Comment *Mozilla* Bugzilla breached. Not all bugzillas (Score 5, Informative) 97
Please update the article title, JFC.
Bugzilla Breached, Private Vulnerability Data Stolen 97
darthcamaro writes: Mozilla today publicly announced that secured areas of bugzilla, where non-public zero days are stored, were accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. They say, "We believe they used that information to attack Firefox users." The whole hack raises the issue of Mozilla's own security, since it was a user password that was stolen and the bugzilla accounts weren't using two-factor authentication. According to Mozilla's FAQ about the breach (PDF), "The earliest confirmed instance of unauthorized access dates to September 2014. There
are some indications that the attacker may have had access since September 2013."
Comment This is not a new concept, and it's already broken (Score 3, Interesting) 190
Bit9's application whitelisting product was leveraged to attack customers using it.
http://krebsonsecurity.com/201...
http://krebsonsecurity.com/201...
Submission + - SSH Brute force Attackers Taken Down (cisco.com)
An anonymous reader writes: Cisco Talos and Level 3 communications have worked to take down a group that was conducting large scale SSH Brute Force attacks. At times the group was accounting for more than a third of the SSH traffic on the Internet. The threat has been known and action needed to be taken. Show your support by tweeting #DownWithSSHPsychos
Comment STOP. I HAVE READ THIS BOOK. IT SUCKED (Score 1) 391
No really, stop - this is not The Butlerian Jihad by Kevin Herbert.
Submission + - Sniff and decrypt BLE with Ubertooth (lacklustre.net)
mpeg4codec writes: Hot on the heels of Omri Iluz's BLE-sniffer-on-the-cheap, I decided to write up the BLE (Bluetooth Smart) sniffer I built on Ubertooth. My sniffer is highly robust, can capture data from connections, and is 100% open source.
I also discovered a major flaw in BLE's crypto that allows an attacker to crack its encryption key and decrypt data, 100% passively. I wrote a tool called crackle that will automatically decrypt encrypted BLE data captured by Ubertooth.
I also discovered a major flaw in BLE's crypto that allows an attacker to crack its encryption key and decrypt data, 100% passively. I wrote a tool called crackle that will automatically decrypt encrypted BLE data captured by Ubertooth.
Comment Classified. You keep using that word. (Score 1) 243
I do not think it means what you think it means. Classified documents originate from a classification authority. There is no classification authority within Apple. Classification authorities are within the state and federal government. While Apple is large (and last I heard had more money than the federal reserve), that doesn't mean they can classify documents :)
Now, there can be trade secrets, that's an entirely different thing. :)
Now, there can be trade secrets, that's an entirely different thing.
Comment So, that KORUS treaty is still a problem, I think. (Score 4, Interesting) 378
http://www.techdirt.com/blog/wireless/articles/20130311/01344922277/government-might-want-to-legalize-phone-unlocking-unfortunately-it-signed-away-that-right.shtml
The interesting part is treaties can (and do) override what the US federal government can do. :/
The interesting part is treaties can (and do) override what the US federal government can do.
Comment Wasn't there a mech-style game on kickstarter? (Score 1) 189
I seem to remember there being a mechwarrior style game on kickstarter that looked really good in videos - now for the life of me I can't track it down. It was a mech style game, but not the mechwarrior brand.
Comment Re:The Current One... (Score 3, Insightful) 66
Upmod parent. Please. No animated GIF logos please.
Comment Go with Linode. (Score 1) 375
I've been a customer for what feels like 10 years now. Their support is great, they have knowledgable people and yes, you do get root. You can have console access, just not graphical console access. (Who would want X running on a colocated server anyway?)
Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.
Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.
http://www.linode.com/?r=8304c52b0c2b67372d5dcbe998ee4e04271275d6
Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.
Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.
http://www.linode.com/?r=8304c52b0c2b67372d5dcbe998ee4e04271275d6
Comment This explains why I still have a job. (Score 1) 388
I used to do sysadmin work professionally, and I still do it personally (I have a Linode VPS) where I host my personal e-mail, website, jabber server, and personal e-mail of family members. It's just one of those things that as a geek a lot of us end up doing.
One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.
Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.
One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.
Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.
Comment Re:What about CentOS? (Score 2) 201
What's going on here?
Comment What's next, Windows only CPUs? (Score 2, Interesting) 832
How come the software to "unlock" this capability appears to be windows only?
Comment Valve != iD I suppose (Score 2, Informative) 520
iD software has historically produced Linux versions of their games; I remember fondly playing the quake(s), and doom 3 under Linux.
While there have been lots and lots of reports over the years showing there is a Linux gaming market, it isn't a large enough market share for these game developers to put serious effort into it. I bet some of them actually see developing for Linux as a hindrance, even though most big game dev companies essentially abstract-out the bits between PS3, XBOX, Wii, PC, etc that are different.
