"In April 2008 it was reported that 13 year-old Nico Marquardt from Potsdam, Germany had recalculated the odds as part of a science competition, and found the risk had been underestimated.
Taking into account the possibility of the asteroid colliding with one or more of the estimated 40,000 artificial satellites orbiting the earth, possibly causing a shift in its orbit, increases the probability of a collision with [5] earth on its next fly-by in 2036 to 1 in 450. NASA was reported as confirming these results with the ESA[6], yet they have since apparently denied these claims, and on April 15, 2008 it was reported Nico Marquardt's calculations were incorrect." -- Wikipedia
http://en.wikipedia.org/wiki/99942_Apophis/
Why do people even bother with slashdot anymore? If you're after news and events of interest Slashdot misses most and when they actually post them they're 1-2 days behind.
HTTP://WWW.DIGG.COM PPL
The answer, as usual is which one favors Linux, open source, Firefox and if none of the aforementioned fit, which ever one is less favorable for Microsoft.
I gave the Mac 5 years. Guess what? I'm back with Windows.
Re:My light fixtures are safe, really, trust me.
on
Security — Open Vs. Closed
·
· Score: 2, Informative
Closed doesn't mean nobody has seen it. MS for example gives it source code to many 3rd parties for review and analysis. If source code is subject to extensive 3rd party review, closing it to the general public adds an additional layer of security. Security through Obsurity may not be a great stand alone security model, but as part of security indepth it can be. It should be used as one of many layers.
Other than Door games, Doom was my first multiplayer (modem-enabled) game. My grades dropped immediately after night after night of intense death match sessions with people around the world or direct-dialed in my local area.
Hacking was fun back then...
"A buffer overflow in a user-level application?" Yes. Is this something new to you? There were at least 100 discovered in Firefox/IE in 2006. Yes, just because a process isn't running as SYSTEM or root doesn't mean there's no risk associated with it.
First of all, who the hell are Heise Security in the first place? They come across as a group of firewall admins turned security 'experts'.
The statements in the article are ridiculous.
"For the first time, underground prices for such zero-day exploits dropped in 2007, compared to the previous year. Insiders think this drop in prices was caused by a glut of such exploits, mainly due to the broad usage of simpler fuzzing tools. Bit by bit, these half-automated vulnerability scanners are uncovering the (security) sins of a whole generation of programmers."
There is no generic 'asking price' for 0-day. There's a massive varience in pricing based on the exploitability, saturation and accessibility. $50,000 for a remote MS hole isn't going anywhere but up.
"With many companies starting to migrate to Web 2.0, the security situation changed for the worse: Cross-site scripting holes on web servers became an epidemic plague. Defacing web sites advanced from an insider gag to mass entertainment when Jonathon Ross presented his favorite pages on the sites of Buckingham Palace, the Whitehouse and the Vatican."
Buckingham Palace, the Whitehouse and the Vatican drivin by Web 2.0? Give me a break.
"So let's just hope that our crystal ball is wrong..."
Don't worry, it will be.
Ebooks distribution is still in its infancy. Give it time there, old timer.
With regard to OSS. Indeed. It's not going anywhere. It's free, therefore it's going to sit here and fester for many generations to come. I guess to you the mere fact it's going to exist makes it's future bright.
:) Nice assumption, but completely false considering I have and do contribute regularlly to OSS development. In fact, I've founded some fairly popular projects in my time as well.
I just have my eyes wide open. Very few 'good' developers are willing to sacrifice their free time for the good will of mankind. When you're a teenager or even in your earlier twenties, all you want is to feed your ego. Later on you're more concerned with feeding yourself.
"The article notes that other vendors, for example Sun, have more liberal and flexible support policies for legacy products."
That's because all of Suns customers are legacy. They have no new customers. Sun will do whatever it takes to keep what it has.
You have to love it when researchers find vulnerabilities in Beta/RC softwware and then hold on to them until release hoping they're not fixed so they can sling mud and/or gain additional notority for the discovery.
I'm an ex-blackhat who's been working the security space for over 10 years now. My employers only know about my work experience; nothing prior to that. I'm very good at my job, I'm passionate about security, that's all that matters. As long as you're a blackhat who doesn't have a criminal record, you'll likely get a lot more value out of them than a cert crazy white hat who got into security cuz it's "cool".
Slashdot Mirror
"In April 2008 it was reported that 13 year-old Nico Marquardt from Potsdam, Germany had recalculated the odds as part of a science competition, and found the risk had been underestimated. Taking into account the possibility of the asteroid colliding with one or more of the estimated 40,000 artificial satellites orbiting the earth, possibly causing a shift in its orbit, increases the probability of a collision with [5] earth on its next fly-by in 2036 to 1 in 450. NASA was reported as confirming these results with the ESA[6], yet they have since apparently denied these claims, and on April 15, 2008 it was reported Nico Marquardt's calculations were incorrect." -- Wikipedia http://en.wikipedia.org/wiki/99942_Apophis/
http://www.popfly.com/
Why do people even bother with slashdot anymore? If you're after news and events of interest Slashdot misses most and when they actually post them they're 1-2 days behind. HTTP://WWW.DIGG.COM PPL
The answer, as usual is which one favors Linux, open source, Firefox and if none of the aforementioned fit, which ever one is less favorable for Microsoft.
I gave the Mac 5 years. Guess what? I'm back with Windows.
Closed doesn't mean nobody has seen it. MS for example gives it source code to many 3rd parties for review and analysis. If source code is subject to extensive 3rd party review, closing it to the general public adds an additional layer of security. Security through Obsurity may not be a great stand alone security model, but as part of security indepth it can be. It should be used as one of many layers.
See subject.
Give me a break. If the shoe were on the other foot it would be "UK Schools embrace Linux as desktop standard."
Are you basing that on anything scientific? No. Just an uninformed opinion.
Other than Door games, Doom was my first multiplayer (modem-enabled) game. My grades dropped immediately after night after night of intense death match sessions with people around the world or direct-dialed in my local area. Hacking was fun back then...
"A buffer overflow in a user-level application?" Yes. Is this something new to you? There were at least 100 discovered in Firefox/IE in 2006. Yes, just because a process isn't running as SYSTEM or root doesn't mean there's no risk associated with it.
I hope you're right. I'd rather have been trolled than have to live with the idea that these guys believe what they've writen.
First of all, who the hell are Heise Security in the first place? They come across as a group of firewall admins turned security 'experts'. The statements in the article are ridiculous. "For the first time, underground prices for such zero-day exploits dropped in 2007, compared to the previous year. Insiders think this drop in prices was caused by a glut of such exploits, mainly due to the broad usage of simpler fuzzing tools. Bit by bit, these half-automated vulnerability scanners are uncovering the (security) sins of a whole generation of programmers." There is no generic 'asking price' for 0-day. There's a massive varience in pricing based on the exploitability, saturation and accessibility. $50,000 for a remote MS hole isn't going anywhere but up. "With many companies starting to migrate to Web 2.0, the security situation changed for the worse: Cross-site scripting holes on web servers became an epidemic plague. Defacing web sites advanced from an insider gag to mass entertainment when Jonathon Ross presented his favorite pages on the sites of Buckingham Palace, the Whitehouse and the Vatican." Buckingham Palace, the Whitehouse and the Vatican drivin by Web 2.0? Give me a break. "So let's just hope that our crystal ball is wrong..." Don't worry, it will be.
No shit. While the value these sites provide is 'ok' at best, all the active bloat on that page makes it almost unusable.
Just call your CC company and ask for a set of disposable CC #s. They're single use for online purchases.
Sounds like more an opinion than a 'fact'. I'd love to know what hard statistical backing you have. Please advise.
Ebooks distribution is still in its infancy. Give it time there, old timer. With regard to OSS. Indeed. It's not going anywhere. It's free, therefore it's going to sit here and fester for many generations to come. I guess to you the mere fact it's going to exist makes it's future bright.
:) Nice assumption, but completely false considering I have and do contribute regularlly to OSS development. In fact, I've founded some fairly popular projects in my time as well. I just have my eyes wide open. Very few 'good' developers are willing to sacrifice their free time for the good will of mankind. When you're a teenager or even in your earlier twenties, all you want is to feed your ego. Later on you're more concerned with feeding yourself.
The future of libraries (brick and mortal at least) is about as bright as most open source software.
"The article notes that other vendors, for example Sun, have more liberal and flexible support policies for legacy products." That's because all of Suns customers are legacy. They have no new customers. Sun will do whatever it takes to keep what it has.
Not including the 150 million phishing sites hosted on the 250 million zombie systems out there.
Physical media for storage and distribution of audio/video is dead.
You have to love it when researchers find vulnerabilities in Beta/RC softwware and then hold on to them until release hoping they're not fixed so they can sling mud and/or gain additional notority for the discovery.
well put.
I'm an ex-blackhat who's been working the security space for over 10 years now. My employers only know about my work experience; nothing prior to that. I'm very good at my job, I'm passionate about security, that's all that matters. As long as you're a blackhat who doesn't have a criminal record, you'll likely get a lot more value out of them than a cert crazy white hat who got into security cuz it's "cool".