- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
It's not. To debug your own code, you have to check the parts where it interacts with other code.
To tell you messed up a system call, you need to know that calls syntax and semantics.
To tell you did something wrong in regard to a library, you need information on that library.
In general, to debug your own code, you need documentation (and, if possible, source) of the code it has to work with.
So it is completely correct he wants to check that "security library", so he can find out where the bug is.
Admin
As stated in early posts to this thread, VBScript will execute both function calls in the first 'if' statement. Regardless of whether or not the result of the first function call alone determines the conditional.
Admin
That's true if you're making a system call. However, he was not making any function calls into code in the included file. The only way it could have presented a problem to him were if:
A) The code in the included file redirected him to another page.
B) The code in the included page modified global variables that he used.
The lack of documentation of code that he had to use is definately a WTF, but I don't think he should have needed the source code in order to debug. Its along the lines of saying you can't debug C code because you only have header files to code you are linking to. Sure there could be problems in the code you're linking to, but a seasoned programmer should be verifying what they did before they start pointing the finger at another piece of code.
Admin
Well, drdamour, we're just going to have to agree to disagree. The rule of law isn't security.
As an example, if I leave the front door of my house wide open, and someone comes in off the street & steals my TV, the rule of law did nothing to stop the person. The police will laugh at my "security system". As will my insurance company. If I were employed as a security person & this happened in the course of my job, I would be fired, and rightfully so.
While the rule of law is a deterrent, it is most definitely not security.
As
Admin
That's the kind of security I would like to see on pr0n sites ;-)
Admin
That depends on which key you're talking about. We've already factored RSA-640: http://en.wikipedia.org/wiki/RSA_Challenge
It works because you don't need to divide by every prime between 2 and sqrt(2^640).
Admin
Amazing complete lack of understanding of what biometrics are. In fact, biometrics are no different from passwords. It just takes more effort to generate a new person than it does to generate a new password.
You need to check that the measurements are of a real person, and that the person is willing. Fingerprints can be faked using gelatine (cast it into a mould, and you can print a mould with a PCB), and we can't be too far from faking retina and iris scans. And then you can get someone with a fake eye or get skin grafts.
Ultimately, you need to measure the brain and also take input from the brain, and somehow determine whether they're the same brain. All other body parts can be chopped off (I'm going with the one-brain-per-person theory).
This is the big problem with biometric security, yet governments are still pushing for it. And they still only take a fingerprint..
(captcha:enterprisey, and then I logged in)
Admin
I use a combination of the username, user IP address, and current time
256-bit random number.
you can't move a token from one computer to another because the IP address of the original computer is stored in the database
IP-spoofing. And some ISPs have multiple transparent proxies, so you may not actually come from the same IP all the time.
you can't re-use a token at a later date because the time the token was generated is stored in the database
Limiting the amount of time you can attack for is not security.
Admin
No, the most critical apps are the ones with important passwords. Security is only as strong as the weakest link.
What would happen if I waited for everyone to leave, and then looked under all the keyboards?
Admin
Because sometimes you want to (I haven't encountered such a situation yet).
Other times it's actually more efficient. The time taken for a mispredicted branch is a lot longer than the time taken to do a few bitwise ops, so it's faster to compute a&b&c and then compare/branch, than it is to compare a, conditionally branch, compare b, conditionally branch, compare c, conditionally branch (if a,b,c are local variables and vaguely random).
This is slightly CPU dependant, though.
Admin
This appears to be standard practice. "Hello? Mr. Contractor? Yes, we're with Corporate IT's Revenue De-justment group, and we're here to help you...fail. You say you've been working on this system for three months and you can't get paid until it's installed and working? Yes, well, we're here to prevent that. That's right - you're now a little thing we like to call "screwed". Have a great day! And say hi to all the nice folks at the soup kitchen..."
Admin
I'll take "reading to much Dilbert(tm) and starting to talk like the P.H.B.(tm)" for $500, Alex!