Most security breaches happen because of social networking "hacks".
I got a call from "citibank" the other day on my office phone. They said they have a pretty good offer to give me and went ahead and gave me a fantastic offer. Then they asked me my full name (ahem!). And then they asked some more details (innocuous ones) until finally they asked my credit card number. That's exactly when I hung up. I know people who would happily give out this information without even realising what's happening!
There are also instances of people being asked to fill up some forms with ask too many personal details, and I have seriously wondered - "what if this falls in the wrong hands".. they could use that info to break open *most* passwords to my mail and other internet accounts.
Infact my Manhattan card account personnel only asks for my name, address and telephone number for verification! Jesus!
So my question is, that if somebody does a security breach via social networking; how is it that "information security" has failed?
if the code is built at such a fast pace, and can only be debugged by "god-level" hackers, then the best way to ensure a bug-free linux is to provide the developers with a very good feedback mechanism.
what if a distributed system is built to test every patch/release of the linux kernel on most/all hardware configurations? i use the word distributed as it will be difficult to have one place where all the testing happens. people/coders who are interested in helping in kernel development, but lack the experience, can start with downloading diffs and patching their kernels and testing them.
some people could also work on a distributed testing system, ala SETI.
all of this would get a bug out soon and it might be possible to trace the bugs to which patch/release introduced the bug. hence resulting in a lesser bug-closing turnaround time.
what is the existing way bugs are discovered and closed?
The govt. should catch the people who set in blank passwords for administrators as defaults first! This is even worse then getting tripped by a script-kiddie! They're addressing the wrong problem by putting McKinnon on trial.
And the media should stop paying attention to McKinnon. Next we know, he'll be out pushing an autobiographical book... "how 2 hack the us military computers"! lol:)
I was really shocked when I read this! I have been working on computers for 15 years now! And most of the times, I enter "deep-hack" mode and I don't even realise the time. That working for long hours can cause DVT came as a shock.
Have any studies been done on this? Or is this a particular case? If no studies have been done on this, then it certainly warrants an analysis with the ergonomics perspective in mind.
from what i know, a trademark is a "trademark" as long as people associate the "trademark" with the brand. if a trademark gets diluted and is not enforced properly, then it does not remain a trademark. for example you trademark a product X by the name Y, then you should always call Y X or Y's X. if you keep calling it Y then people associate Y with the product X.
eg. xerox photocopiers. in some places, people associate xerox with photocopiers. the trademark has diluted to such an extent.
so my question is, how will "whoever wins the TM battle" protect their trademark against dilution? if the smiley is TMed, then will i have to say:)* in all the mails I type?
* TM of (so and so)
will people be able to use, paint, draw smileys again!?
If this thing works, and it sounds to me that it does, it could be the next breakthrough.
Jot it down in the list of great inventions from start-ups, which big companies have not been able to achieve. I'm sure the big-companies would not have thought out-of-the-box for an approach like this. only start-ups can "afford" to do such a thing;)
regularly call up with problems, usually related to Windows spy-ware/Trojans/Viruses
maybe you could ask him to look elsewhere. give some pointers to self-help forums or websites where he can download AV/firewall software (norton et al) or refer to some other professional group who take care of this business. tell 'em that you won't be able to solve the problem at hand given your work/time constraints. you're a developer working on a piece of code and you should only support your code if required. why go around supporting winblowz worms? (incidentally, you can ask them to call ms tech-support)
Microsoft wants Vista to be secure. That's because the EULA keeps 'em safe. Let the EULA have defined clauses for security. Then microsoft will need Vista to be secure.
That's the only way I see s/w providers will make serious efforts to make their code more secure- if providers are culpable for damages arising out of security breaches.
Speed / Usability Tradeoff
on
Vim 7 Released
·
· Score: 1
vi / emacs / joe / (your favorite cli editor here) essentially provide a tradeoff of speed. you can either leave the keyboard, grab the mouse, click-click-and-click to get the thing done; or press a couple of keys on the keyboard to achieve the desired action.
people who use the keyboard a lot would naturally prefer the former.
having said that, i would love it if vi introduces a nice "menu" interface with key-shortcuts mentioned to achieve the desired task.
-----------------
ps: my websites are vi powered;)
Phew! And I thought they were the big boys. They'd have enough checks in place to take care of a situation like this. Could they (Tucows) have actually done something to prevent this exploit? Or is it a weakness of the underlying system?
I remember reading another post on slashdot quite sometime ago where they described how partypoker.com (or some site like that) faced a DDoS hit.
PS: Any ideas if microsoft.com would be vunerable to an attack like this? If yes, they must be doling out ransom by the millions!
But in the software industry, when you install something there is this 9,000-page legalese that basically says: "We have no idea what this thing does, we're not claiming it does anything, if it remotely does anything useful you should be grateful to us, but you shouldn't blame us if it doesn't do what you expect." And they get away with it!
So true. So true! I really wonder how this trend started? And it looks like there's no going back. Are there alternates to this kind of EULA. Something like more responsible EULA. Why are the customers paying through their noses when the manufacturers accept *no responsibility*!?
Dunno if the system will *work* or not, but I'm sure there'll be a lot of law-making bee_ess involved (terrorism / RIAA) that'll bring down the whole system.
PS: Hey! I managed to get RIAA and terrorism together;)
and overcoming the challenge of users not reading dialog boxes
I'd totally agree with that as well. While designing the UI for a SW once, I had the task of displaying some "advertisement messages" and some "critical information (govt. releases)" to the user immediately after he/she logs in. We did that through pop-up dialog boxes which was a very bad idea.
The user was so used to ignoring the advert. dialog boxes that he/she'd never read them. The important messages just got lost!
Slashdot Mirror
china, only 4; same as america
india: zuk
pakistan: zilch so who exactly is worried about what!?
I got a call from "citibank" the other day on my office phone. They said they have a pretty good offer to give me and went ahead and gave me a fantastic offer. Then they asked me my full name (ahem!). And then they asked some more details (innocuous ones) until finally they asked my credit card number. That's exactly when I hung up. I know people who would happily give out this information without even realising what's happening!
There are also instances of people being asked to fill up some forms with ask too many personal details, and I have seriously wondered - "what if this falls in the wrong hands".. they could use that info to break open *most* passwords to my mail and other internet accounts.
Infact my Manhattan card account personnel only asks for my name, address and telephone number for verification! Jesus!
So my question is, that if somebody does a security breach via social networking; how is it that "information security" has failed?
what if a distributed system is built to test every patch/release of the linux kernel on most/all hardware configurations? i use the word distributed as it will be difficult to have one place where all the testing happens. people/coders who are interested in helping in kernel development, but lack the experience, can start with downloading diffs and patching their kernels and testing them.
some people could also work on a distributed testing system, ala SETI.
all of this would get a bug out soon and it might be possible to trace the bugs to which patch/release introduced the bug. hence resulting in a lesser bug-closing turnaround time.
what is the existing way bugs are discovered and closed?
And the media should stop paying attention to McKinnon. Next we know, he'll be out pushing an autobiographical book... "how 2 hack the us military computers"! lol :)
Have any studies been done on this? Or is this a particular case? If no studies have been done on this, then it certainly warrants an analysis with the ergonomics perspective in mind.
so my question is, how will "whoever wins the TM battle" protect their trademark against dilution? if the smiley is TMed, then will i have to say :)* in all the mails I type?
* TM of (so and so)
will people be able to use, paint, draw smileys again!?
Jot it down in the list of great inventions from start-ups, which big companies have not been able to achieve. I'm sure the big-companies would not have thought out-of-the-box for an approach like this. only start-ups can "afford" to do such a thing ;)
maybe you could ask him to look elsewhere. give some pointers to self-help forums or websites where he can download AV/firewall software (norton et al) or refer to some other professional group who take care of this business. tell 'em that you won't be able to solve the problem at hand given your work/time constraints. you're a developer working on a piece of code and you should only support your code if required. why go around supporting winblowz worms? (incidentally, you can ask them to call ms tech-support)
Microsoft wants Vista to be secure. That's because the EULA keeps 'em safe. Let the EULA have defined clauses for security. Then microsoft will need Vista to be secure.
That's the only way I see s/w providers will make serious efforts to make their code more secure- if providers are culpable for damages arising out of security breaches.
people who use the keyboard a lot would naturally prefer the former.
having said that, i would love it if vi introduces a nice "menu" interface with key-shortcuts mentioned to achieve the desired task.
----------------- ;)
ps: my websites are vi powered
Phew! And I thought they were the big boys. They'd have enough checks in place to take care of a situation like this. Could they (Tucows) have actually done something to prevent this exploit? Or is it a weakness of the underlying system?
I remember reading another post on slashdot quite sometime ago where they described how partypoker.com (or some site like that) faced a DDoS hit.
PS: Any ideas if microsoft.com would be vunerable to an attack like this? If yes, they must be doling out ransom by the millions!
So true. So true! I really wonder how this trend started? And it looks like there's no going back. Are there alternates to this kind of EULA. Something like more responsible EULA. Why are the customers paying through their noses when the manufacturers accept *no responsibility*!?
Dunno if the system will *work* or not, but I'm sure there'll be a lot of law-making bee_ess involved (terrorism / RIAA) that'll bring down the whole system.
;)
PS: Hey! I managed to get RIAA and terrorism together
and overcoming the challenge of users not reading dialog boxes
I'd totally agree with that as well. While designing the UI for a SW once, I had the task of displaying some "advertisement messages" and some "critical information (govt. releases)" to the user immediately after he/she logs in. We did that through pop-up dialog boxes which was a very bad idea.
The user was so used to ignoring the advert. dialog boxes that he/she'd never read them. The important messages just got lost!