Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Payouts are garbage, though (Score 1) 45

This is an interesting question. We don't really know what will happen long term. One possibility, as you point out, is that black markets will always outpay any other market. Another possibility is that the ethical hacker community will become so large and strong that they will find all those same vulnerabilities and deliver them to the system owners before the black market gets to build exploits and use them for nefarious purposes. It takes just one ethical hacker who finds a critical 0day to deliver it to a service like HackerOne, and the market for that vuln is over. Although asymmetry is usually in the favor of the criminal actor, in this case it is in the favor of ethical behavior. One ethical hacker can put an end to the sale of a 0day on the black market.

Comment Re:Utter Bullshit (Score 1) 660

See, that implies that we don't have lower end engineers learning these skills that we've hired also, which is false, because we most certainly do. But the competition for these candidates is fierce, so we can't get people to do the work right now that needs to be done while we train them. Your ability to not grasp the obvious is astounding.

Comment Re:Utter Bullshit (Score 1) 660

as someone who has a mix of both H1B and american workers under his care, I can tell you this: if you want high end technical labor, we simply DO NOT have enough qualified candidates here in the united states. We eat up EVERY SINGLE ONE that we can get our hands on that is an american citizen or has permanent resident status that is qualified when we have an opening, because going through the process of hiring high end candidates is time consuming and a drain on your resources. If you think we're paying the people with these visas garbage salaries either, you're wrong. We have rigorous interview processes and after 1 year of employment we work to make sure we keep that talent inside the country with an EB-2 green card application which we pay extra for to fast track. If you think you're qualified for one of these jobs that we have an open req for, please by all means apply.

And I'm sorry, doing tech support at best buy does not qualify you for a 200k/yr data scientist role. Unless you have a masters degree or are amazing enough to not require higher education (or have equiv job experience, that's fine too) then go ahead. I'm sorry but our universities just aren't putting out enough talent at this level that isn't already snatched up. It's a competitive market and even paying well we often have to go outside of the country to find qualified candidates (or to those already in the country who have H1-B visas and are authorized to work).

LET ME BE VERY CLEAR HERE: We are not talking about entry level positions. we are not talking about outsourcing your job to india. we're talking about someone with the background and knowledge to actually do the work that we need to do without spending years training them. This is what your google, facebook, microsoft, and yes, godaddy too, are trying to make sure is getting across to folks.

Cellphones

Samsung's Latest Patent Is a Foldable Phone (theverge.com) 31

An anonymous reader quotes a report from The Verge: A recent patent application (PDF) shows that Samsung has ambitious ideas for future phone-design experimentation, although the South Korean manufacturer may have second thoughts about bendy phones after recent battery explosions and recalls. In April, Samsung was reported to have filed a patent with the Korean Intellectual Property Office for a foldable smartphone. The application was picked up by Dutch website Galaxy Club. The document shows a narrow Samsung device with a screen that bends and folds like an old-school flip phone handset. The device is described as something that can be "folded or unfolded semi automatically." The patent also referred to a "secondary" display, which is supposed to activate when you fold the device, according to International Business Times UK.

Comment Re:Snake oil salesman (Score 1) 49

Ha ha. That's a common joke about the security industry. There is some truth to it.

What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.

That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.

Comment Re:70,000 white hat hackers? (Score 1) 49

Yep, 70,000 is a lot! The number keeps growing, and we hope to get to a million. To serve all companies and government organizations worldwide who will be needing bug bounty programs, we need a lot of excellent hackers.

It should also be noted that it takes a lot of hacking to find even a simple vulnerability. Of the 70,000 hacker accounts we have, about 1 in 6 have filed an actual vulnerability report. To help them get going, we have an ebook on hacking that we give to new hackers. Once new hackers get the hang of bug hunting they can advance fast, earning more and more reputation points. When you sign up at HackerOne, you start at 100 points. Our most prolific hackers have reached 10,000 points. You can do it, too!

Comment Re:Second coming of teams of ethical hackers (Score 1) 49

Yep this is true. It is also a common situation that humanity has dealt with successfully many times. To keep a ship afloat, you must find and fix every hole. Even one hole might sink it. To keep an aircraft safely flying, similarly every safety aspect must be in shape. Shipping and airlines have great safety track record these days.

To keep software secure, you must attempt to fix all serious vulnerabilities. You may never get to 100% vuln-free software, but the closer you get and the faster you can asymptotically move towards that goal, the more you reduce your cybersecurity risk.

Comment Re:Second coming of teams of ethical hackers (Score 2) 49

It has taken decades for the industry to get used to bug bounties. The first one was in 1981. Now it is starting to be very real. HackerOne has already paid out over $10,000 to hackers and researchers around the world. One hacker has made over half a million dollars. Another recently bought an apartment for his mother with the bounty money he had made. Still lots of work and education to do, but it is very much moving in the right direction. An example: the US DoD now committing $7m to vulnerability disclosure programs.

- Marten (HackerOne CEO)

Open Source

Dropbox Open Sources New Lossless Middle-Out Image Compression Algorithm (dropbox.com) 135

Dropbox announced on Thursday that it is releasing its image compression algorithm dubbed Lepton under an Apache open-source license on GitHub. Lepton, the company writes, can both compress and decompress files, and for the latter, it can work while streaming. Lepton offers a 22% savings reductions for existing JPEG images, and preserves the original file bit-for-bit perfectly. It compresses JPEG files at a rate of 5MB/s and decodes them back to the original bit at 15MB/s. The company says it has used Lepton to encode 16 billion images saved to Dropbox, and continues to utilize the technology to recode its older images. You can find more technical details here.
Ubuntu

Ubuntu's Unity desktop environment can run in Windows (wordpress.com) 170

An anonymous Slashdot reader writes: "This is one of the coolest tickets I've seen on GitHub," writes Ubuntu developer Adolfo Jayme Barrientos, adding "this kind of surreal compatibility between platforms is now enabled...the fact that you can execute and use Linux window managers there, without virtual machines, is simply mind-blowing."

"The Windows 10 Anniversary Update coming in August includes an unusual feature aimed at developers: an Ubuntu sub-system that lets you run Linux software using a command-line interface," explains Liliputing.com "Preview versions have been available since April, and while Microsoft and Canonical worked together to bring support for the Bash terminal to Windows 10, it didn't take long for some users to figure out that they could get some desktop Linux apps to run in Windows. Now it looks like you can even load Ubuntu's Unity desktop environment, making windows 10 look like Ubuntu.

Slashdot Top Deals

The power to destroy a planet is insignificant when compared to the power of the Force. - Darth Vader

Working...