Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

SecurID

News Authentication

Recommended Links

Linux PAM Smart Cards
Installation of SecurID client on Suse Application password security RADIUS Authentication Protocol Humor Etc

Index


Each  RSA SecurID hardware token is identical, apart from the unique printed serial number. It is then initialized with a secret ‘seed’ value, and a cryptographically protected copy of that seed value is sent to the token purchaser to install into their authentication server. An algorithm (based on AES in new devices) uses that seed value combined with the internal clock to generate the numbers displayed. Normally customers buy a large batch of tokens at one time, and receive a file containing that batch of seed values.

The RSA SecurID token is a rather old, already broken and a rather expensive solution.  Still it provides reasonable level of security, especially for webmail and web portals authentication.  According to Snowden revelations NSA has a backdoor to SecurID authentication (which probably should not bother you too much ;-).  To add an insult to the injury, SecurID tokens are ridiculously overpriced.

Similar, but more modern and cheaper solution might be  Digipass Go 3.  It also serve as a generator of one time passwords that can be used for authentication.

SecurID is used in conjunction with RSA ACE/Server, the SecurID token generates a new, supposedly unpredictable numeric  (6 digits) one time password every 60 seconds.

Each password can be used only once: you cannot authenticate to two systems using the same password.

While pretty adequate for end users (outside the cost) SecurID is not very convenient for system administrators who need to log in to multiple systems several times of the day and it stimulates "cheating" to avoid this 1 min delay for each authentication. 

That's why it is recommended not to enroll SSH into SecurID authentication (and use certificate and strick check mode) and limit is to telnet and ftp that are used by "regular" users. In this case SSH became privileged protocol for system administrators as such need to be secured using tcp_wrappers and/or firewall rules to selected static  addresses (DHCP range should be excluded).

Actually there are multiple way to install SecurID client is a wrong way and only few in a right way ;-). One problem is that some applications and scripts are using ftp as a transport protocol.

Due to those complications the level of security provided is completely illusionary. This along with being pain in the neck for system administrators (the most important users of the technology, were the cost is somewhat justified) is a major drawback of the approach. 

Again this is a bad idea to use SecurID authentication for all three major protocols: telnet, ftp and SSH. You should consider leaving SSH out of the realm of SecurID authentication and use certificates.

Another drawback is the pretty ancient software used on the server side. Actually after even cursory acquaintance with server side of SecurID there is a great temptation to send this company to hell. They create a very strong impression of being way too greedy and incompetent.

But in reality while server side part is extremely ugly interface-wise and  very old it is reasonably reliable and reasonably scalable.  Level of maintenance it required is minimal and mainly is related to updates from one version to another (which is sometimes a bad idea as RSA tend to over-milk this cash cow and use version switching as a pretext for getting additional  revenue).  That's why the technology did not got traction outside large corporate environments, especially environments where right hand does not know what left is doing. . 

There multiple alternatives to SecurID. Among them:

Where this technology is of great value is online authentication to banks and brokarages web portals. I would say that those who are not using tokens shoudl go our of the business.

Only selected online brokerages and pay centers use tokens. I know about Paypal and eTrade.  Most switched to anternatives (at one point eTrade.com was using it now they use token from Symantec; if you have more the $10K you even do not need to pay for your own token).

For a simple disposable security device a SecurID token (which probably costs less then $5 to manufacture) is very expensive ($70 for three years token or ~ $25 per year).  But if usage is selective then this defeat the purpose of introducing the SecurID token into infrastructure. The server is also not cheap and only inertia of the industry permits RSA to enjoy such high profit margins profits. That probably will not last for long.

That creates a huge problem of justifying the costs. 

For such an expensive product RSA documentation is generally very weak, almost junk.  The product requires support contract and the quality of support is generally good.

Digipass Go 3

Digipass Go 3 uses much better interface then SecurID. It's "The touch of a button" approach corresponds to what busy users like system administrators could want from such a device that their employer requires them to use. The Digipass GO 3 is very small, and features a high contrast LCD display and a single button.

This combination offers the ultimate in user-friendliness and high security: One push on the button and the Digipass GO 3 shows a unique one-time password on its LCD display. The user then enters this one-time password into their application login screen.

Vasco Digipass is used by PayPal which sells it to users for $5. Note the difference with the price of SecurID token.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Dec 27, 2013] Report on NSA 'secret' payments to RSA fuels encryption controversy by Marc Ferranti

Dec 23, 2013 | PCWorld

Editor's note: This article originally published 12-22-13, but was updated 12-23-13 with RSA's comments.

The U.S. National Security Agency (NSA) paid $10 million to vendor RSA in a "secret" deal to incorporate a deliberately flawed encryption algorithm into widely used security software, according to a Reuters report that is reigniting controversy about the government's involvement in setting security standards.

The contract was part of an NSA campaign to weaken encryption standards in order to aid the agency's surveillance programs, Reuters reported on Friday.

The report, based on two sources that Reuters said were familiar with the contract, has sparked a series of headlines that are stoking the ongoing debate about NSA surveillance tactics. The NSA declined immediate comment.

RSA, which initially declined to comment, late Sunday denied that it had entered into a secret contract with the NSA.

"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," RSA said in a statement.

"We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the RSA said.

Charges of subverting security

In September, articles in ProPublica, The Guardian and The New York Times disclosed that the NSA had been working for years to weaken security standards to help the U.S. government's massive surveillance programs. The articles were based ondocuments leaked by former government contractor Edward Snowden.

The articles indicated that a crypto random-bit generator known called "Dual Elliptic Curve Deterministic Random Bit Generator," was deliberately subverted by NSA cryptographers working to develop and promulgate standards that would allow the creation of "back doors" in security products.

The RSA took money "secretly" from the NSA to embed the Dual EC DRBG technology into its widely used BSafe toolkit, according to the Reuters report Friday.

At least some commercial dealings between the NSA and RSA are a matter of public record, however. In March 2006, RSA announced that the NSA had selected BSafe encryption software for use in "a classified communications project." The value of the deal was not revealed.

The central question raised by the Reuters report and earlier articles, however, remains: Did RSA use what it knew was deliberately weakened crypto software in BSafe, or at best did it look the other way in the face of expert criticism of Dual EC, in order to make money from U.S. government deals?

In its statement Sunday, RSA said, "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption."

RSA also acknowledged it used Dual EC also because of its "value in FIPS compliance." FIPS, or Federal Information Processing Standards, are computer standards required in government systems.

The Reuters article Friday suggests that RSA had significant monetary incentive to set Dual EC as the default random number generator in BSafe, reporting that $10 million "represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show."

The inclusion of Dual EC in RSA technology software also helped the NSA convince the National Institute for Standards and Technology (NIST) to approve the software as a method for generating random numbers used by encryption software, the Reuters story noted.

Questions remain, resurface

But questions about the efficacy of Dual EC were being raised even as RSA publicly announced its Bsafe deal with the NSA in 2006, and continued for years.

One paper, "Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator," by Berry Schoenmakers and Andrey Sidorenko, published by the Eindhoven University of Technology in May 2006, reported that "our experimental results and also empirical argument show that the DEC PRG is insecure."

Finally, after articles about the NSA's alleged efforts weaken security standards were published this September, NIST issued an advisory recommending that Dual EC not be used, and RSA followed suit.

"Following NIST's decision to strongly recommend against the use of the community developed encryption algorithm standard (known as Dual EC DRBG), RSA determined it appropriate to issue an advisory to all our RSA BSAFE and RSA Data Protection Manager customers recommending they choose one of the different cryptographic Pseudo-Random Number Generators (PRNG) built into the RSA BSAFE toolkit," the RSA advisory said.

RSA CTO Sam Curry publicly defended and explained why RSA originally chose Dual EC in an email published by Ars Technica.

But Curry's statement was dissected and ridiculed by cryptography experts.

Among other statements, Curry said that "Dual_EC_DRBG was an accepted and publicly scrutinized standard."

However, "every bit of public scrutiny said the same thing: this thing is broken! Grab your children and run away!" noted Matt Green, a cryptographer and research professor at Johns Hopkins University, in a careful analysis of Curry's defense.

The Reuters report came at the end of a week of mounting criticism of the government's surveillance programs.

U.S. District Court Judge Richard Leon, in a preliminary ruling in a court case challenging the government's phone records collection program, harshly criticized the agency and suggested the program violates the U.S. Constitution. A report from the Review Group on Intelligence and Communications Technology, appointed by administration of U.S. President Barack Obama, said that the government's spy programs create problems for international commerce and affect the U.S.'s relationship with other countries,

[Dec 21, 2013] $10m NSA contract with security firm RSA led to encryption 'back door'

The Guardian

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the National Security Agency arranged a secret $10m contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by the former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers, to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10m in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products. RSA, which is now a subsidiary of the computer storage giant EMC Corp , urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.

RSA and EMC declined to answer questions for this story, but RSA said in a statement: "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."

The NSA declined to comment.

The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using "commercial relationships" to advance that goal, but did not name any security companies as collaborators.

The NSA came under attack this week in a landmark report from a White House panel appointed to review US surveillance policy. The panel noted that "encryption is an essential basis for trust on the Internet", and called for a halt to any NSA efforts to undermine it.

Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA's corporate evolution away from pure cryptography products as one of the reasons it occurred. But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance.

"They did not show their true hand," one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.

A storied history

Started by MIT professors in the 1970s and led for years by an ex-marine, Jim Bidzos, RSA and its core algorithm were named for the last initials of the three founders, who revolutionized cryptography. Little known to the public, RSA's encryption tools have been licensed by most large technology companies, which in turn use them to protect computers used by hundreds of millions of people.

At the core of RSA's products was a technology known as public key cryptography. Instead of using the same key for encoding and then decoding a message, there are two keys related to each other mathematically. The first, publicly available key is used to encode a message for someone, who then uses a second, private key to reveal it.

From RSA's earliest days, the US intelligence establishment worried it would not be able to crack well-engineered public key cryptography. Martin Hellman, a former Stanford researcher who led the team that invented the technique, said NSA experts tried to talk him and others into believing that the keys did not have to be as large as they planned.

The stakes rose when more technology companies adopted RSA's methods and internet use began to soar. The Clinton administration embraced the Clipper Chip, envisioned as a mandatory component in phones and computers to enable officials to overcome encryption with a warrant. RSA led a fierce public campaign against the effort, distributing posters with a foundering sailing ship and the words "Sink Clipper!"

A key argument against the chip was that overseas buyers would shun US technology products if they were ready-made for spying. Some companies say that is just what has happened in the wake of the Snowden disclosures.

The White House abandoned the Clipper Chip and instead relied on export controls to prevent the best cryptography from crossing US borders. RSA once again rallied the industry, and it set up an Australian division that could ship what it wanted.

"We became the tip of the spear, so to speak, in this fight against government efforts," Bidzos recalled in an oral history.

RSA and others claimed victory when export restrictions relaxed. But the NSA was determined to read what it wanted, and the quest gained urgency after the 11 September 2001 attacks.

RSA, meanwhile, was changing. Bidzos stepped down as chief executive in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said. And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5m of RSA's revenue, less than 9% of the $310m total.

"When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."

By the first half of 2006, RSA was among the many technology companies seeing the US government as a partner against overseas hackers. New RSA chief executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.

An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard. RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.

RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

"The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.

Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door".

After reports of the back door in September, RSA urged its customers to stop using the Dual Elliptic Curve number generator. But unlike the Clipper Chip fight two decades ago, the company is saying little in public, and it declined to discuss how the NSA entanglements have affected its relationships with customers.

The White House, meanwhile, says it will consider this week's panel recommendation that any efforts to subvert cryptography be abandoned.

nectere

I sometimes think all these security experts are liers.

Felipe_Verde

Looks like RSA should have been minding their P's and Q's...

that the NSA and the NIST recommended in Appendix A of Dual-EC-DRBG (ISO/IEC 18031).

Nudge, nudge, wink, wink.

Should you stop using RSA SecurID tokens By Ellen Messmer

March 21, 2011 | Network World

Anyone using RSA SecurID two-factor authentication tokens for remote access to sensitive information should reconsider using them until RSA, which last week admitted to a major breach of its network, clarifies exactly what was compromised, says NSS Labs.

"Furthermore, RSA clients should consider alternative 2-factor authentication solutions," said NSS Labs, the Carlsbad, Calif.-based lab which tests security products.

MORE ON THE HACK: Did hackers nab SecurID's 'secret sauce'?

In its analysis, entitled "RSA breach," NSS Labs indicates "it expects a string of breaches stemming from this event" and says it believes the RSA breach disclosed by RSA Executive Chairman Art Coviello on March 17 was for the hackers "a strategic move to grab the virtual keys to RSA's customers -- who are the most security conscious in the world."

Related Content

"Military, financial, governmental, and other organizations with critical intellectual property, plans and finances are at risk," NSS Labs states.

The public comments that Coviello made, along with the 8K SEC filing made by RSA about the break-in, have been inadequate and leave questions unanswered, says NSS Labs. Coviello called it an "advanced persistent threat" attack that did result in "certain information" related to SecurID being taken. An APT is a stealthy breach by hackers, often long-term and sometimes by foreign governments or corporate rivals, who are trying to steal the valuable information.

NSS Labs said it believes "the locksmith's secrets may have been stolen, and the integrity of RSA's 2-factor authentication compromised. This knowledge breaks the 2-factor model since the attacker can now create the string required for a successful authentication, obviating the need to know the password and PIN. It will allow an attacker to login as a trusted user with corresponding access privileges."

Some analysis do expect to see a fix coming for RSA SecurID. And Gartner has suggested potential customers of SecurID may want to hold off any product procurements until RSA makes more information public.

Today, IronKey, whose product IronKey Trusted Access for Banking can be used in combination with RSA SecurID, said "the most likely scenario proposed by industry experts is that the secret codes, also known as seeds, used to generate one-time passcodes have been compromised or stolen, potentially allowing RSA SecurID authentication to be performed without a genuine token."

Read more about security in Network World's Security section.

Plan to Supplement RSA SecurID Replacement Tokens With Other Measures

June 08, 2011 | gartner.com
G00213926

Analyst(s): Ant Allan, Avivah Litan

Free preview of Gartner research

On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA.

On 6 June 2011, RSA announced a program to replace customers' RSA SecurID one-time password (OTP) authentication product tokens. (For details, see http://www.rsa.com/node.aspx?id=3891 .)

Analysis

After the March 2011 security incident (see "RSA SecurID Compromise Is of Concern, but Likely Not a Fatal Flaw" ), RSA announced that information about RSA SecurID tokens had been exposed and that an attacker could use that information as part of an attack against SecurID customers. RSA also published guidance for minimizing the risks of such attacks. Gartner understands that RSA replaced SecurID tokens for a smaller number of customers, although RSA did not provide details about these replacements. RSA has now disclosed that it knew that the attack was defense/nation-state motivated; consequently, RSA focused on its military and government customers and replaced tokens for some of these customers.

To attempt to mitigate risks and restore customer confidence, RSA is now offering replacement SecurID tokens to all of its customers, with an early focus on enterprises and industry verticals most likely to be at risk. The token replacement program is expected to take, at minimum, three months, but could last much longer, depending on how many customers choose that additional remediation option. Customers that have received SecurID tokens since 23 March 2011 are not at risk.

Although enterprises will not pay incremental costs for replacement SecurID tokens, they will still face administrative overhead and logistical costs, which could exceed the token list price. This option should be compared with switching to another authentication vendor or method. Enterprises that are able to implement alternative remediation mechanisms may be able to do this more cheaply than implementing replacement tokens. Financial services and other consumer-focused enterprises have the option of augmenting existing SecurID tokens with RSA's Web fraud detection tools, which RSA says it will make available as an option in its remediation program.

Gartner advises taking a conservative approach, as we still don't have enough information about the hackers' identity, motivation and intentions. Other vertical industries are not clearly threatened at this time, but the risk of compromise remains and could spread further; for example, if the original attacker sells the information it acquired. All customers should be wary about how the RSA attack could affect them and their own customers. Enterprises that cannot be absolutely certain that they can apply high levels of fraud detection and best practices recommended by RSA should implement replacement SecurID tokens or consider another vendor's offering.

All authentication methods can be compromised and should never be the sole means of protection for enterprise assets. Cyberthieves have circumvented strong authentication communicated through user browsers to raid bank accounts and other enterprise assets. Gartner has long recommended a layered fraud prevention approach to ensure adequate defenses (see "The Five Layers of Fraud Prevention and Using them to Beat Malware" ).

Recommendations

Prospective SecurID customers:

Current SecurID customers:

Defense industry customers:

Financial services customers and others relying on SecurID for external user authentication:


Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites

Top articles

Sites



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September 12, 2017