Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Why does this not surprise me? Server Time
6 Nov 2024 12:18:35 EST (-0500)
  Why does this not surprise me? (Message 1 to 10 of 18)  
Goto Latest 10 Messages Next 8 Messages >>>
From: Doctor John
Subject: Why does this not surprise me?
Date: 13 May 2008 15:28:45
Message: <4829ebed@news.povray.org>
 
http://www.vnunet.com/vnunet/news/2216490/secure-development-key-security

John

-- 
I will be brief but not nearly so brief as Salvador Dali, who gave the
world's shortest speech. He said, "I will be so brief I am already
finished," then he sat down.


Post a reply to this message
From: Gail Shaw
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 15:52:40
Message: <4829f188@news.povray.org>
 
"Doctor John" <doc### [at] gmailcom> wrote in message
news:4829ebed@news.povray.org...
> http://www.vnunet.com/vnunet/news/2216490/secure-development-key-security
>

Interesting coincidence. I was discussing this topic with one of the web
devs I work with today.

When I was at university (12 years ago) there were no security courses and
security was never discussed. I dunno if it's changed recently, but a
frightning proportion of devs I work with don't know the first thing about
how to write secure code


Post a reply to this message
From: Orchid XP v8
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 16:17:43
Message: <4829f767$1@news.povray.org>
 
Gail Shaw wrote:

> When I was at university (12 years ago) there were no security courses and
> security was never discussed. I dunno if it's changed recently, but a
> frightning proportion of devs I work with don't know the first thing about
> how to write secure code

When I was at university (5 years ago) security was *mentioned*. Like, 
once or twice maybe. I think I recall somebody mentioning that we should 
go find out what "SQL injection" means and why it's bad. And that's 
about it. [It wasn't in the exam, so I cannot *imagine* anybody bothered 
to actually look it up. Except me, anyway. I had great fun breaking all 
my classmate's web sites...]

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message
From: Orchid XP v8
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 16:18:24
Message: <4829f790$1@news.povray.org>
 
Mmm, could the problem be - *gasp!* - that potential *employers* don't 
give a fig about security either? (At least, not as far as the software 
_they_ produce is concerned.)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message
From: Gail Shaw
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 17:18:34
Message: <482a05aa@news.povray.org>
 
"Orchid XP v8" <voi### [at] devnull> wrote in message
news:4829f767$1@news.povray.org...

> When I was at university (5 years ago) security was *mentioned*. Like,
> once or twice maybe. I think I recall somebody mentioning that we should
> go find out what "SQL injection" means and why it's bad. And that's
> about it. [It wasn't in the exam, so I cannot *imagine* anybody bothered
> to actually look it up. Except me, anyway. I had great fun breaking all
> my classmate's web sites...]

We had one optional (extra credit) section on a network prac that involved
hacking various computers around the university.
Questions included getting a login prompt on the admin's server (IP
restricted), modifying the Journ dept's website and obtaining a file from
one of the Comp Sci lecturer's PCs

Most of the class didn't even try. The login prompt was exceptionally easy.
The rest were rather more challenging


Post a reply to this message
From: Darren New
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 17:59:18
Message: <482a0f36$1@news.povray.org>
 
Gail Shaw wrote:
> Most of the class didn't even try. The login prompt was exceptionally easy.
> The rest were rather more challenging

My hacking at school was when the professor of the non-computer classes 
who thought he knew about computers wrote a computerized test, typed one 
of the answers wrong, and wouldn't let you proceed past the question 
until you got it right but wouldn't log you'd done the test until you 
finished.

Not that he actually hid the source code in any way, mind... :-)

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."


Post a reply to this message
From: Stephen
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 18:23:38
Message: <155k24t1c6t2a3nq0lq9ineqmnbn4utm7d@4ax.com>
 
On Tue, 13 May 2008 21:17:57 +0100, Orchid XP v8 <voi### [at] devnull>
wrote:

>When I was at university (5 years ago) security was *mentioned*. Like, 
>once or twice maybe

When I was at university (mumble,  mumble years ago) security was
warming up the valves before the run :)
-- 

Regards
     Stephen


Post a reply to this message
From: Darren New
Subject: Re: Why does this not surprise me?
Date: 13 May 2008 19:19:53
Message: <482a2219$1@news.povray.org>
 
Gail Shaw wrote:
> frightning proportion of devs I work with don't know the first thing about
> how to write secure code

Well, here's a question for you. Other than very generic advice like 
"don't use predictable secrets" and "don't execute code from untrusted 
users" (which really covers a lot more than you may think), what would 
you teach?

Most of the hacks I've seen are either script kiddie level, caused by 
allowing your program to wander into undefined territory, social 
engineering, or really top-notch kind of stuff like microwaving a smart 
card and then timing how long it takes to authenticate to figure out 
which bits are ones and zeros in the private key.

What sorts of stuff would you teach?  Basic firewall and 
SQL-injection-prevention stuff? Something more?

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."


Post a reply to this message
From: scott
Subject: Re: Why does this not surprise me?
Date: 14 May 2008 04:26:58
Message: <482aa252$1@news.povray.org>
 
> We had one optional (extra credit) section on a network prac that involved
> hacking various computers around the university.
> Questions included getting a login prompt on the admin's server (IP
> restricted), modifying the Journ dept's website and obtaining a file from
> one of the Comp Sci lecturer's PCs

Most of what we did was totally outside any lectures or classes ;-)

The one that took most thought was the "round of applause" I made.  On the 
network drive there were some example sound files, one was a round of 
applause that lasted for like 10 seconds.  I thought about how cool it would 
be if all the computers in the computer room played this at once.  In the 
end I put a program on the shared work drive (that everyone opened to load 
example work etc) that loaded automatically and sat in the background.  It 
then constantly checked the presence of that program on the network drive, 
and as soon as it had gone it started a 5 minute countdown timer before 
playing that sound sample 10 times and then exiting.  Then all I had to do 
was delete the program from the network drive during the lesson and wait for 
the result :-D


Post a reply to this message
From: St 
Subject: Re: Why does this not surprise me?
Date: 14 May 2008 13:25:41
Message: <482b2095$1@news.povray.org>
 
"Orchid XP v8" <voi### [at] devnull> wrote in message 
news:4829f767$1@news.povray.org...

 [It wasn't in the exam, so I cannot *imagine* anybody bothered
> to actually look it up. Except me, anyway. I had great fun breaking all my 
> classmate's web sites...]

    Lol, owned! :)

    ~Steve~


>
> -- 
> http://blog.orphi.me.uk/
> http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message
Goto Latest 10 Messages Next 8 Messages >>>

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.