Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Hey Wordpress... (Score 1) 103

I don't know that the statement "the salt will always be known" is a valid one. The fact that it's different for each password is what makes it secure.

The statements "the salt will always be known" and "it's different for each password" aren't mutually exclusive. You can have a unique salt for each user / password and still always know the salt for each of those users.

Also, in the case of Wordpress, I imagine the only password an attacker would be interested in would be that of an admin. Presumably you wouldn't be trying to brute force every single users password on a Wordpress installation, anyway. Of course, then again, I'm not sure non-admins have a reason to have an account, anyway, since most Wordpress installs allow unauthenticated users to comment.

Comment Re:Hey Wordpress... (Score 1) 103

Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security.

Do you even know what a salted password is? Instead of brute forcing hash(password) you brute force hash(salt + password). Since the salt is always going to be known, brute forcing hash(salt + password) takes no more time then brute forcing hash(password). All it protects against are run-of-the-mill rainbow table attacks

Obfuscating banners only adds a trivial amount of work to determine the version a server is running.

I assume you're referring to the capability testing that the post mentioned? Tell me - did 2.8.4 even introduce new capabilities? If so, then, presumably, it should have been numbered 2.9.0 - not 2.8.4. And if they didn't add new capabilities, then capability testing wouldn't allow an attacker to figure out if you were running a vulnerable version or not,'s comments notwithstanding.

Comment add more commercials (Score 1) 313

TV networks generally have 15 minutes of commercials for every 45 minutes of programming and as loathsome as having that many commercials may be, I'd, personally, rather have that than have to pay $20.00 / month or whatever. And I don't see pirating as a viable alternative, either - however unjustified the penalties for copyright violation may be, the fact remains that if you get caught, you're liable to be fined several thousand dollars.

Comment Re:Sell more MSN (Score 1) 621

Most computers come with dial-up modems. Microsoft could use playing crippled files as an excuse to sell the Butterfly [] to listeners.

just because most computers have dial-up modems doesn't mean that most people with dial-up modems are going to want to have to connect every time they want to play an audio CD.

or to another spin on this... should someone not be able to listen to an audio CD with headphones just because someone else is on the phone?

or what about someone using a laptop on a plane, in a car ride, or just outside, somewhere where they're not going to have an internet connection... should they not be able to listen to audio CD's?

or what about kids who have a computer, but whose parents won't let them get on the internet without their permission? do they now need permission just to play an audio CD?

make no mistake... having to connect to the internet to do something *is* an inconvience to some people, and i dislike the precidence this sets... i don't think we should have to inconvenience ourselves anymore than we already do for Microsoft.

Slashdot Top Deals

Any given program will expand to fill available memory.