Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:If the point was ... (Score 4, Insightful) 300

There's no proof that it has anything to do with Wikileaks, but in a world of IoT devices with no thought toward security, anyone who cares to do so can mount DDOS with the power of a national entity.

What's the point of doing what Assange and Wikileaks have been doing without any moral position? He isn't helping his own case.

Comment Re:Legal? (Score 2) 212

No, of course it is not legal to set a trap to intentionally hurt someone, even if you expect that the trap could only be activated by the person committing property theft or vandalism. Otherwise, you'd see shotguns built into burglar alarms.

Fire alarm stations sometimes shoot a blue dye which is difficult to remove or one which only shows under UV. Never stand in front of one when pulling the lever! But they are not supposed to hurt you.

And of course these booby traps generally are not as reliable as the so-called "inventor" thinks and tend to hurt the innocent.

Comment Re:Snake oil salesman (Score 1) 49

Ha ha. That's a common joke about the security industry. There is some truth to it.

What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.

That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.

Comment Re:70,000 white hat hackers? (Score 1) 49

Yep, 70,000 is a lot! The number keeps growing, and we hope to get to a million. To serve all companies and government organizations worldwide who will be needing bug bounty programs, we need a lot of excellent hackers.

It should also be noted that it takes a lot of hacking to find even a simple vulnerability. Of the 70,000 hacker accounts we have, about 1 in 6 have filed an actual vulnerability report. To help them get going, we have an ebook on hacking that we give to new hackers. Once new hackers get the hang of bug hunting they can advance fast, earning more and more reputation points. When you sign up at HackerOne, you start at 100 points. Our most prolific hackers have reached 10,000 points. You can do it, too!

Comment Re:Second coming of teams of ethical hackers (Score 1) 49

Yep this is true. It is also a common situation that humanity has dealt with successfully many times. To keep a ship afloat, you must find and fix every hole. Even one hole might sink it. To keep an aircraft safely flying, similarly every safety aspect must be in shape. Shipping and airlines have great safety track record these days.

To keep software secure, you must attempt to fix all serious vulnerabilities. You may never get to 100% vuln-free software, but the closer you get and the faster you can asymptotically move towards that goal, the more you reduce your cybersecurity risk.

Comment Re: OMG that's a dodgy check (Score 1) 323

Here's the problem I have with this:

Program Expenses
(Percent of the charityâ(TM)s total expenses spent on the programs and services it delivers)

This doesn't say exactly what those expenses ARE, because it could well be that they spend 95% of their "program expenses" on admin, salaries, bribes, and various other overhead, and that only 5% actually trickles down to the nominal recipients.

This is something I became aware of while perusing tax info from a particular class of charities -- where "administrative expenses" is typically charity-speak for "owner's salary"... explaining why "administrative expenses" tends to be an upper-five to lower-six figure number even for charities that are basically one-man bands.

Comment Re:Different election this time? (Score 1) 323

Someone pointed out that if Trump actually had a proper collection of skeletons, they'd already be on parade... if one jock-talk tape is the best they can do (at least, with documentation so the tale can't be promptly refuted by genuine witnesses) there probably isn't anything all that terrible waiting to be unearthed.

Comment Re:Second coming of teams of ethical hackers (Score 2) 49

It has taken decades for the industry to get used to bug bounties. The first one was in 1981. Now it is starting to be very real. HackerOne has already paid out over $10,000 to hackers and researchers around the world. One hacker has made over half a million dollars. Another recently bought an apartment for his mother with the bounty money he had made. Still lots of work and education to do, but it is very much moving in the right direction. An example: the US DoD now committing $7m to vulnerability disclosure programs.

- Marten (HackerOne CEO)

Comment Re: Can't read my posts either. Strange obsession (Score 1) 546

Nope, just tired of crappy ad hominem arguments that don't actually say anything beyond "we're right, you're wrong". Give me reasons and rationale and hard data (and I don't mean conveniently doctored data, like Mary Koss did), not just BS, and I'll listen. I might even change my mind, like I did on basic income -- once hard facts got laid out, not just leftist whining about their mythical notions of equality.

But hey, keep that bag over your head and complain how everyone else is in the dark.

Comment Re:I wonder... (Score 1) 197

Tivo is in a mad rush to somehow become a distant second place with no direct competitor.

I got DirectTV over a decade ago to feed a DirecTivo. On not being able to replace them as they wore out, one tuner at at time, I bought a newer tiro (Romio[?]) and switched to cable. (When asked why I was cancelling, I told him point blank, "Your DVRs suck." They are at least an entire generation behind in what they offer).

I quickly became underwhelmed by the new Tivo.

Where once it was easy to set a wishlist for all Series Premiers, now you have to search by that for text, which until a few weeks ago, had a staggering failure rate (picked up a couple a season).

With the older Tivos, you could tap the record button to record anything upcoming in the listing, and tap twice to get a season pass. Now, to record a single program is a couple of clicks, and a season pass several.

I'll definitely be looking for other options when this one wears out.


Slashdot Top Deals

If you suspect a man, don't employ him.