Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:What is the advantage of hashing? (Score 1) 127

The advantage is that many people use the same password on multiple systems, so revealing a plaintext password to, say, Slashdot may also reveal your bank password. A hashed password can't be used to directly log into another account, though it can be cracked by a determined attacker if the password is simple. A salted and hashed password vastly increases the time required for an attacker to crack a hashed password, to the point where it is infeasible unless the password is very simple.

Of course everybody knows (or should know) that using the same password for Slashdot and your bank is a bad idea (you could have a bank support rep using up your precious karma!), but it is still very common, and it's irresponsible for a developer to expose their users' passwords if they have made this common mistake.

Comment Re:Common/best practices for personal data (Score 1) 127

RAM of a running process is accessible to root via the debugger, so doesn't really provide better security than a file only root can read, although it may slow an attacker down a bit or foil a dim-witted attacker. As others have mentioned, there is also some systems management difficulty if services do not function until a password is entered into them.

At any rate, lots of interesting schemes are possible, but I was wondering if any of them were in wide use?



Comment Common/best practices for personal data (Score 1) 127

Most applications I've worked with have stored passwords hashed and salted and stored credit card data offsite or not at all, but have kept other sorts of personal data (address, phone, etc.) in the database in plaintext.

I've always reasoned that encrypting the data is of little value, since the decryption keys would have to be on the server, and a server compromise would give the keys along with the data. This case is interesting though, since it seems only the database was compromised, so encrypted data in the database with keys outside of the database would have provided some protection.

I can come up with lots of simple schemes for encrypting personal data in the database, but what I'm wondering is, how is this typically handled? Is it common to encrypt this sort of data? If so using what techniques for encryption and key management? Are there some well-known best practices that I haven't come across?




IT Worker's Revenge Lands Her In Jail 347

aesoteric writes "A 30-year-old IT worker at a Florida-based health centre was this week sentenced to 19 months in a US federal prison for hacking, and then locking, her former employer's IT systems. Four days after being fired from the Suncoast Community Health Centers' for insubordination, Patricia Marie Fowler exacter her revenge by hacking the centre's systems, deleting files, changing passwords, removing access to infrastructure systems, and tampering with pay and accrued leave rates of staff."

Submission + - Beware of Photo Printing at Walmart Canada

dpolak writes: I recently discovered that if you use Walmart's Canadian digital photo services you release all rights to your photos. Under their terms of service:

You grant to Wal*Mart Canada Corp. a non-exclusive, royalty-free, perpetual, irrevocable, unrestricted, world-wide right and license to access, use, copy, reproduce, distribute, transmit, display, perform, communicate to the public, modify, adapt, publish, translate, create derivative works from, and otherwise use such Materials (in whole or in part) in connection with the Site and/or the Products, using any form, media or technology now known or later developed, without providing compensation to you or any other person, without any liability to you or any other person, and free from any obligation of confidence or other duties on the part of Wal*Mart, its affiliates and their respective licensees; Uploaders beware!

Slashdot Top Deals

God made machine language; all the rest is the work of man.