ifoxtrot - Slashdot User

Comment Small comment (Score 2) 51

by ifoxtrot on Wednesday March 23, 2011 @10:08AM (#35585770) Attached to: Threats vs. Vulnerabilities

FTA " Another sort of related problem commonly found in infrastructure security assessments is confusing features with vulnerabilities. Thus, a public road that travels close to the facility is often considered a Vulnerability. It is not, however; it is only an attribute. Only when coupled with an attack scenario (truck bomb, the road makes visual and electronic surveillance easier for espionage, assets can be thrown over the fence by insiders to the bad guy's parked truck, etc.) does a feature become a Vulnerability".

I'm not quite sure about the point the author is trying to make here: what's the purpose of differentiating between features/attributes and vulnerabilities? Is it only a vulnerability when it can be exploited? This is actually undermining the definitions the author uses for explaining the difference between threat and vulnerability: if a vulnerability can be "exploited by multiple adversaries having a range of motivations and interest in a lot of different assets", requiring attack scenarios to be specified before allowing an "attribute" to be called a vulnerability feels a bit unnecessary, and could even focus the attention too much onto one kind of attack. Incidentally, neither attribute nor attack scenario is defined anywhere in the paper, which makes the distinction being drawn here weird.

In my view, a vulnerability is a property of the system that allows an attack; there is a natural overlap between a vulnerability and an attack, but they do exist independently: it is sometimes interesting to think of vulnerabilities that have no known or feasible attack (e.g. crypto ciphers that are seen as weak do not necessarily have feasible attack scenarios). Requiring an attack scenario in order to classify a feature (or attribute) as a vulnerability seems unnecessary: why would you have described the attribute as a vulnerability if you didn't have an attack in mind already?

Comment Re:Non-issue? (Score 1) 578

by ifoxtrot on Sunday February 21, 2010 @06:37AM (#31217366) Attached to: Fingerprint Requirement For a Work-Study Job?

Yes, it has happened before: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm

Mexico Wants Payment For Aztec Images 325

Posted by samzenpus on Thursday January 07, 2010 @11:44PM from the montezuma's-latest-revenge dept.

innocent_white_lamb writes "Starbucks brought out a line of cups with prehistoric Aztec images on them. Now the government of Mexico wants them to pay for the use of the images. Does the copyright on an image last hundreds of years?"

ESRB Eyeballing Ratings For iPhone Games 72

Posted by Soulskill on Monday June 15, 2009 @06:37AM from the why-not-go-for-flash-games-too-while-you're-at-it dept.

Kotaku reports that the ESRB is thinking about expanding their game ratings to include games sold on the App Store. They realize that evaluating every single game is not feasible, but they may still be underestimating the amount of work they'd be taking on, and it could negatively affect some developers. Quoting: "'ESRB has seen increases in rating submissions each year since its founding and has always been able to keep pace,' the ESRB's Eliot Mizrachi told us. 'We have rated more than 70 mobile games to date and will undoubtedly rate more in the future as the market grows.' Seventy? Over the past, what, four or five years? It's a piddling number when you think of the hundreds of games available through the App Store. Further, many of them are mobile adjuncts to console releases, a different sort of beast from iPhone games. Not all of those need or deserve a rating; but if Apple brings in the ESRB to rate games, with the idea that it'll help parents control what their kids buy for their iPods, then unrated games are likely to be blocked by such filters. The incentive would definitely be there to get a game rated. And what of the cost? Getting a game rated isn't a free service; the ESRB levies a fee that covers the cost of looking through the code and rating the game."

Scribblenauts Impresses Critics 54

Posted by Soulskill on Saturday June 06, 2009 @07:04AM from the right-tool-for-the-job dept.

Despite all the announcements for popular, big-budget game franchises at this year's E3, one of the most talked-about titles is a puzzle game for the Nintendo DS called Scribblenauts. In a hands-on preview, Joystiq described it thus: "The premise of the game is simple — you play as Maxwell, who must solve various puzzles to obtain Starites spread across 220 different levels. To execute the aforementioned solving, you write words to create objects in the world that your cartoonish hero can interact with. It's a simple concept that's bolstered by one astounding accomplishment from developer 5th Cell: Anything you can think of is in this game. (Yes, that. Yes, that too.)" They even presented it with a test of 10 words they wouldn't expect it to know or be able to represent, including lutefisk, stanchion, air, and internet, and the game passed with flying colors. The game will also allow players to edit and share levels. A trailer is available on the Scribblenauts website, and actual gameplay footage is posted at Nintendorks.

Slashdot Top Deals