Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Beyond Apache: ModSecurity for IIS/Nginx is Coming (spiderlabs.com)

Crambone writes: ModSecurity is the most widely used Web Application Firewall out there. It's Open Source as well and for more than a decade only ran on Apache. Next week Microsoft and Trustwave SpiderLabs will be releasing ModSecurity for IIS and Nginx at the Black Hat USA security conference in Las Vegas.

Comment Re:Random? (Score 2, Interesting) 103

"This short paper will examine several discovered statistical irregularities
in functions used within the SecurID algorithm: the time
computation and final conversion routines. Where and how these irregularities
can be mitigated by usage and policy are explored."


My point is just because it is encased in plastic does not mean that the number can not be determined.

- SR

Comment Re:Two hours? (Score 4, Insightful) 223

"At a contest held in London, Victorinox was offering a £100,000 cash prize ($149,000) to a team of professional hackers if they could break into the USB drive within two hours. They failed."

Umm, they weren't Pros. The contest was open to anyone who preregistered and you got to keep the knife after the contest. Not only that there were several restrictions on the contest. First you have to live in the UK, preregister and you only get two hours. Because ya know the bad guys always tell you who they are and always give up after two hours. Oh, and you have to be present to win, no Internet based attacks, you can only use Windows 64bit or whatever Linux flavor they are providing and of course you have to give up your exploit if you win. All that and more for a measly hundred thousand pounds? Yeah, no thanks, but hey it makes for great publicity and it is a cool knife.

So called "Hacker Challenges" are not a valid security assessment.

- Space Rogue

PlayStation (Games)

US Air Force Buying Another 2,200 PS3s 144

bleedingpegasus sends word that the US Air Force will be grabbing up 2,200 new PlayStation 3 consoles for research into supercomputing. They already have a cluster made from 336 of the old-style (non-Slim) consoles, which they've used for a variety of purposes, including "processing multiple radar images into higher resolution composite images (known as synthetic aperture radar image formation), high-def video processing, and 'neuromorphic computing.'" According to the Justification Review Document (DOC), "Once the hardware configuration is implemented, software code will be developed in-house for cluster implementation utilizing a Linux-based operating software."

Why AT&T Should Dump the iPhone's Unlimited Data Plan 501

Pickens writes "Farhad Manjoo has a provocative story at Slate asserting that while the iPhone has prompted millions of people to join AT&T, it has also hurt the company's image because all of those customers use their phones too much, and AT&T's network is getting crushed by the demand. The typical smartphone customer consumes about 40 to 80 megabytes of wireless capacity a month, while the typical iPhone customer uses 400 MB a month. As more people sign up, local cell towers get more congested, and your own phone performs worse. He says the problem is that a customer who uses 1 MB a month pays the same amount as someone who uses 1,000 MB, and the solution is tiered pricing. 'Of course, users would cry bloody murder at first,' writes Manjoo. 'I'd call on AT&T to create automatic tiers — everyone would start out on the $10/100 MB plan each month, and your price would go up automatically as your usage passes each 100 MB tier.' He says the key to implementing the policy is transparency, and that the iPhone should have an indicator like the battery bar that changes color as you pass each monthly tier. 'Some iPhone fans will argue that metered pricing would kill the magic of Apple's phone — that sense of liberation one feels at being able to access the Internet from anywhere, at any time. The trouble is, for many of us, AT&T's overcrowded network has already killed that sense, and now our usual dealings with Apple's phone are tinged with annoyance.'"

Comment One way to do it. (Score 2, Informative) 468

Not all textbook companies are money grubbing thieves and some Professors are starting to wake up to that. This is my textbook for my Business Finance Class I am taking at U Mass Lowell Online

Fundementals of Financial management

Basically a free book with ads online, a printable PDF version for a small fee ($9.95), a slightly larger fee ($14.95) without the ads and a modest printing cost for the full book ($24.95).

I got the printed book version. Pretty nice book to. It has no bar code but it does have an ISBN and it is marked "Not for Resale" But at under $30 including shipping I don't really care if I can resell it or not.

This business model seems to be new in the area of text books but I like it and hope it takes off. - SR


Rep. Jane Harman Focus In Yet Another Warrantless Wiretap Scandal 312

Many different sources are talking about the latest scandal surrounding the warrantless wiretapping program. Incriminating evidence against California rep. Jane Harman was apparently captured some time ago on a legal NSA wiretap. However, Attorney General Gonzales supposedly intervened to drop the case against her because (and this is where the irony meter explodes) Bush officials wanted her to be able to publicly defend the warrantless wiretap program. "Jane Harman, in the wake of the NSA scandal, became probably the most crucial defender of the Bush warrantless eavesdropping program, using her status as 'the ranking Democratic on the House intelligence committee' to repeatedly praise the NSA program as 'essential to US national security' and 'both necessary and legal.'"

Comment Re:30 mins might be optimistic (Score 5, Interesting) 289

Actually if I remember correctly the specific flaw that we discovered waaay back in the olden days of 1999 (or was it 98?) was with the Border Gateway Protocol which would cause a cascade router failure. We estimated best case scenario that large chunks of the Internet could be unreachable for up to 12 hours and worst case could be down for several days.

The really funny thing about all this is that after Senator Thompson and the Government Affairs committee was finished pimpimg us out as media whores several unrelated people approached us and said "Hey, where you thinking of taking the net down this way..." And we would say "No, that's not what we thought of but your idea would probably work just as well."

The thing is many of those ideas are still valid. The global Internet network is a rickety piece of technology held together with bubble gum and bailing wire. If it wasn't for the fact that people are actively trying to keep it operational I fear it would fall apart under its own weight in a very short amount of time not to mention if someone actually wanted to take it down.

- Space Rogue

Comment Re:There's no way they'll abuse this (Score 5, Informative) 570

Yup, just like they did in Massachusetts

State hits crime lab on DNA cache, Some files improperly kept, IG says
The State Police crime laboratory is storing the DNA profiles of hundreds of people whose crimes do not warrant it, according to an investigation of the historically troubled lab, raising the specter of what one civil libertarian called a "shadow DNA database."

- SR

Comment This is BS (Score 1) 407

I am an IT Manager. There is no excuse for not having email accounts, at the very least, created prior to a new employees first day.

I get notification from my HR department about new employees at least two weeks prior to their start date. In that time I and my staff create email accounts, domain accounts, set network permissions etc... Then on their first day everything is set and ready to go. Occasionally employees are actually given web access to email before they officially start work (but not before paperwork is signed). Our employee manual specifically forbids using outside email services such as Google, Yahoo, etc... for corporate email. Not so much for security but for auditing and accountability reasons.

There is no reason why the outgoing IT staff at the White House could not, at the very least, create email accounts for the incoming administration prior to their arrival. I sincerely hope that when the time comes for the O-Man and his cohorts to leave office that they don't go through this same mess. Inexcusable.

- SR

Slashdot Top Deals

panic: kernel trap (ignored)