×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Is Whitelisting the Answer To the Rise In Data Breaches?

timothy posted about 2 months ago | from the none-shall-pass dept.

Security 195

MojoKid writes "It doesn't take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called "whitelisting." It's not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it's pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

195 comments

"whitelisting" (5, Funny)

Anonymous Coward | about 2 months ago | (#46201195)

Yes, yes, tell me more about this novel concept, I have never heard of the term before

Re: "whitelisting" (0)

Anonymous Coward | about 2 months ago | (#46201263)

When's the Whitelist for Dummies book coming out?

Gotta get up to date!

Re: "whitelisting" (5, Funny)

Anonymous Coward | about 2 months ago | (#46201307)

Man, I wish there were appstores for whitelisted software!

SLASHCOTT (-1, Offtopic)

Anonymous Coward | about 2 months ago | (#46201425)

Man, I wish there were appstores for whitelisted software!

Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here [pastebin.com] so links don't get mangled!)

On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.

If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot.

We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org]

Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
  http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories

Keep this up for a few days and we may finally get the PHBs attention.

-----=====##### LINKS #####=====-----

Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415 [slashdot.org]

Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441 [slashdot.org]

Alternative Slashdot: http://altslashdot.org [altslashdot.org] (thanks Okian Warrior (537106) [slashdot.org])

meet us on IRC Freenode ##altslashdot

Re:SLASHCOTT (3, Insightful)

Jaruzel (804522) | about 2 months ago | (#46201813)

I'm SO sick of this 'Fuck Beta' crap.

YOU the /. community are one of most technically-able groups of users on the internet. Therefore, instead of whining about a FREE service that you no longer enjoy, why not group together and build something better? If it's better than /. (not hard...) then your user base will come. A handful of you could throw up a simple blogging system in a few hours, whilst you work on something permanent...

So instead of bitching about it to corporate owners who do not care, get off your arses and build something better.

http://altslashdot.org/ [altslashdot.org] seems to be offline at the time of writing - a good effort but when I did look at it yesterday it seems to be 90% ideas, and sod all development. The best sites on the net, didn't spring into life fully formed, they evolved. The important thing is to just get something up and working as fast as possible.

(Why am I not joining the effort? I'm a Windows guy, my linux foo is simply not good enough else I would.)

-Jar

Re:SLASHCOTT (0, Offtopic)

Anonymous Coward | about 2 months ago | (#46201935)

YOU the /. community are one of most technically-able groups of users on the internet. Therefore, instead of whining about a FREE service that you no longer enjoy, why not group together and build something better?

Two reasons. 1 - Having a userbase is what really drives a site like this. No one wants to go to a technically superior site just to be the only one reading and posting anything. Not even mighty Google could get around this one trying to compete with Facebook, and Google has been aggressive about it (did you sneeze? great, you just signed up for a G+ account!). 2 - We the users made this site what it is and created the success its owners enjoy today, they would sell no ad space on an empty no-traffic site, they would be foolish not to recognize this and listen to our opinions.

Re:"whitelisting" (1, Redundant)

mrbluze (1034940) | about 2 months ago | (#46201323)

Problem: Data Beaches

Reaction: Whitelisting

Solution: Censorship

And by the way, Beta sucks.

Re:"whitelisting" (5, Insightful)

anubi (640541) | about 2 months ago | (#46201947)

A LOT of us are doing a form of whitelisting for exactly the same reason.

How many of us are running programs similar to NOSCRIPT mostly because of hostile code and inattentive webmasters unwittingly distributing malicious code wrapped in advertisements?

I learned about NOSCRIPT right here on Slashdot ( Thanks, guys!!! ) in response to one of my posts where I was whining ( loudly ) about not being to be on the net for more than a few hours before I had to reboot Windows to try to get my system back.

There is a lot of nasty stuff out there, and it seems most of it comes riding in on scripting or coaxing me to run their attachment. Often I have seen them try to piggyback on the trust I have for a business - a business that places that trust at risk if the business insists I enable javascript for his site, then the bad guy uses that coercion of the business model to his own advantage.

I think that is what a lot of the clamor here has been all about. We see wealthy investor type men taking control from the techie base and may force us to "drop our defenses" in order to communicate, and we are collectively screaming "NO" as loud as we can to the deaf ears of the businessman.

I think we have all seen the suit people take down a business, and we don't want it happening here.

Re:"whitelisting" (0, Offtopic)

Anonymous Coward | about 2 months ago | (#46201337)

What? A first post that's not "Fuck Beta!!"? I'm going to have to check to see what site I'm really on.....

Re:"whitelisting" (4, Insightful)

Z00L00K (682162) | about 2 months ago | (#46201437)

Most data breaches have occurred within a company, and the only way around it is to segment the networks and servers so that only select computers have access to financial data, others have access to HR data and yet others have access to strategic documents. Then it depends on company type if yet more segments are needed. In most cases the software development can go in one segment - the majority of the software developed is bread&butter. But in other cases special projects may need their own segment. Also make sure that all printers have their own sub-segment of each segment to make sure that any printer that has been hacked isn't going to have access to all the data, just the print data.

Of course - this goes against the strategy of installing everything in one huge server running virtual servers.

Whenever there is a need to exchange data it has to require manual action between individuals in both segments.

And for browsing the internet - run a sandbox solution to isolate any browsing from the remaining network. It may mean that the web browser is on a special server. If that server is contaminated it's not a big problem to rebuild it.

Re:"whitelisting" (1)

tramp (68773) | about 2 months ago | (#46201951)

Installing everything in one huge server running virtual servers should make it easier by creating virtual network segments. And even with such segments it is questionable if the potential damage in one segment is not a reason to whitelist within each networksegment too.

Re:"whitelisting" (2)

drolli (522659) | about 2 months ago | (#46201503)

O, i wish i had mod points....

I always thought that the "x" bit under unix was a kind of whitelisting mechanism (in combination with the "noexec" mount option).... or the security contexts under Windows or Apparmor or SELinux

But now, there is a new startup which wants to promote a product...

Re:"whitelisting" (0)

Anonymous Coward | about 2 months ago | (#46201709)

Yes, yes, tell me more about this novel concept, I have never heard of the term before

We should white list the classic slashdot site!

Brilliant... (1, Insightful)

Anonymous Coward | about 2 months ago | (#46201211)

... next we'll make it impossible to emulate a trusted DLL ... oh, wait.

Re:Brilliant... (2)

mikael (484) | about 2 months ago | (#46201463)

There was a guy at our university wanting to do some university psychology tests and figured the best way for the application to log the results was to send them as an E-mail to himself, where they could be timestamped independently. Only problem was that any application that wasn't on the PC's anti-virus whitelist was blocked from opening that port. So he just renamed his experiment application to "Agent.exe" and the anti-virus software allowed the message to be sent.

Re:Brilliant... (0)

Anonymous Coward | about 2 months ago | (#46201507)

Did he publish his results as a crowning achievement of human psychology? Guy outwits anti-virus software. That must be worth at least a Nobel Prize.

Re:Brilliant... (0)

Anonymous Coward | about 2 months ago | (#46201929)

Hey, it's more than Obama did & he got one...

UEFI SecureBoot (-1)

Anonymous Coward | about 2 months ago | (#46201219)

The summary just described UEFI SecureBoot, which we hate since Windows 8 was first to adopt it

More sophisticated than current security FUCK BETA (-1)

Anonymous Coward | about 2 months ago | (#46201255)

The current security being nothing at all. And why would a company implement any security at all since they don't get any punishment at all when user identities get stolen?

Also, FUCK BETA, Slashcott 10-17 February

Do it in ROM (0)

Darth Cider (320236) | about 2 months ago | (#46201265)

Why aren't OSes in ROM? Why do they have to be in read-write memory? If it's so expensive to suffer breaches, why trust any rewritable core? (I guess because OSes are never released as finished products, without built in security holes.)

Re:Do it in ROM (1)

Anonymous Coward | about 2 months ago | (#46201289)

Why aren't OSes in ROM? Why do they have to be in read-write memory? If it's so expensive to suffer breaches, why trust any rewritable core? (I guess because OSes are never released as finished products, without built in security holes.)

Vulnerabilities are discovered in all OSes, open source or not. If you have that in ROM you will never be able to patch it and have a permanently vulnerable system.

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201299)

What about something with a hardware write lock on it? OS is in memory, but write is disabled unless you flip a real switch. Hell, it can be a locked switch so only IT can do updates. Yeah, fishing and fake updates could be a problem, but at least you know the OS only changes when the switch is closed.

Re:Do it in ROM (3, Insightful)

TheReaperD (937405) | about 2 months ago | (#46201365)

Sadly, the worst problem for system security is humans. If you required the flipping of a physical switch then malware would simply tell the user to flip the switch to see your choice of free porn, music, movies, games, etc. and the human will flip the switch (or any other method that requires human action). Humans are stupid... sad but, true.

Re:Do it in ROM (2)

Tom (822) | about 2 months ago | (#46201533)

Which is why a good security model for a company will not give users the ability to flip that switch.

Which also means that if you don't want the IT department to spend 90% of their time fielding "I need to do X, can you enable it for me?" calls, you need to spend considerable time, effort, expert knowledge, user interviews and other things that equate to money, on creating a good policy.

And since most companies shun security expenses and would rather knowingly risk a $1 mio. break-in then spend $10k to prevent it, well, here we are.

Re:Do it in ROM (1)

maxwell demon (590494) | about 2 months ago | (#46201615)

Have the change require a hardware dongle. Lock the hardware dongle away where only the sysadmins have the (physical) keys. Problem solved.

Unless the sysadmin wants to see the porn, of course. ;-)

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201657)

Of course the sysadmin wants to see the porn. Sysadmins are undersexed losers.

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201789)

Of course the sysadmin wants to see the porn. Sysadmins are undersexed losers.

Of course we are. I'll remember to tell that to my 8 children (by 6 different mothers in four different countries, I used to travel a lot).

I never though sex we a spectator sport; I prefer to participate one-on-one.

Which is why I am not happy with the group fucking we are getting with Beta.

Re:Do it in ROM (1)

FaxeTheCat (1394763) | about 2 months ago | (#46201793)

Have the change require a hardware dongle. Lock the hardware dongle away where only the sysadmins have the (physical) keys. Problem solved.

Unless the sysadmin is in a different office, city, country or continent... Yes it is a real scenario. We do that in our company.
Or unless the sysadmin is responsible for a few thousand servers in a datacenter.
One problem solved, another unsolvable problem created.

Re:Do it in ROM (1)

mysidia (191772) | about 2 months ago | (#46201907)

Sadly, the worst problem for system security is humans. If you required the flipping of a physical switch then malware would simply tell the user to flip the switch to see your choice of free porn, music, movies, games, etc.

Maybe so, but in an Enterprise environment, the "Toggle Switch" would be replaced with a KeySwitch, and the end user would not have the key to operate it.

Re:Do it in ROM (1)

mikael (484) | about 2 months ago | (#46201483)

I would like to see the filesystem of an OS partitioned into several levels: read-only disk drives where stuff never changes unless an update occurs (kernel, device drivers, configuration files), read-write disks where log files are update by the minute, hour or day, and local/user partition which is updated by the user.

Our university managed to do something similar by just having a ISO image that they overwrite the OS partition with, every time the PC was rebooted.

Re:Do it in ROM (3, Insightful)

Tom (822) | about 2 months ago | (#46201545)

I would like to see the filesystem of an OS partitioned into several levels: read-only disk drives where stuff never changes unless an update occurs (kernel, device drivers, configuration files), read-write disks where log files are update by the minute, hour or day, and local/user partition which is updated by the user.

You mean the way that almost every installation guide for every Unix system ever recommends you do it, and almost nobody ever does?

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201573)

Fewer partitions means more room for porn! Lunix systems have more porn on them than ever before!

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201557)

Read-only disks for root and usr were commonly used in Unix. Linux can be installed across multiple partitions, but early Linux users inherited the tradition of a monolithic system disk from MS-DOS, and modern Linux users inherited the tradition of a monolithic system disk from MS-Windows.

Re:Do it in ROM (4, Interesting)

donaldm (919619) | about 2 months ago | (#46201711)

You should always set-up your file-systems in such a way that the OS part is completely separate from user data such that it should be a simple matter to recover or even install and update just the system file-systems. Unix and now Linux has always recommenced this type of layout although you can even do something like this for Microsoft Windows.

I have Fedora 20 running on my PC's and I make sure I document my system layout, application requirements, customisations and of course my security files which I save. If on the off my system gets compromised I can easily 1) Do a system recovery or 2) Do a fresh install and update without compromising my /home or archive data.

The fresh install takes me approximately 1 hour then 15 minutes for customisations then about 1 hour for the update although during this time I can fully use the machine. It must be noted that a recovery from backup would most likely take me about 20 minutes for 10 GB to be recovered (over 2000 packages), however if you have been compromised it is usually safer to do a fresh install.

It is possible to have a read-only system file-system for a Unix/Linux but this would be a stupid idea since you have /var which contain logs and update information that is required to be read/write. Even / (/ and /usr) needs read/write on occasion. The same is true for a Microsoft OS. The best you can do is have a tested disaster recovery plan and surprisingly it need not be that elaborate but you do need to cover most what if's.

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201383)

Why aren't OSes in ROM?

They were, in 1984 when RAM was expensive, the MacOS was in ROM. RAM is cheap 30 years later, and ROM is almost completely obsolete because its read-only nature makes it extremely inconvenient.

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201797)

I think the talk is more about EEPROM (not actually EEPROM chips but electronically eraseble ROMs, which flash is too), where you can hardware disable writing by disabling the write input pin. Put a switch between power and the write pin and you can disable writing and no software will be able to write to the chip.

Re:Do it in ROM (1)

hairyfeet (841228) | about 2 months ago | (#46201691)

Because man is fallible? There has never been an OS that is bug free and by placing the OS in ROM not only do you insure that no bugs will EVER be patched but that any improvements that would help make things run better/faster/smoother will likewise never happen.

Oh and even if you had the OS boot from a ROM its gonna have to have core files placed in memory sooner or later so an attacker could simply patch in RAM and still take control.

Re:Do it in ROM (0)

Anonymous Coward | about 2 months ago | (#46201749)

Because man is fallible? There has never been an OS that is bug free

The Mac Classic contained an entire System 6 Boot Disk in ROM [eeggs.com], and everyone knows that System 6 is perfect.

Trusted program, untrusted use (1, Informative)

jklovanc (1603149) | about 2 months ago | (#46201269)

What is someone breaks in, gets command line access and uses trusted commands to send the data elsewhere. The hacker used trusted programs to do the breach so white list would not stop it.

Re:Trusted program, untrusted use (4, Informative)

Tom (822) | about 2 months ago | (#46201519)

All good security is layered. This is one part of a complete security model, the part that prevents the hacker from uploading and using his own tools.

Of course, you also need other parts. For example, runtime-patching is a reality, so unless you have additional protections in place to prevent it, there are plenty of ways that a hacker can still execute arbitrary code including entire programs.

But the primary protection this offers is to finally solve the exe-cloaked-as-jpeg-or-zip-in-a-scam-email-that-users-click-to-open problem that Mickeysoft should've solved 10 years ago by simply fucking removing that idiocity from Outlook one day after it went live and people realized how trivial it is to abuse.

Basically, the primary beneft of this will be that it prevents unintentional execution of code. It doesn't stop a dedicated attacker who already has root access, at least not by itself.

Re:Trusted program, untrusted use (3, Interesting)

hairyfeet (841228) | about 2 months ago | (#46201741)

Oh please do you REALLY think that is the cause of Windows infections?

I got news for ya pal, I fix the systems that get pwned 6 days a week and I can tell ya that hasn't been even a major, much less main, source of infections since 2004 or so. How do Windows systems get infected? The same way this page shows you how to infect a Linux system in just 5 steps [geekzone.co.nz] through good old fashioned social engineering. Here are the top sources of infections I see at the shop, I see these constantly..

1.- "You want to see teh hot lesbos? Just run 'Iz_Not_Viruz_Iz_Codex' to see teh hot lesbos today!" 2.- Hi, this is your (insert name of person they know whose system has been pwned) and I found something really cool! Just click this link (which goes to a page full of drive bys) to check it out!" 3.-ZOMFG u got teh viruz! Just run 'Iz_Not_Viruz_Iz_Cleanerz' to get rid of it ZOMFG!" 4.- "You are teh winrar of our contest! Just give us all your info on this page (so we can pull an ID theft while infecting you with drivebys) so you can get your prize u lucky dog!"

These work on ANY system because they target the weakest point, THE USER. As a matter of fact I've been seeing a sharp rise in infected Android smartphones and ID thefts from that last one. It seems that folks just can't equate one system to another so all those scams that haven't worked on a PC in a decade? Work great on a smartphone. Its endless September all over again. BTW please note that in NONE of those, nor in the Linux example does the OS matter because the weak spot hasn't been the OS in ages, the easy target has been and always will be the users.

Trusted program, untrusted use (1)

donaldm (919619) | about 2 months ago | (#46201777)

What is someone breaks in, gets command line access and uses trusted commands to send the data elsewhere. The hacker used trusted programs to do the breach so white list would not stop it.

Well your machine is now compromised. You now have to ask the question "What can I do". Normally in a case like this you should do a fresh OS install from a trusted source (eg. bootable CD/DVD, USB key) followed by appropriate customisations then updates from a trusted source. You could do a recovery from your OS backup but if you have been compromised I would not trust this.

Obviously you may need to recover your user data if that has also been compromised but if are looking at an enterprise system or even just a home PC, initially you may not need to do this until all interested parties (eg. DB administrators) have checked for issues since you cannot be sure if your backups have not been compromised as well. This is why an appropriate documented disaster recovery plan needs to be in place whether the system is a multi million dollar Enterprise system system or a home computer.

Betteridges law of headlines (0)

Anonymous Coward | about 2 months ago | (#46201279)

Can you guess? Erm....no....

Move along now...ps: can get get rid of everyone adding f*** b*** to every post now please?

Licensing and Cert Costs (3, Interesting)

Anonymous Coward | about 2 months ago | (#46201291)

It's too expensive. If you operate in a Windows environment then you have to use Windows Enterprise to access the functionality (which is expensive) and since code-signing certs are expensive not many devs (including driver devs) use them, meaning, you have to go back to file hashes for individual versions for files that aren't signed. We use these mechanism at my work for high risk workstations and the workload of maintaining them is quite tedious. We just aren't there yet as an industry.

Or put the HD into Read only mode (1)

cheekyboy (598084) | about 2 months ago | (#46201357)

Windows can be made to boot of DVD or read only media.

Now to also make %TEMP% with no execute allowed.

Re:Licensing and Cert Costs (2)

fuzzyfuzzyfungus (1223518) | about 2 months ago | (#46201469)

I haven't had the... pleasure... of having to deploy it, just poked around; but won't the Windows SRP signature-based rules work just fine if you create your own internal certificate, bless it, and then sign anything you want to run; but don't have a publisher signature for?

Doesn't do you much good if you don't know what you are signing, or something gets munged on its way from the vendor to IT; but you don't have to tithe to verisign if the machines are on your domain and will trust you as a CA if you tell them to.

Re:Licensing and Cert Costs (0)

Anonymous Coward | about 2 months ago | (#46201633)

OP here, yeah, we're trialling that now but trying to integrate code signing into our existing PKI with it's existing bureaucratic policies is a bit of a nightmare.

Seriously? (4, Insightful)

gman003 (1693318) | about 2 months ago | (#46201295)

Why the flying fuck does anybody think Slashdot readers need to have "whitelisting" defined for them, let alone think they can pass it off as a "new technology"? Did Dice start putting those retarded SlashBI articles in main Slashdot now?

Re:Seriously? (0)

Anonymous Coward | about 2 months ago | (#46201335)

Why the flying fuck does anybody think Slashdot readers need to have "whitelisting" defined for them, let alone think they can pass it off as a "new technology"? Did Dice start putting those retarded SlashBI articles in main Slashdot now?

Because we're an "audiece" who comes here for the articles you insensitive clod!
FUCKBETA

Re:Seriously? (4, Funny)

Anonymous Coward | about 2 months ago | (#46201367)

As a manager these definitions really help me out. Could you tell me if these 'whitelistings' are webscale?

ps I really like the new slashdot beta site!

Re: Seriously? (0)

Anonymous Coward | about 2 months ago | (#46201529)

Whitelist isn't a technology. It's a concept.
There are many technologies to implement whitelisting.
They are all broken.
The end.

Re:Seriously? (2)

Bearhouse (1034238) | about 2 months ago | (#46201799)

I'd mod you up, but duuuude, 'webscale' is sooo yesterday.

Leveraging your core value proposition thru social networking in the cloud is the new hotness!!!

I really dig the new beta site too - liked it on all my facebook pages and tweeted it too!

Now 'scuse me, have to update my whitelists and hosts files.

Re:Seriously? (4, Insightful)

TheReaperD (937405) | about 2 months ago | (#46201387)

Though most, if not all of us, know what whitelisting is, I do prefer they explain it rather than assuming we know it. I've ran across too many articles in the past that assumed I knew some piece of information when I didn't. Sure, I can look it up but, that's annoying when your just trying to read "news." Though this is a site for "nerds", that is a broad term. There's computer nerds, science nerds, comic nerds, etc. Now, the passing it off as new... I've got nothing; that's just lame.

Re:Seriously? (2)

QuasiSteve (2042606) | about 2 months ago | (#46201629)

The way some sites handle this is by using the dfn element (or abbr) to actually explain what a term means or expands to. The regular reader just sees the term, but (typically) hovering over it will show the full definition / expanded form. That has always seemed like fair compromise to me.

Re:Seriously? (0)

Anonymous Coward | about 2 months ago | (#46201871)

Though most, if not all of us, know what whitelisting is, I do prefer they explain it rather than assuming we know it. I've ran across too many articles in the past that assumed I knew some piece of information when I didn't. Sure, I can look it up but, that's annoying when your just trying to read "news." Though this is a site for "nerds", that is a broad term. There's computer nerds, science nerds, comic nerds, etc. Now, the passing it off as new... I've got nothing; that's just lame.

C'mon now, this site has been broad, but generally revolving around computer nerds. The other nerds have their portals (which we may be exploring more and more if this Beta shit continues.)

Seriously, this topic was some breaking-local-news level shit that I expected to hit DateLine 4 months from now, not here. I mean c'mon, the concept of whitelisting is almost as old as the concept of Black Hat vs. White Hat (or Spy vs. Spy, for you 3 comic book nerds out there)

What's next, are we gonna talk about how people defeat port scans these days by using "secret, hidden networks"?

With topics like this, who needs a Beta to drive them away.

Re:Seriously? (5, Insightful)

Anonymous Coward | about 2 months ago | (#46201397)

Uh, yeah. The sort of dumbfuck managers who might conceivably read slashbi are the exact audience the beta design (fuck beta, BTW) is meant to appeal to.

The big idea, though unspoken, is clear: to keep the slashdot name, but shift in both content and presentation from a discussion site seeded with news for nerds to a straight-up news site (with discussion as an afterthought) for PHBs. SlashBI doesn't work because that name is not (and has never been) perceived to carry an aura of technical knowledge -- but PHBs have been hearing about this slashdot thing for a decade now. Rolling out a PHB-friendly site under the "slashdot" brand will help PHBs play one of their favorite games, namely indulging in the fantasy of deep technical knowledge without the inconvenience of learning -- and that means Dice makes big bucks placing ads in front of this "decision maker"-heavy audience. (This new audience is not only worth more to advertisers, they're also substantially less likely to use ad blockers than the old /. community.)

Re:Seriously? (1, Redundant)

kevingolding2001 (590321) | about 2 months ago | (#46201591)

Please, anybody with mod points, mod the parent up.

Yes I know that he or she is posting as AC, but this so beautifully encapsulates where the 'beta' is headed that it really deserves to be seen.

The original slashdot users and discussion format simply don't fit into the 'passive content consumer' business model of dice, and no amount of posting 'fuck beta', or boycotting, or whining to Timothy or any of the other editors is going to change that.

Re:Seriously? (0)

Anonymous Coward | about 2 months ago | (#46201597)

What could someone in the audience possibly know about what is or is not a new technology.

Re:Seriously? (1)

maxwell demon (590494) | about 2 months ago | (#46201639)

It's valuable to say what they suggest to whitelist. When I read "whiltelisting" I thought it's about restricting internet access to known good addresses. Only the explanation told me that what they mean is whitelisting software.

Re:Seriously? (4, Insightful)

Arrogant-Bastard (141720) | about 2 months ago | (#46201765)

The inferior people at Dice -- you know, the same ones trying to shove their shitty Beta site down our throats -- are actually not clueful enough to realize that this is a very old idea. Whitelisting OS resources, applications, networks, IP addresses, etc. has long been an effective security measure, and I've deployed everywhere I've been for the past 15 years or so.

It appears that the Dicedroids think everyone is as stupid and clueless as they are.

Re:Seriously? (0)

Anonymous Coward | about 2 months ago | (#46201779)

I know right? It sounds like I am back in my computing class at school with my dodgy as hell teacher that used his sex life to define computing terms towards the end of his career.

Gated Communities (-1)

Anonymous Coward | about 2 months ago | (#46201297)

Gated communities are always the answer. Keep the gay niggers off Slashdot.

Re:Gated Communities (0)

TheReaperD (937405) | about 2 months ago | (#46201399)

That is probably the most inflammatory, but still accurate, way to illustrate something I've ever seen. Well played.

Already Possible (5, Interesting)

EmperorArthur (1113223) | about 2 months ago | (#46201329)

Newer versions of Linux can already do this. Using the integrity measurement architecture, module signing, and Secure Boot it's possible to have a system where almost any change is detected. I'm currently trying to get it all working on my machine right now, but it's slow going. Here's hoping that distros start shipping with this set up by default. http://lwn.net/Articles/488906... [lwn.net]

A shorter term security measure that more users/Distributions should take is making the root partition read only. I know Android already does this, but it really does help. Something that I would really like to see is an easy to use per application firewall. Cgroups mean that I don't even have to worry about it just spawning a child process. Yes, I want to play this game in wine. No, I don't want it to access the internet. No, wine refuses to run it as a different user, much less one with lower privileges.

NetBSD can do this already (5, Informative)

Anonymous Coward | about 2 months ago | (#46201331)

http://netbsd.org/docs/guide/en/chap-veriexec.html
Veriexec is NetBSD's file integrity subsystem. It's kernel based, hence can provide some protection even in the case of a root compromise.Veriexec works by loading a specification file, also called the signatures file, to the kernel. This file contains information about files Veriexec should monitor, as well as their digital fingerprint (along with the hashing algorithm used to produce this fingerprint).

SLASHCOTT STARTING NOW (-1, Offtopic)

Anonymous Coward | about 2 months ago | (#46201343)

FUCK BETA

Slashcott is starting now (10-17. Feb). Come to altslashdot.org or meet us in IRC ##altslashdot on freenode

Re:SLASHCOTT STARTING NOW (-1, Redundant)

dmbasso (1052166) | about 2 months ago | (#46201405)

Right now there are still 2h until the first time zones reach 2014-02-10. But yeah, the boycott is coming. I wonder what it will do to my productivity. I guess not much, I'll probably probe alternatives, getting ready to the probable /. extinction.

Please read before modding down. (4, Informative)

Anonymous Coward | about 2 months ago | (#46201345)

What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" [slashdotmedia.com] platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.

Nevertheless, Dice is desperate to make money off of Slashdot, since it has not lived up to their financial expectations, a fact that they have revealed in a press release [diceholdingsinc.com] detailing their performance in 2013:

Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

Beta is not a cosmetic change. It is a new design that deliberately ruins the one thing that makes /. what it is today -- the commenting system. There is nothing wrong with Slashdot, from the users' perspective, that demands breaking its foundations. As others have commented, this is an attempt to monetize /. at any any cost [slashdot.org], and its users be damned. Dice views its users, the ones who create the site [slashdot.org], as a passive audience. As such, it is interchangeable with its intended B2B crowd. We, the current users of Slashdot, are an obstacle in Dice's way.

That is why they ignore the detailed feedback they have received in the months since they first revealed Beta. That is also why they now disregard our grievances. Their claims of hearing us are a deliberate snow job. It is only pretense, since at the same time they openly admit that Classic will be cancelled soon [slashdot.org]:

"Most importantly, we want you to know that Classic Slashdot isn't going away until we're confident that the new site is ready.

Don't hold your breath waiting for Dice to fix Beta. Their vision of Slashdot is a crippled shadow of the site as it is today. Don't let them pull the wool over your eyes. Dice doesn't need us, and it wants us out.

Slashdice delenda est!

reddit how-to (3, Informative)

Requiem18th (742389) | about 2 months ago | (#46201693)

Reddit has a text-based, list-oritented design the way we want it. It suffers from a lack of article summaries though.

How to cuztomize reddit to replace slashdot:

Step 1: Singup on reddit.
Step 2: Visit these subreddits and click the "subscribe" button in each one of them:
http://www.reddit.com/r/games [reddit.com]
http://www.reddit.com/r/gaming [reddit.com]
http://www.reddit.com/r/pcgami... [reddit.com]
http://www.reddit.com/r/privac... [reddit.com]
http://www.reddit.com/r/politi... [reddit.com]
http://www.reddit.com/r/openso... [reddit.com]
http://www.reddit.com/r/techno... [reddit.com]
http://www.reddit.com/r/law [reddit.com]
http://www.reddit.com/r/space [reddit.com]
http://www.reddit.com/r/scienc... [reddit.com]
http://www.reddit.com/r/govern... [reddit.com]
http://www.reddit.com/r/securi... [reddit.com]
http://www.reddit.com/r/biotec... [reddit.com]
http://www.reddit.com/r/censor... [reddit.com]

Step 3: Go to your user profile and look for your personalized RSS feed, (should be in https://ssl.reddit.com/prefs/f... [reddit.com]) it will give you a digest of the best stories accross all your subscriptions.

"Dice doesn't need us, and it wants us out." (0)

Anonymous Coward | about 2 months ago | (#46201829)

The last use of Dicedot can be to migrate to a better site.

We don't need it, it's not "ours" so let's get the fuck out and do everything practical to punish Dice in the marketplace by discouraging traffice to Dicedot.

Fuck us? No, FUCK THEM. The time for playing nice is over.

WTF (0)

Anonymous Coward | about 2 months ago | (#46201353)

Maybe we could combine that with a formal deployment process so that only blessed binaries can be installed, via a special system account, to production hardware. Maybe could also have live monitoring to ensure that the installation on a production box is not tampered with. And maybe we could prevent general write access on production boxes.

Oh wait, we do.

Beta listing (0, Informative)

Anonymous Coward | about 2 months ago | (#46201359)

Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here [pastebin.com] so links don't get mangled!)

On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.

If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot.

We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org]

Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
  http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories

Keep this up for a few days and we may finally get the PHBs attention.

-----=====##### LINKS #####=====-----

Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415 [slashdot.org]

Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441 [slashdot.org]

Alternative Slashdot: http://altslashdot.org [altslashdot.org] (thanks Okian Warrior (537106) [slashdot.org])

TPM, Secureboot, UEFI... (0)

Anonymous Coward | about 2 months ago | (#46201401)

... I guess that's how we're being demonstrated against our own will we will need and want those systems (TPM, Secureboot, UEFI...), like a treacherous way to convince the most reluctant of us it's for our own good.

Better idea (2)

thegarbz (1787294) | about 2 months ago | (#46201417)

Why not just take computers away from people? I mean if you're going to put such heavy restrictions in place why not just give someone pen and paper, it would be equally as efficient for the end user than having to call up IT every 5 minutes because you're not allowed to use the computer you're given.

Re:Better idea (0)

Anonymous Coward | about 2 months ago | (#46201439)

Can I still call up IT when my pen runs out of ink? What if my paper gets all sweaty because I'm leaning my palm on it? My cubemate stole my dictionary and I don't remember how to spell! Help me, IT! Think for me because I don't know how!

Re:Better idea (0)

Anonymous Coward | about 2 months ago | (#46201705)

Can I still call up IT when my pen runs out of ink? What if my paper gets all sweaty because I'm leaning my palm on it? My cubemate stole my dictionary and I don't remember how to spell! Help me, IT! Think for me because I don't know how!

Remember, the average IQ is 100 (by definition).

captcha = infants (I'm going to miss the captcha system this slashcot week--no posting for me)

Re:Better idea (0)

Anonymous Coward | about 2 months ago | (#46201819)

Can't the government mandate an IQ of 100 for everyone? Obama should write a law!

Re:Better idea (3, Interesting)

Tom (822) | about 2 months ago | (#46201511)

Because their productivity will higher with a computer, even a restricted one, than pen-and-paper. And if you are talking typical office workers, you would be surprised how few applications they actually need. Most of the office workers in the world spend 99% of their time in

  • an office suite
  • a mail program
  • a browser
  • a single-digit number of job-specific applications (e.g. the accounting software)
  • and maybe a single-digit number of company-specific applications (e.g. the time registration app or the intra-company chat software, etc.)

Re:Better idea (1)

FaxeTheCat (1394763) | about 2 months ago | (#46201807)

it would be equally as efficient for the end user than having to call up IT every 5 minutes because you're not allowed to use the computer you're given.

Actually, you are permitted to use the computer for what it was assigned to you for. What you cannot do is run all sorts of executables which have not been approved, some of them being malware, stupid browser plugins and all kinds of crap.
The company I work for have implemented bit9 on the XP PCs we need to keep. Works just fine. The user can keep the software that cannot run on 7/8, and the computers are secure.

Is Slashcott the Answer To the Rise In Dice BETA? (-1)

Anonymous Coward | about 2 months ago | (#46201475)

We don't know, but we will see. Remember: Do not come from February 10 to to 17. Don't let them moronize Slashdot.

FUCK BETA
PS: Captcha: goodbye

old idea (3, Insightful)

Tom (822) | about 2 months ago | (#46201489)

The idea is one of the oldest in IT security.

And it works really, really well.

And it is a PITA to administrate if you have a system that changes, as lots of systems do. For your regular service server, much less a desktop system, where new releases require new libraries, system updates are regular and new application required every now and then, it is almost impossible to actually do it.

On a locked-down system that needs to do one thing, but do that thing reliably and securely, it's a fantastic security measure that will eliminate about half of your security headaches right there.

It's the same idea as SELinux, just on a different level, and it shares many of the disadvantages, namely that it makes policy management into a full-time job.

slashcott: boycot slashdot (0)

Anonymous Coward | about 2 months ago | (#46201501)

All longtime users are now logging out of slashdot, and posting as AC. I registered on /. 11 years ago. Beat me.

We're adopting this at work... (5, Insightful)

Dr_Barnowl (709838) | about 2 months ago | (#46201581)

While I admit that as a programmer I will inevitably have a skewed point of view, I view it as ill-advised.

A computer is useful primarily because it is NOT a special purpose tool, but a general purpose one.

Whitelisting cripples your computer. If you can't run software without it being on a whitelist, you can't even write a shell script, or a VBA macro. Your computer stops being useful as a general purpose tool - only the software that has been approved remains useful.

Yes, I get that most users are numpties and probably do need to be kept from hurting themselves. But this kind of policy cuts down the tall poppies - the ones who actually can make their computer work for them, instead of just working at their computer, and removes the possibility that any more will arise - no-one will voluntarily seek the rights they need to approve of their own software, because they'll be singled out as potential hackers and troublemakers, and any data breaches that do occur will be attributed to them.

As applied within our organization, it's also soul-crushingly annoying to programmers. We'll have the rights to approve of any software we want to run, but we have to click through an approval dialog for each... new..... file... which of course, means that every time we rebuild our code we face a clickfest just to debug it, or run unit tests on it, etc.... most of us have shied away from being "upgraded" to Windows 7 because of this. Several of us just wish we could change to Linux, being Java programmers.

Indeed, many of our internal teams are also getting the self-approval rights, which just trains them to click "Approve" and you're all the way back to UAC again, no extra security, just extra hassle, reduced performance of the computer (which is now hashing every file you access on the drive to see if it's on the whitelist), and more money diverted into the coffers of the kind of company that sponsored this story in the first place.

Re:We're adopting this at work... (1)

malvcr (2932649) | about 2 months ago | (#46201933)

At the end, what happened is that the current user-computing environments where not created to be in a connected world where resources were available through the Internet. This has been a very disordered and incomplete evolution where something must die in the improvement process.

You are the owner of your environment. But others can execute sensitive/powerful code without your permission. Must be a difference between "you" and the "others" for you to be really secure, a difference that disappear when the software is already in execution position. And this is the main problem.

This is like to have a car. If you let an unknown person to drive your car then you are doomed. You don't do that, you have keys, you have a safe place to store your car, and when other takes your car it is an abnormal behaviour. But current systems see with good eyes that other pieces of software are executed without enough control inside them, and this is their normal behaviour ... something is not logical in this equation.

Old idea (0)

Anonymous Coward | about 2 months ago | (#46201585)

Should have been implemented as a standard from the beginning or at least as soon as spam showed up. An email address should be a randomly generated hash like 23ihalkh23lkhwdlkj234lkjq3i@ymail.com etc. so nobody can just email you. It should be constantly changing and only trusted parties should possess the key to see the pattern. It should be a function - > The sum of all changes to the hash in tailored individual has function. Every user has a slightly different hash function and only the whitelist users have access to that hash function and so only they can email you. So while it's an old idea, it just never really got given enough airing time.

Re:Old idea (0)

Anonymous Coward | about 2 months ago | (#46201625)

23ihalkh23lkhwdlkj234lkjq3i@ymail.com

That's my email address! Now I'll get tons of spam, thanks to you.

Already did that... (0)

Anonymous Coward | about 2 months ago | (#46201637)

I founded a company and filed a patent. It is called Utopic Persystent Suite.

The technology still has room to grow, but it been clear to me for 14 years that the force of gravity goes towards whitelisting(with cryptographic hashes like Tripwire, and autonomous file/setting healing).

Of course, that just moves the goal posts of the attackers from the end machines to the managing network of servers. However, I believe, and have evidence indicating the possibility that the attack service is greatly reduced in such a system. I performed some data mining on self-healing logs and I believe that not only does it provide immediate remediation, but that the collected events can prevent "delay detection" and give a very leading edge indication that something wrong is happening in the network. Also, the self-healing gives time for the staff to perform analysis and react while minimizing the impact.

No, not as such (1)

Casandro (751346) | about 2 months ago | (#46201651)

Whenever someone tells you that x solves all problems, it typically doesn't.

Whitelisting is currently practised on many mobile platforms. The only thing it does is force people to turn it off so they can actually use their devices, since the white list was done by people with differing opinions.

The more sensible solution is to do it like Debian does it. Have repositories making it easy to download software which matches certain criteria. Make it moderately hard to install new repositories and make it hard to just "download a binary and run it". That way the layperson will just use decent software from the main repositories while the expert can still do anything they want to do.

Beta (1)

Anonymous Coward | about 2 months ago | (#46201661)

Whatever happened to boycotting comments until Dice announces it will not move to Beta? Fellow slashdotters, don't give up.

Re:Beta (0)

Anonymous Coward | about 2 months ago | (#46201669)

Just give up already.

Baseline refresh (0)

Anonymous Coward | about 2 months ago | (#46201685)

Some web cafes adopt an approach where user terminals are re-imaged after each user session. Essentially network booting from a known "good" baseline.

Obviously this wouldn't be appropriate for point of sale terminals but it (or a variation) may be viable at end of day. It raises other potential problems (namely availability) and it doesn't guarantee that your base image can't be owned but your points of assurance are reduced.

no, make officers responsible (1)

dltaylor (7510) | about 2 months ago | (#46201697)

It's not that those methods do not work, it is that the managers, executives, and directors are insulated from the damage. Make the CIO, CFO, and CEO cough up a few million per breach and they will be stopped. Close companies that are breached repeatedly, and make the directors reimburse the other stockholders out of their own pockets. I once worked at a company where the CEO mandated that he should be able to access confidential information at any location in the company, including offshore locations. I've worked other places where the product programmers had admin privileges on the financial systems.

For gov't breaches, jail those responsible as traiters.

No. (4, Insightful)

gweihir (88907) | about 2 months ago | (#46201755)

As usual with this type of headline, this is not a solution. In fact, it is not a solution at all. Just think of the most common way to compromise an executable: Buffer overflow. In that case, code is put somewhere in the memory area of the running process and then the process is coerced to execute it. This means the attack code runs in the context of the already running process afterwards and white-listing has zero impact. The only effect it has is that it gets harder for the attacker to start additional processes.

As for code-injection attacks, these are usually done with interpreted code, and white-listing does not even apply to that.

This is another technology that at best makes it harder for script-kiddies to break into a system, but has basically no impact on competent attackers.

Incidentally, techniques like SELinux allow far more than a simplistic "white-listing", and have done so for quite a while.

Attempts to limit users typically backfire (1)

damienl451 (841528) | about 2 months ago | (#46201795)

The powers that be had the great idea of launching a policy of locking down PCs where I work. Which is ridiculous considering that we're a large research university and that, believe it or not, bureaucrats can't predict what researcher X in lab Y will want to put on their computer. Because users were unable to do anything on their own, the IT people were spending a lot of time going from one office to the other installing the software that people needed. It lasted for maybe a week, at which point some "helpful" IT person decided that it was much easier to just give "trusted" users the admin password! However, that was the XP era and people soon realized that they could not easily install .msi packages for instance because you could not just right-click, "run as admin" them. But if you were logged in as admin, you could install everything easily.

So, eventually, lots of people started using the admin account FULL TIME and leaving the password in plain sight on post-it notes. So, to "improve security", we went from people using regular user accounts, with a small risk of their machine being infected/compromised, to people logging in as admin with full rights on the machine. What a great improvement!

I suppose that white-listing may solve the problem if it's really impossible to do anything. But it's 2014 and you can't predict what people will want to use.

Security by Exception is a bad thing? (0)

Anonymous Coward | about 2 months ago | (#46201805)

Who knew?

UK - GCHQ - scan everyone - unless some law stops them, oh it does the EU courts so the UK gov elects to opt out of the ones that get in their way - lie to tribunals about scanning anyone. Anonymity dead?

USA - NSA - scan everyone - unless some law stops them - lie to everyone Anonymity dead?

UK - TPS - Telephone preference service - you have to give your phone number and address to a gov department so they can publish it to everyone so UK firms only may choose to voluntarily opt out of using your number for marketing, so they know my number and my address now and have given my numbers to every foreign company who requests it !!!! what a FUKKIN STUPID IDEA, the TPS department has not made ONE conviction for miss-use of the list or defaulting UK companies. Exclusion is a good idea? Anonymity dead?

World - Every fukkin website - wants to send me adverts - fuck beta

World - Every fukkin mobile phone company - install software that is mandatory with ads as I can't get rid of it without crippling functionality and back holes into the end users device, what gives them the right to monitor me?

Microsoft - Windows allows nearly everything to run unless you know what settings out of hundreds of thousands to switch off to make it secure. Active Directory anyone?

Google - goggles for cops - streams everyones details to them in realtime, maybe they will overlay RAG colour coding to highlight your perceived risk to society and only when enough false positives screw their game will some wooley laws get passed to curb it with appropriate loopholes to allow them to ignore it. Anonymity dead?

UK - Satellites and ANPR - scan every journey you ever make just in case you stray over the speed limit occasionally, no opt out, scan everyone, criminals, suspects and free citizens alike. Anonymity dead?

UK - NHS - Include everyones medical records in a huge database, give the police full access to all records without warrant, even opt out doesn't help here, they will just ignore it. Sell everyones details to private firms .... make it illegal for GP's to opt out patients by default, abandon one attempt where too many people opted out so put another one in place and state the original optout doesn't count, don't tell patients about the need to RE-opt out so they get included by default. Anonymity dead?

World - If you have nothing to hide you have nothing to fear, think of the children, think of the terrorists - Repeat mantra until sheeples believe constant monitoring is a right the government should have. Anonymity dead?

World - Browsers have a voluntary setting for do not track!!! that'll work then won't it!

WHAT A BUNCH OF FUKKIN STUPID IDEAS !!!!

black hole | back door (-1)

Anonymous Coward | about 2 months ago | (#46201853)

obligatory - fuck beta.

Whitelisting is an acceptable START.. (0)

Anonymous Coward | about 2 months ago | (#46201911)

All it does is move the vulnerabilities to whatever system(s) the whitelist points to though.

If that system is swiss cheeze, or the routers, or the identity of the whitelisted systems are... you are no better off.

And in some cases, actually worse off. The whitelist tends to give the listed systems total trust...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...