Slashdot Mirror


User: Chandon+Seldon

Chandon+Seldon's activity in the archive.

Stories
0
Comments
3,874
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,874

  1. Re:Flamebait indeed on Windows vs Linux On Security · · Score: 1

    How many of the major programs used on NT are old VMS programs that now also target NT as a compilation platform?

    How close is NT to still being VMS?

    How close is Linux to still being Unix?

  2. Re:Do Nothing on What Would You Do With a New Form of Encryption? · · Score: 1

    If you're using secure software, perhaps it's better to let people know so that they don't waste your bandwith trying to break in.

    Usually the "Security Through Obscurity" complaint is in response to the use of obscurity *instead of* security.

    If you have a secure server, an attacker *cannot* break in. In this case, obscurity only increases the attack rate. If you're running OpenBSD 3.2 default install, and you let everyone know that you are running it, people won't bother trying to attack it.

    If you're running the same server but make it claim to be Windows NT sp 3, people will constantly be tying up your bandwith with attacks.

    If you connect to the internet, there's no such thing as "concealing your address". If you are colocating your server with an ISP, or running your own small buisness, your IP is in the list of likely targets, and it takes an attacker less than 8 hours to scan that *entire range* from a residential broadband connection. You can't change your OS fingerprint, so if you're scanned and have a vulnerability, you will be broken into.

  3. Re:Do Nothing on What Would You Do With a New Form of Encryption? · · Score: 1
    This is the same as making a lock that opens to any key, and not telling anyone. The lock is still insecure. But security components are different from security practices. Your locks should be secure, and nobody should know what make and model of locks you have. Your software should be secure, and nobody should know what software you use.

    Say you are running Windows NT 4 service pack 3, and there's a script kiddie who knows about the IIS hole.

    If you leave the server ID string as "IIS / NT 4" then the script kiddie will know he can exploit the known security hole in your server.

    If you change it to "Apache / Red Hat 6.2", the script kiddie will port scan it for other vulnerabilities and not find an open Telnet or SSH port, realize it's not actually Red Hat, OS fingerprint it, discover that it's NT 4, and then he'll know he can exploit the known security hole in your server.

    If you want to compare physical security to computer security, imagine the following: Everyone in the world is invisible and people are standing on every street corner handing out automatic lockpick guns (Picks any lock with less than 5 tumblers in no more than 0.17 seconds!).

  4. Re:Potential ally in patent reform on Intel Must Pay $150M for Patent Infringement · · Score: 1

    Because the government will never do anything.

  5. Re:The purpose of patents on Intel Must Pay $150M for Patent Infringement · · Score: 1

    Why are software patents even useful?

  6. Re:Do Nothing on What Would You Do With a New Form of Encryption? · · Score: 1

    Against a half-assed attacker, obscurity might discourage them.

    Against a full-assed attacker, obscurity does nothing - they eithor already know about your methods of obscurity, never see them, or work around them faster than it took you to devise and implement them.

    The problem with security through obscurity is that it makes the security methodology more complex without increasing the actual level of security, and it potentially confuses the issue of what exactly needs to be protected by real security methods.

  7. Re:Do Nothing on What Would You Do With a New Form of Encryption? · · Score: 1

    This holds true in physical security systems only because your goal in most physical security systems is to discourage half-assed attackers. In computer security, you can't assume that you have half-assed attackers.

  8. Re:Hehehehe on What Would You Do With a New Form of Encryption? · · Score: 1

    No, he should find a cryptographer and say "Hey, I've got this neat crypto scheme, can you take a look at it? Oh, BTW, I'm thinking of patenting it, so don't tell anyone how it works."

  9. Re:If you want to make money, patent it on What Would You Do With a New Form of Encryption? · · Score: 1

    As these things go, we've got a couple of symmetric algorithims that are considered pretty well understood: DES, 3DES, Blowfish, IDEA

    And we have at least one public key algorithim that's consided *very* well understood: RSA

  10. Re:ReIllegal that is such crap blood flows vermill on BitKeeper EULA Forbids Working On Competition · · Score: 1

    Actually, the scary fact of the matter is that in the EULA cases that *have* resolved through the court system, the courts have tended to uphold the EULAs.

    In some states, laws have gone through that *explicitly* back software EULAs.

    Now, they're pretty lame and should be ruled invalid, but that's not how the current legal situation is.

  11. Re:Illegal on BitKeeper EULA Forbids Working On Competition · · Score: 1

    If the licence says "People who have dyed their hair green may not use our product", then you can't use their product if you have dyed green hair.

  12. Re:Only the gratis license is affected on BitKeeper EULA Forbids Working On Competition · · Score: 0, Redundant

    Umm... I'm afraid I disagree with your stated opinion.

  13. Re:Do you speak Japanese...? on ICFP 2002 Contest Winners Announced · · Score: 1

    Parsing that, I show 3 words for "Rain":

    Drizzle, Rain, and Downpour

    Most of the rest of what you list are just additions of common adjictives to one of those three.

    Imagine a language that had the word "Canine", but no specific word for Wolf, Dog, or any of the various breed of dogs. In a conversation about languages, someone could say "English has hundreds of words for canine" and someone could reply "So what, we have Big Canines, Little Canines, Feirce Canines, Yapping Canines, Wild Canines, etc."

  14. Re:Well, solaris is written in C++ on ICFP 2002 Contest Winners Announced · · Score: 1

    No, Java will have other retarded security holes. The only programming language that you can be *sure* won't result in dumb security holes is VBScript running on Mosaic.

  15. Re:Yeah.. language is not matter much.. on ICFP 2002 Contest Winners Announced · · Score: 1

    UML -> Brainfuck would be nigh-on impossible, but I do tend to agree that the best way to program in Brainfuck is to write a Something -> Brainfuck converter.

  16. Re:Why the hell do you care about power consumptio on Intel Demos 4.7-GHz Pentium · · Score: 1

    I could care less how much power my desktop PC's processor consumes... my mother's paying the electric bill at the moment anyway.

    In a laptop, battery life = power available / power consumption. I want that processor to run on 4 milliwatts... so that my display and harddrive can eat the battery in 8 hours, not 2.5 hours like current Intel compatible laptops.

  17. Re:Could it be... on Worldwide Focus On Going To The Moon · · Score: 1

    http://tmo.jpl.nasa.gov/tmo/progress_report/42-131 /131D.pdf

  18. Re:With All due respect... on Electronic Voting's Fundamental Flaws · · Score: 1

    If an airplane fails, it's really easy to hold the manufacturer accountable. A couple hundred people may die, but that's not too bad as transportation accidents go. In any case, although *you* may not be able to check the airplane schematics yourself, the FAA can and does - and if the FAA screws up you can be *damn sure* that they will be held accountable.

    If a voting system fails, especially in a potentially politically unstable country, it may be impossible to hold the manufacturer accountable, since the new *government* has reason to protect them, and it may be impossible for the failure to be discovered, much less publicised.

  19. Re:With All due respect... on Electronic Voting's Fundamental Flaws · · Score: 1

    It shouldn't actually be too hard to write a compilation verifier. (Input source code and resulting binary, output GOOD if the binary does nothing that wouldn't be a reasonable compliation of the source code otherwise output BAD)

    Alernitively the vote system can be written in raw assembly - which allows for really easy verification.

  20. Re:Gain this, lose that on AMD Delays Hammer · · Score: 1

    Not processors for commodity desktop computer systems.

  21. Re:Taco (getting a little OT here...) on One Step Closer to NWN for Linux · · Score: 1

    Because he doesn't prioritize playing games above other more important things he uses his computer for... such as his *job*, selling banner ads by ranting about Linux being mad 'leet.

  22. Re:Taco (getting a little OT here...) on One Step Closer to NWN for Linux · · Score: 1

    Why would he want to split his email between a random Windows program and his comphy unix mail reader?

  23. Re:Possession of a high resolution digital camcord on High Definition DVD · · Score: 1
    In addition, the sale of digital video cameras will be permitted only to those people who have a legitimate reason to own one (scientific research, motion picture production, etc).

    When Sony has to choose between selling their personal electronics (which they have the best brand recognition for) and questionable copy protection for their crappy movies, I'm betting that Sony will be on *our* side.

  24. Re:Decoding = Playback not Copying on Jon Johansen DVD Trial Date Set · · Score: 1

    Just having a licence doesn't protect them from having potentially broken this law... just from being charged with it.

  25. Re:Distribution on Jon Johansen DVD Trial Date Set · · Score: 1
    It may be bullshit, but there is nothing which prohibits copyright holders from limiting use of the material. Authors are not required to translate books into multiple languages nor are they required to allow any third party to offer this service. If they want to write their book in hieroglyphics they may do so and no one may translate the material and distribute these translations.
    But if some buyer of the book happens to have an automatic translation device, he can use it to read his own copy of the book.