×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Reviewing 3rd Party Libraries?

LordNite Don't do it (88 comments)

De-compilation is at best a violation of your license to use the library, forfeiting your ability to use it, and at worst could be a violation of the anti-circumvention clause of the DMCA, which could land you in court or in jail.

about 9 months ago
top

Might iCloud Be a Musical Honeypot?

LordNite Re:The author lost me at MD5 (375 comments)

And here's (http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf) a paper demonstrating a technique for finding MD5 collisions quickly: eight hours on 1.6 GHz computer.

more than 3 years ago
top

Might iCloud Be a Musical Honeypot?

LordNite Re:The author lost me at MD5 (375 comments)

There are collisions. It is possible with MD5 to create a hash for two completely different files. Read Schneier's blog.

more than 3 years ago
top

Might iCloud Be a Musical Honeypot?

LordNite Re:The author lost me at MD5 (375 comments)

Incorrect. Read Schneier's blog, which I included in my post. It is broken for file hashing.

more than 3 years ago
top

Might iCloud Be a Musical Honeypot?

LordNite The author lost me at MD5 (375 comments)

From the article:
"MD5 hash values are a cornerstone of computer forensics and fully accepted as evidence that two files are identical copies of each other. You could claim that you didn’t download the song from the file sharing network because you were the one who uploaded it, but I doubt that will help your legal predicament."

The MD5 hash has been known insecure since at least 2005. See: http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html. I seriously doubt any computer forensics expert in 2011 would use MD5 hashes as evidence that two files are identical.

more than 3 years ago
top

Hardening Linux

LordNite Re:Sendmail? In a secure system (137 comments)

Yes, in a secure system!

Sendmail has as much place on a secure system as Postfix or Qmail. If either of those MTAs had been around as long as sendmail (22+ years) they would probably have as sordid a security history. The thing to remember is that those holes have been patched, some as much as ten years, or more, ago. No software is going to be bug or security hole free. (OpenBSD doesn't even have a pristine security history for all of its code audits.) Like any MTA software, sendmail can be configured to be secure, or it can be configured to be insecure. Just keep it up to date and configure it sanely.

Also, for the record, just throwing out Google results is meaningless. Here are some more for you.
Results 1 - 10 of about 48,100 for Postfix "security hole".
Results 1 - 10 of about 1,910,000 for Postfix bug.

Results 1 - 10 of about 44,400 for Qmail "security hole".
Results 1 - 10 of about 1,660,000 for Qmail bug.

Using your logic, Qmail and Postfix must really suck too.

Instead of throwing out Google results as proof of sendmail's suckage, why not show a few examples (that are less than four years old, please) that show sendmail currently having glaring insecurity. I will be surprised if you come up with many. The fact is that sendmail has had problems in the past. No one will deny that. Those problems spring from it being basically the first SMTP server ever. However, its security history is just that, history. I am tired of people beating the dead horse of sendmail insecurity and using data from fifteen years, or dubious Google results, ago as proof. Give some real, current evidence please. Otherwise it will continue to stand to reason that sendmail has just as much place in a secure system today as Qmail.

about 9 years ago

Submissions

LordNite hasn't submitted any stories.

Journals

LordNite has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?