Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Huh? Most are software exploits (Score 1) 57

Their argument mostly disproves their claim. I agree that security is much more than eliminating software exploits, but at least 3 of their "top" 5 examples ARE software exploits (because of either a fault in the implementation or in its spec). 1. abuse of weak domain user passwords -- used in 66% of Praetorian pen testers' successful attacks The software should prevent bad passwords by default, but for the sake of argument I'll grant them that one. 2. broadcast name resolution poisoning (like WPAD) -- 64% That's a software exploit. If your protocol is vulnerable to poisoning, your protocol has a problem. 3. local admin password attacks (pass-the-hash attacks) -- 61% Software exploit. Hashes are supposed to *not* be equivalent to the password they were derived from. This is a well-known software exploit. 4. attacks on cleartext passwords in memory (like those using Mimikatz) -- 59% If an untrusted program can see cleartext passwords in memory, there's a software exploit, they're not supposed to do that. 5. insufficient network segmentation -- 52% Okay, that's not a software exploit. So #5 is not a software exploit, #1 is arguably not a software exploit (though it suggests a software problem), and the rest (#2, #3, #4) are software exploits (there's a software vulnerability in the protocol or its implementation). I would agree with them that security is much more than software, but software has an important role to play. The *REASON* that #2, #3, and #4 are problems is because people weren't paying enough attention to security.

Comment Re: This is not Open Source.. (Score 1) 61

You mean "unlimited rights" not "unlimited use rights". Once the government has unlimited rights it can release the software as open source software. For more details, see my paper "Publicly Releasing Open Source Software Developed for the U.S. Government" by David A. Wheeler, Software Tech News, Volume: 14 Number: 1 - DoD and Open Source Software. https://www.csiac.org/journal-...

Comment 'Open Source Software' has reasonable definition (Score 1) 61

I don't think that "open source software" has been significantly redefined. Here's the definition of Open Source Software in this memo: "Software that can be accessed, used, modified, and shared by anyone. OSS is often distributed under licenses that comply with the definition of "Open Source" provided by the Open Source Initiative (https://opensource.org/osd) and/or that meet the definition of "Free Software" provided by the Free Software Foundation (https://www.gnu.org/philosophy/free-sw.html)." That's a little laxer than I'd prefer, but it seems reasonable enough.

Comment Mobile sites more secure than social apps (Score 4, Insightful) 155

Mobile sites tend to be far more secure for users than social apps (you can say "privacy" instead if you want, though many people don't understand the difference). Most social apps, like this one, want total ownership of your phone - and therefore they own you. They demand access to your microphone, camera, location, contact list, and everything else. Big Brother never got so much data. In contrast, the websites don't get access to all that stuff. Facebook doesn't pay me enough to completely give up all my privacy.

Comment But Internet is *NOT* generic (Score 2) 211

Tom Kent falsely claims that, "The argument for lowercasing Internet is that is has become wholly generic, like electricity and the telephone." Here's a thought experiment: I'll create a few disconnected networks, interconnect them, but *not* to the Internet. By definition, any set of interconnected networks is an internet (but not *the* Internet). Then I'll sell a service that lets people access my internet... which lacks Google, Wikipedia, and many other things. I bet he'll suddenly find that "the Internet" is *NOT* generic - it is a *specific* set of interconnected networks, which has a proper name. Governments still routinely create interconnected networks that use TCP/IP, but do *NOT* connect to the Internet - especially when security is critical. AP may be unaware of this, but it's still true. Upper/lower casing in the end isn't THAT critical. The REAL problem is that too many reporters do not understand what they're reporting about, nor do they check their sources to find out. The difference between "Internet" and "internet" have been documented for decades. Failure to understand, and failure to check sources, is the REAL problem here.

Comment How about... (Score 2) 62

I think a lot of Android users would like a phone that (1) gets security updates in a timely way, (2) has reasonably current features, (3) is generally trustworthy, and and (4) isn't force-loaded with lots of uninstallable crapware. Android is a nice OS, but a lot of the smartphone manufacturers seem to assume that users don't care about these things.

Comment Please post "% days safe to use the phone" (Score 1) 85

I think a great measure would be the percent (or number) of days in the year where there were no publicly-known unfixed vulnerabilities. Many phones still have Stagefright vulnerabilities - there were changes that fixed some Stagefright vulnerabilities, but NOT all of them, and thus the phones are still vulnerable.
Businesses

Copyright Trolls Rightscorp Are Teetering On The Verge Of Bankruptcy (arstechnica.com) 94

JustAnotherOldGuy writes: Rightscorp, the copyright trolls whose business model was convincing ISPs to freeze their customers' Internet access in response to unsubstantiated copyright accusations, and then ransom those connections back for $20 each, will be out of money by the end of this quarter. Despite a massive courtroom win against Cox Cable in 2015 (and a counterbalancing gigantic fine for its robocalls), the company couldn't win a technology cat-and-mouse game against its prey -- the wily file-sharers who switched to VPNs and other anonymizing technologies. For the moment, the company is teetering on the brink of financial collapse. It raised $500,000 on February 22, the company reported, but it needs another $1 million to stay afloat. It has only enough cash on hand to continue "into the second quarter of 2016," according to the company's latest financial report.

Comment Non-binding treaty? Wake me up later. (Score 2, Insightful) 138

Wake me up later when something important happens. The fine article says: "The non-binding treaty, approved in Paris in December after years of U.N. climate negotiations, aims to slow the rise of greenhouse gases, such as carbon dioxide, blamed for putting Earth on a dangerous warming path." A "non-binding treaty" doesn't actually do anything, other than create photo opportunities.

Comment Speed reading is awesome (Score 1) 207

Speed reading is awesome, but there's more than one speed. There's at least "speed with full comprehension", and "skimming to get the gist". I strongly recommend training yourself, overtime, to increase both speeds. You CAN'T do this all at once, but you can train your brain to recognize words more quickly. I used a training device so that I could recognize individual words more quickly, and that really helps you to read more quickly with full comprehension. Basically, as brain gets faster recognizing individual words, you'll naturally read faster with full comprehension. (You should also know how to sound out unfamiliar words, but familiar words should be recognzied quickly.) When you're skimming to get the gist, it's more about strategy - figuring out what parts of the text you need to read first (in most technical documents you read the abstract carefully, then skim the conclusions, then skim the introduction if looks like it might be useful.

I also recommend training listening speed. I listen to lots of podcasts, and I've slowly increased my listening speed by +10% over time. I can now listen to podcasts, with full comprehension, at 2x through 2.5x (depending on the original speed of the speakers).

Your brain can be trained to do things more quickly, but you have to train it. It's worth it.

Slashdot Top Deals

It has just been discovered that research causes cancer in rats.

Working...