krut - Slashdot User

Comment Re:Two words (Score 1) 849

by Guanix on Thursday June 25, 2009 @06:23PM (#28473503) Attached to: Nielsen Recommends Not Masking Passwords

I think the contribution of Nielsen's idea, if any, is to remind us all that security always involves tradeoffs. You're right that masking passwords provides some protection--most security measures, even the inane ones, provide some protection. You know, someone really could hide a bomb in their shoe.

But of course that is not the end of the story. Nielsen, and others such as Bruce Schneier, want us to ask how much security the solution provides, what the costs are, and whether it provides a good tradeoff. If shoulder surfing is relatively rare, and the possible harm for the site in question is small, and the costs are relatively large (lost customers etc), then maybe a site or program shouldn't mask passwords even if they provide some security.

Sure, Jakob Nielsen may be wrong about the tradeoff in this case, and may not have enough evidence to back up his arguments, but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question.

Comment Re:Damn! That may stop my plan...... (Score 3, Interesting) 527

by Guanix on Tuesday June 09, 2009 @03:43PM (#28270469) Attached to: Comcast Intercepts and Redirects Port 53 Traffic

Have you heard of IP over DNS? The DNStunnel software sends IP packets as TXT records over a real DNS, the client sends data in the request itself. Since these are real resolvable DNS records, proxying port 53 won't work. When I tried this software, I could only get a single stream over the tunnel, so I ran SSH over the DNStunnel and used ssh to forward a TCP port that I then ran OpenVPN on. This actually works, but it is very slow. And I can imagine that people would eventually find out because the wifi provider's DNS cache will fill up with IP data.

Experts Say To Switch Browsers In Light of IE Vulnerability 455

Posted by timothy on Tuesday December 16, 2008 @09:52AM from the here's-my-number-if-the-place-burns-down dept.

It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.

Comment Re:stupid slashdot 'editors' (Score 4, Informative) 224

by Guanix on Tuesday September 18, 2007 @04:59PM (#20659789) Attached to: US Register of Copyrights Says DMCA Is 'Working Fine'

"Registrar" would make more sense, but check out this provision of the copyright code (17 U.S.C. 701):

All administrative functions and duties under this title, except as otherwise specified, are the responsibility of the Register of Copyrights as director of the Copyright Office of the Library of Congress. The Register of Copyrights, together with the subordinate officers and employees of the Copyright Office, shall be appointed by the Librarian of Congress, and shall act under the Librarian's general direction and supervision.

So it seems that the copyright act itself refers to her as the Register of Copyrights. The Oxford English Dictionary contains this use as "register, n. 2":

a. The keeper of a register; a REGISTRAR. (In common use c 1580-1800.)

Is Computer Programming a Good Job for Retirees? 147

Posted by Cliff on Saturday February 03, 2007 @01:55PM from the never-too-old dept.

braindrainbahrain asks: "Ask Slashdot has been rife with career advice lately, so maybe I can get some too. I hit a milestone recently, the big five oh, and the realization of retirement is starting to settle in. The trouble is, I don't want to sit around, play golf, or even travel that much. I work in a technical field, but I have always enjoyed programming. Indeed, I do it as a hobby. I wonder what you readers would think about programming as a post retirement job. It seems well suited for a retiree, one could do contract work for a few months of the year, in some cases work from home even. By way of background, I have worked in hardware engineering for a very long time, and have pursued graduate study almost regularly (two Masters degrees so far). Should I begin preparing for a post-retirement career in computer science?"

Submission + - Vista the iPod Killer

Submitted by JMB on Saturday February 03, 2007 @10:49AM

JMB writes: You know how we all thought the Zune was Microsoft's attempt to kill off the iPod? Not so. According to this item on Apple's site all you have to do is upgrade to Vista and your iPod goes ka-boom. From the article: 'Ejecting an iPod from the Windows System Tray using the "Safely Remove Hardware" feature may corrupt your iPod.' Now that's a feature!

Computer's Heat May Unmask Anonymized PCs 146

Posted by Zonk on Saturday December 30, 2006 @02:49AM from the i-seee-you dept.

Virtual_Raider writes "Wired is carrying a story about a method developed by security researchers to identify computers hiding behind anonymity services. From the article: 'His victim is the Onion Router, or "Tor" — a sophisticated privacy system that lets users surf the web anonymously. Tor encrypts a user's traffic, and bounces it through multiple servers, so the final destination doesn't know where it came from. Murdoch set up a Tor network at Cambridge to test his technique, which works like this: If an attacker wants to learn the IP address of a hidden server on the Tor network, he'll suddenly request something difficult or intensive from that server. The added load will cause it to warm up.'"

PC World's 20 Most Innovative Products of 2006 233

Posted by samzenpus on Wednesday December 27, 2006 @11:07PM from the top-20-list dept.

Craig Sender writes "PC World has put together a list of their choices for the 20 Most Innovative Products of 2006. The List includes Office 2007, Nintendo Wii, Sony Reader, Sony PlayStation 3, the BlackBerry Pearl, and some other interesting choices."

Linux/Mac/Windows File Name Friction 638

Posted by Hemos on Monday July 10, 2006 @09:46AM from the like-doing-it-with-sandpaper dept.

lessthan0 writes "In 1995, Microsoft added long file name support to Windows, allowing more descriptive names than the limited 8.3 DOS format. Mac users scoffed, having had long file names for a decade and because Windows still stored a DOS file name in the background. Linux was born with long file name support four years before it showed up in Windows. Today, long file names are well supported by all three operating systems though key differences remain. "

Notebook with Huge 20 Inch Screen Reviewed 307

Posted by ScuttleMonkey on Wednesday June 07, 2006 @04:07PM from the desktop-replacement-not-laptop dept.

An anonymous reader writes "Trusted reviews has a look at the Acer Aspire 9800. This massive machine has a 20.1" screen, two 120GB hard drives in a RAID 0 array, super-multi DVD burner, analogue and digital TV tuners and an Intel Core Duo dual core CPU. And at over 17lb you can even use it for weight training!"

TV Outside the Box 55

Posted by Zonk on Friday April 21, 2006 @07:48PM from the watching-some-internets dept.

C|Net has a story up looking at ways TV stations are moving online. An event on the subject was held during the annual marketing conference sponsored by the Television Bureau of Advertising. From the article: "For the first time, the conference was devoted to a single topic: the importance of the 'multiplatform'--that is, offering content and advertising not only on local broadcast stations but also online, on cell phones and other wireless devices, through video on demand and video iPods. The sole topic was intended to underscore that 'advertisers and their agencies are increasingly demanding a multiplatform strategy from all their media partners,' said Christopher Rohrs, president of the bureau, in a speech he gave to almost 1,200 attendees to begin the conference. "

Perens Launches 'OpenSourceParking' 167

Posted by ScuttleMonkey on Tuesday April 18, 2006 @05:37AM from the just-bragging-rights dept.

miller60 writes "Open source evangelist Bruce Perens has launched OpenSourceParking, a service designed to boost domain parking on open source software. The project is a response to a large gain by Microsoft in the April Netcraft survey, with Windows' share jumping 5 percent as domain registrar Go Daddy moved 4.5 million parked domains from Linux to Windows Server 2003. To regain that share, Perens is calling on open source users to park undeveloped domains at OpenSourceParking, with the advertising revenue being used to fund political advocacy efforts on behalf of open source software. Parking-for-profit has grown into a significant business in recent years. Despite ambivalence over the value of these sites, Perens appears to believe it merits a focused effort for the open source community."

CATO Institute Releases Paper Criticizing DMCA 418

Posted by ScuttleMonkey on Tuesday March 21, 2006 @06:19PM from the keep-saying-it-and-people-might-start-listening dept.

flanksteak writes "The CATO institute has published a paper criticizing the DMCA entitled 'The Perverse Consequences of the Digital Millennium Copyright Act.' From the article: 'The DMCA is anti-competitive. It gives copyright holders--and the technology companies that distribute their content--the legal power to create closed technology platforms and exclude competitors from interoperating with them. Worst of all, DRM technologies are clumsy and ineffective; they inconvenience legitimate users but do little to stop pirates.'" A report worth taking a look at that puts into words what most of us know already.

Comment More Pictures (Score 5, Informative) 145

by krut on Tuesday June 15, 2004 @05:28AM (#9427848) Attached to: Sony VAIO U50 Reviewed In Depth

More pictures at http://www.dynamism.com/u70/gallery.shtml

Slashdot Top Deals