Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Preventing the next Heartbleed (blogspot.com)

An anonymous reader writes: Developers are now devising techniques to prevent attacks like Heartbleed which expolit unrestricted access to private key in memory. Using these techniques will prevent buffer overflows and other coding mistakes result in similar catastrophies.

One stunnel-like server is already employing this technique. It remains to be seen when Apache, OpenSSH, and other important server software will follow.

Submission + - Truckload of OAuth issues that would make any author quit (blogspot.com) 5

DeFender1031 writes: Several months ago, when Eran Hammer ragequit the OAuth project, many people thought he was simply being overly dramatic, given that he gave only vague indications of what went wrong.

Since then, and despite that, many companies have been switching to OAuth, citing it as a "superior form of secure authentication" but a fresh and objective look at the protocol highlights the significant design flaws in the system and sheds some light on what might have led to its creator's breakdown.

The Internet

Submission + - India Likely to Miss Internet Revolution Says Eric Schmidt (paritynews.com)

hypnosec writes: Eric Schmidt has warned that India may very well miss the Internet revolution completely for the want of proper infrastructure and advancement in technology. Schmidt said he is worried that India is making the same mistake as other companies have made by resting on their “laurels without understanding how quickly technology changes.” By saying this Schmidt was indicating that India lacks in fiber optic connectivity, the connectivity which has been acknowledged as high speed Internet’s future. When asked by Managing Editor of CNBC TV 18, Senthil Chengalvarayan, why was the Internet Revolution side stepping India, he answered that India’s net connectivity has always been weak. There is lack of undersea cables to handle bandwidth, lack of fiber optic cables as well as proper infrastructure in the country.
Encryption

Submission + - HTTPS encryption is too little too late (blogspot.com)

DeFender1031 writes: So it's time to pay the bills. You go to your bank's website to transfer some money, you log in, and your account information is completely secure because the bank's servers establish an HTTPS connection with your browser, right? WRONG! This article describes in plain english how a man-in-the-middle can be performed prior to an HTTPS handshake, neutralizing any security precautions that might have been in place. The attack described here can be extended to any protocol where the server specifies whether to use a secure or insecure mode.
The Internet

Submission + - Is HTTPTorrent the next-gen for web browsing? (blogspot.com) 2

DeFender1031 writes: We're all aware of BitTorrent and how it works. This proposal suggests that some of the concepts of BitTorrent can be applied to run-of-the-mill web browsing to lighten server load and distribute downloads to browsers which have already cached the same site. While it's not an official RFC, the idea certainly has promise, and if implemented, could help speed up download times, but more importantly, it could help small (or even large) websites save bandwidth, and as we all know, bandwidth is money.

Slashdot Top Deals

Do not meddle in the affairs of troff, for it is subtle and quick to anger.

Working...