Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Amazon EC2 Enables Cheap Brute-Force Attacks

Sub Zero 992 Wikileaks (212 comments)

Amazon provide infrastructure services. They need not, should not, must not know or seek to know how these services are used.
Oh wait, Wikileaks...

about 4 years ago

LA's Move To Google Apps Slows As "Apps For Gov't." Announced

Sub Zero 992 Thumbs up for Fisma-Apps (98 comments)

This is what you get, and what - currently - only very few federal agencies can afford:

An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

  • Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
  • Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
  • Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
  • Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
  • Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
  • Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps


Sure, it comes with a risk (do you have multiple redundant and trunked high speed internet connections?) but also with enorous freeing of public funds.

In my view, a win.

more than 4 years ago

Free Clock Democratizes Atomic Accuracy

Sub Zero 992 Re:A solution in need of a problem? (178 comments)

From TFA:

"The RADclock project (formerly known under 'TSCclock') aims to provide a new system for network timing within two years. We are developing replacements for NTP clients and servers based on new principles, in particular the need to distinguish between difference clocks and absolute clocks. The term RADclock, 'Robust Absolute and Difference Clock', stems from this. The RADclock difference clock, for example, can measure RTTs to under a microsecond, even if connectively to the time server is lost for over a week! "


more than 4 years ago

Free Software To Save Us From Social Networks

Sub Zero 992 "freedom" (249 comments)

I am getting pretty tired of other people telling me what freedom should mean to me.

What freedom means to me, what I am frightened of and / or prepared to sacrifice is not a temporally static concept. 10 years ago I wouldn't even publish my mail address online. Now I have my entire cv on xing. These are rational decisions I made according to costs I perceive (correctly or not) with publishing personal information, or not.

Sure, some people make poor choices about publishing personal information (sexting, anyone?). But some times openness is an indicator for a "safe" society.

Just my thoughts.

more than 4 years ago

The Woes of Munich's Linux Migration

Sub Zero 992 Wrong approach (314 comments)

Well, they tried a horizontal migration strategy, moving from location to location and department to department. That meant the problems never stopped.

A better approach might have been to do a vertical top-down migration: Servers: first roll out a directory server infrastructure, then a CIFS strategy etc.; Clients: migrate away from MSIE / Active X, then to CUPS, then away from MS Office etc.. And then, finally, to change the desktop OS out from underneath.

A suggested strategy for those planning something similar: 1: migrate the server services (and create a shiny new unified and consistent infrastructure); 2: migrate the desktop apps to FOSS alternatives (chose apps which will work under your target desktop OS); 3: switch out the desktop OS for linux (the users retain the apps they have become used to).

Just my 0,02

more than 4 years ago

ISP Mistakenly Emails Customer Database To Thousands

Sub Zero 992 Re:not md5, bcrypt (259 comments)


Well, the choice of algorithm is important. MD5 is a bad choice.

And yes you're right, if the password is weak, and the website provides no protection against brute force attacks over HTTP, then it remains a weak password. And resetting the password is a problem which has been mostly solved, you send the person a token by email or sms to their pre-validated account, with which they can create a new password.


more than 5 years ago

ISP Mistakenly Emails Customer Database To Thousands

Sub Zero 992 not md5, bcrypt (259 comments)

You are right about not being a database / web guru.
MD5 is the wrong hash algorithm, you want to look at bcrypt.

more than 5 years ago

Speculation On the Doomed Satellite

Sub Zero 992 Re:Which is it? (229 comments)

Well, your options are not mutually exclusive.

Most likely:

a) its solar wings failed to deploy
b) it is therefore in deep sleep
c) what goes up (and remains within the Hill Sphere) must come down


about 7 years ago



CCC Hackers hardhack DECT telephones

Sub Zero 992 Sub Zero 992 writes  |  more than 6 years ago

Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (pdf) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard. Is this a security nightmare in the making?"
Link to Original Source

Rat Brain Cells Control Robot via Bluetooth

Sub Zero 992 Sub Zero 992 writes  |  more than 6 years ago

Sub Zero 992 (947972) writes "The BBC is running a story about how a group of researchers in the UK are using a blob of rat brain cells to control a small robot. From several feet's distance. Via bluetooth.

Will this lead to future generations of roombas only working effectively in none-cat households?"

Sub Zero 992 Sub Zero 992 writes  |  more than 8 years ago

Sub Zero 992 writes "A new, supposedly sub-lethal battlefield weapon, the Active Denial System (PDF) developed by Raytheon, is to be first tested on U.S. Citizens in crowd control situations before being used on insurgents in Iraq. The Air Force secretary, Michael Wynne, is quoted as saying: "If we're not willing to use it here against our fellow citizens, then we should not be willing to use it in a wartime situation."

Something about this, potentially even many things, is deeply worrying."


Sub Zero 992 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?