

Comment Re:Lua? (Score 1) 425

Really? I've worked with the bindings perl, python and Java, and also worked on bindings to a couple of different javascript interpreters. The python one was by far the best documented. There are a bunch of tools around like swig that will give the same effect for C code for perl and python (or simple C++ code). For more complex C++ sip does a decent job for python, but doesn't support other languages.

I guess I'm wondering what the criteria you're using to make this statement are?

Comment Someone just rediscovered XML Entity Attacks (Score 3, Interesting) 140

It's difficult to say from the information provided, but it sounds like someone just rediscovered XML entity attacks (as I did a few years ago). Assuming it is the same thing, here are some references from 2002 and 2006 with more details:
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

I've used these attacks in real-world tests and they are still surprisingly effective - just not new.

Comment Re:KDE is actually repeating the CDE mistake (Score 1) 199

> including styles, theming, remote access, config databases, scalability, and GUI scripting.

Styles - not unless you count colour schemes which were available on platforms like win3.1 already.
Theming - not at all
Remote Access - only the basics that X11 provided for it.
Config Databases - nothing beyond Xt resources which were a pretty much failed implementation from the start.
Scalability - don't make me laugh.
GUI Scripting - did you ever try tooltalk?

CDE was a poor implementation of existing ideas and brought nothing new to the table.

Slashdot Top Deals

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...