sparr0w - Slashdot User

Comment Not pentesters (Score 1) 58

by sparr0w on Monday November 12, 2012 @03:10PM (#41959091) Attached to: How Red Teams Hack Your Site To Save It

I've been a pen tester, and what this guy is doing is not pen testing - it's vetting out false-positives a tool is telling him. As good as tools are, they'll never reveal vulnerabilities that may lead to the overall compromise of an environment. Things like business process flaws (like being able to manually modify prices or submit negative values during balance transfers), blind SQL injection (tools are worthless for those), parameter tampering (like changing an ID showing stuff that isn't yours) and parameter addition. You need an actual person who can look at something and think it's Not Quite Right.... something a tool just can't do.

Comment Re:Lets get something straight now (Score 1) 698

by sparr0w on Friday October 12, 2012 @10:24AM (#41630947) Attached to: US Election's Only VP Debate Tonight: Weigh In With Your Reactions

Biden did a good job reminding everyone that the mess we are in now didn't exactly happen by accident. As he noted it happened precisely because guy's like Ryan voted to put two major wars,

Biden supported the war in Afghanistan ("Whatever it takes, we should do it"), and voted in favor of the "Authorization for Use of Military Force Against Iraq".

Weak minds seem to also have weak memories

Couldn't have said it better myself

Comment Re:Submitter bias: Java's "downward trend" (Score 1) 535

by sparr0w on Wednesday April 07, 2010 @09:48AM (#31760518) Attached to: C Programming Language Back At Number 1

your news comes on either much earlier or much later than mine. our film's always on at 1010

Executive Order Overturns US Fifth Amendment 853

Posted by kdawson on Thursday July 19, 2007 @01:03PM from the deprived-of-life-liberty-or-property-without-due-process-of-law dept.

RalphTWaP writes "Tuesday, there wasn't even a fuss. Wednesday, the world was a little different. By executive order, the Secretary of the Treasury may now seize the property of any person who undermines efforts to promote economic reconstruction and political reform in Iraq. The Secretary may make his determination in secret and after the fact." There hasn't been much media notice of this; the UK's Guardian has an article explaining how the new authority will only be used to go after terrorists.

Comment Re:Lets create the Urban Scouts!!! (Score 1) 419

by sparr0w on Thursday July 05, 2007 @01:44PM (#19756389) Attached to: Explosives Camp

ISU used to have the hacking part of that... http://www.iac.iastate.edu/summercamp/index.html

Some 7-11s Become Kwik-E-Marts 264

Posted by Zonk on Monday July 02, 2007 @03:08AM from the who-needs-the-kwik-e-mart-now-comes-the-tricky-part dept.

caffiend666 writes "According to a Yahoo News story some 7-11s are being rebranded into Simpsons 'Kwik-E-Marts' . The makeover includes fronting on the buildings that make it look like a cartoon, Simpsons merchandise on the shelves, and Simpsons show brands available for purchase in the store. From the article: 'The Fox/7-Eleven deal is an example of a practice called reverse product placement. Instead of just putting products prominently in a movie or TV show, fake goods move from the screen to reality ... Customers have been looking at Squishees and KrustyO's and Buzz Cola for years and have never been able to put their hands on it.' Since the film is PG-13, no Duff beer will be available in the stores." If you're looking for one near you, 7-11 has the list of locations on their website.

Using the Terahertz Spectrum for Wireless Communication 134

Posted by CowboyNeal on Thursday March 29, 2007 @10:53PM from the kicking-it-up-a-notch dept.

holy_calamity writes "A first step to allowing wireless data transfer over a currently unused part of the electromagnetic spectrum is reported in New Scientist. Terahertz radiation exists between radio and infrared. A new filter created at the University of Utah can filter out particular frequencies, a prerequisite for using it for data. The abstract of the paper in the journal Nature is freely available."

White House Specifies And Mandates Secure Windows 242

Posted by Zonk on Friday March 23, 2007 @10:51AM from the on-the-up-and-up dept.

twitter writes "The Register is reporting on an effort to bring order to the wild world of Windows patching, at least in the US Federal Government. The White House has issued a directive to federal CIOs throughout the country, issuing a call for all new PCs to use a 'common secure configuration.' 'Registry settings and which services would be turned on or off by default [are specified and] the directive calls for suppliers (integrators and software vendors) to certify that the products they supply operate effectively using these more secure configurations. "No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," explained Alan Paller, director of research at The SANS Institute.'"

67-Kilowatt Laser Unveiled 395

Posted by kdawson on Saturday February 24, 2007 @06:11PM from the very-big-sharks dept.

s31523 writes "Lawrence Livermore National Laboratory in California has announced they have working in the lab a Solid State Heat Capacity Laser that averages 67 kW. It is being developed for the military. The chief scientist Dr. Yamamoto is quoted: 'I know of no other solid state laser that has achieved 67 kW of average output power.' Although many lasers have peaked at higher capacities, getting the average sustained power to remain high is the tricky part. The article says that hitting the 100-kW level, at which point it would become interesting as a battlefield weapon, could be less than a year away."

70% of Sites Hackable? $1,000 Says "No Way" 146

Posted by kdawson on Wednesday February 14, 2007 @09:03AM from the money-where-mouth-is dept.

netbuzz writes "Security vendor Acunetix is flogging a survey that claims 7 out 10 Web sites it checked have vulnerabilities posing a medium- to high-level risk of a breach of personal data. Network World's go-to security guy, Joel Snyder, says that percentage is 'sensationalist nonsense' — and he's willing to back that judgment with $1,000 of his own money. In fact Snyder will pay up if Acunetix can get personal data out of 3 of 10 sites chosen at random from their survey list."

Storing Wind Power In Cold Stores 242

Posted by kdawson on Saturday February 10, 2007 @05:14PM from the timeshifting-the-wind dept.

Roland Piquepaille writes "According to Nature, a European-funded project has been launched to store electricity created from wind in refrigerated warehouses used to store food. As the production of wind energy is variable every day, it cannot easily be accommodated on the electrical grid. So the 'Night Wind' project wants to store wind energy produced at night in refrigerated warehouses and to release this energy during daytime peak hours. The first tests will be done in the Netherlands this year. And as the cold stores exist already, practically no extra cost should be incurred to store as much as 50,000 megawatt-hours of energy. Here are additional details and a picture illustrating this brilliant idea."

The Death of Clippy 179

Posted by CowboyNeal on Saturday February 10, 2007 @10:03AM from the annoying-desktop-mascots dept.

AppScout interviews Office's Group Program Manager, Jensen Harris on the subject of Office 2007. Harris reveals that Clippy, the bane of all semi-sentient Office users everywhere, is officially dead. The decision apparently revolved not around the passionate hatred for the unfortunate sprite, but simply out of a desire for UI coherency.

Where Are Operating Systems Headed? 278

Posted by Zonk on Friday February 09, 2007 @12:42PM from the oses-in-spaaaace dept.

An anonymous reader writes "Dr. Dobb's Michael Swaine breaks down the question of where operating systems are headed. Among his teasers: Is Vista the last version of desktop Windows? (Counterintuitively, he says no.); Did Linux miss its window on the desktop? (Maybe.) And, most interestingly, are OSes at this point no longer necessary? He calls out the Symbian smartphone OS as something to keep an eye on, and reassures us that Hollywood-style OSes are not in our short-term future. Where do you weigh in on the future of operating systems? In ten years will we all be running applications via the internet?"

Do You Tell a Job Candidate How Badly They Did? 702

Posted by Cliff on Wednesday January 10, 2007 @07:45PM from the let-the-job-market-sort-it-out dept.

skelter asks: "I have been lamenting with friends in the industry about interviewing woes and the candidates that we find. Consider a hypothetical job candidate comes in after some how making it through screening. In the team technical interview they prove beyond a shadow of a doubt that not only is he (or she) not as adequate as he thinks he is, but has demonstrated that he is a danger to any code base. Do you tell them? Quietly step away, usher them out and say nothing? Play with them on the whiteboard the way your cat plays with injured mice? Should you leave them as their own warning to others? Is there any obligation to guide them to gaining real experience? Can you give them any advice or is it all liability?"

Internet Explorer 7 on Linux 234

Posted by ScuttleMonkey on Monday January 08, 2007 @06:14PM from the fun-and-exciting dept.

An anonymous reader writes to mention WebExpose is running a quick guide to get Internet Explorer 7.0 running on Linux. From the article: "Microsoft conditional comments do work, unlike the standalone version of IE on Windows, so you will be able to develop and test webpages across almost all major browsers (IE 5-7, Firefox, Opera) on one Linux box! Also note that we will avoid Microsoft's Genuine Advantage download validation checks, so pure-Linux users will be able to finish the process without having to find a genuine Windows machine to download the IE7 setup file (the check is avoided legitimately, by the way)."

Slashdot Top Deals