Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Upgrade Instructions for STUPID OWNERS (Score 1) 351

I had already disabled the automatic update. Currently running regular firmware 2.0.37.131047

I wanted to download the latest 2.0.37 to make sure I had a "backup" of the firmware....

Problem is, at least for the E4200v2 cisco has pulled 2.0.37 from the official download page. The only way to get it is to call them to complain and get a download link for the pre-cloud firmware, which is now "unsupported"...

Comment good hosting providers already patched... (Score 3, Informative) 181

by TeddyR (#40344039) Attached to: US-CERT Discloses Security Flaw In 64-Bit Intel Chips

I am surprised that it took this long for it to reach /.

Linode.com had already patched the items last month. During an emergency but scheduled update round (took less than 30mins per host) and most users did not notice any issues since they were given more than 7 days advanced notice of the emergency update. [linode uses XEN on intel].

http://blog.linode.com/2012/06/13/xen-security-advisories-and-how-we-handled-them/
Intel

US-CERT Discloses Security Flaw In 64-Bit Intel Chips 181

Posted by timothy from the yeah-but-who-uses-those dept.
Fnord666 writes "The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems, security experts say. The flaw was disclosed the vulnerability in a security advisory released this week. Hackers could exploit the flaw to execute malicious code with kernel privileges, said a report in the Bitdefender blog. 'Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack,' the US-CERT advisory says. 'The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.'" According to the article, exposed OSes include "Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor."

Comment Re:Hello, HIPPA? (Score 2) 48

by TeddyR (#40340125) Attached to: Support Site For Hospital Respirators Found Riddled With Malware

They can be fined if any user identifiable medical data was proven to be compromised as a result of the malware.

They also have to do regular internal security scans (IE: Anti Virus scans and other steps) to ensure that they are not infected or allowing people that should not have access to the user identifiable data that they should not)

This also includes regular security training for their staff; which means that the download pages should not have had a "just click on run to install the software"

http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf

Comment Re:I Tried Anyway... (Score 2) 244

by TeddyR (#40248237) Attached to: After Launch Day: Taking Stock of IPv6 Adoption

Front line tech support and supervisors have NO idea what ipv6 is or how to get it to you.

I have Charter cable, and "just for fun", called tech to ask about if they had native ipv6 availible, and if not, if they had better "regional" tunnels or 6rd gateways. Note that I already had the info from http://www.myaccount.charter.com/customers/Support.aspx?SupportArticleID=2665 working with my Linksys E4200v2; I just wanted to see if there was a closer 6rd tunnel gateway to my location. Over 45 mins and no help at all from the support or the supervisor. Neither had any idea about ipv6 even after I directed them to their own internal support article.

Comment Depends where the xfinity servers are located (Score 1) 272

by TeddyR (#39705903) Attached to: Netflix CEO Accuses Comcast of Not Practicing Net Neutrality

I would say it depends on where the xfinity servers are located. If comcast has the servers on its own network, or has a peering arrangement with the network which xfinity servers are located, it is possible that they are not paying as much for the bandwidth when compared to the bandwidth that is used by their users going to netflix servers. If netflix wants net neutrality on this issue, then they can offer to pay for the bandwidth that connects netflix to comcast.

This reminds me of the old AOL network where content providers paid AOL to be connected to the "premium" access network that enabled AOL users better access. At that time AOL could dictate the terms since it was one of the few games in town which had ALOT of users that the content providers were eager to get their hands on.

A long time ago a local university had really bad connectivity to the internet (it had to go to the "main parent" campus then back out the the internet to reach an ISP that literally was half a mile away. The university and the ISP decided that a "mutual peering" arrangement was beneficial to both since the ISP had more than 70% of the local market at the time and most of the local market communicated in some form with the university servers....

Someone at netflix should have thought of that (peering with comcast/charter/etc) with a "dont charge your users for the cap when connecting to us via the peering connection" deal...

Hulu should also consider that as well....
DRM

Details of Initial "Disc to Digital" Program Emerge 201

Posted by Unknown Lamer from the digitize-your-digital-video-disc-today dept.
MojoKid writes with an excerpt from an article at Hot Hardware: "Walmart's burgeoning partnership with the Ultraviolet DRM system backed by major Hollywood studios and their plans to 'assist' customers in registering DVDs with the Ultraviolet system, made headlines not long ago. Walmart has also since announced additional details to the program and it's a clever attempt to drive more users to Vudu, Walmart's subsidiary movie streaming service. Here's how the service works. 'Starting April 16th, 2012 in more than 3,500 stores, Walmart customers will be able to bring their DVD and Blu-ray collections to Walmart and receive digital access to their favorite titles from the partnering studios. An equal conversion for standard DVDs and Blu-ray discs will be $2. Standard DVDs can be upgraded to High-Def (HD) for $5.' Anyone who doesn't have a Vudu account will have one created for them as part of this process. That's part of the genius to the plan. If customers embrace the offer, Walmart signs up hundreds of thousands, possibly millions of people for Vudu. Even better, from Walmart's perspective, is that first-time users who pony up $2 for a digital version of their DVDs are effectively paying to create Vudu accounts."

Comment Re:Are 3G networks encrypted? (Score 1) 139

by TeddyR (#39015067) Attached to: Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

Except that now in order to save money, 3G bandwidth, or "conveniance for users" many locations have "automatic free wifi connections" to attwifi/Wayport_Access hotspots (mcdonalds, starbucks, and many airports, etc) for ipad 3g and iphone users. The only recourse is to MANUALLY turn off wifi if you only want 3G
Security

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers 139

Posted by timothy from the one-more-path-to-id-theft dept.
New submitter davidstites writes "I am a masters computer science student at University of Colorado at Colorado Springs, and in November I performed a security audit of 230+ popular iOS applications because I wanted to know how secure apps on smartphones and tablets really are. I made a shocking discovery. The largest single potential security breach was with the Southwest Airlines application. Southwest Airlines' iPhone app leaves a user's information vulnerable to hackers. When you login to the application on your phone using your Rapid Rewards account, the app submits your username and password information as plain-text (unencrypted) to a Southwest remote server (mobile.southwest.com). A potential attacker can simply sniff for the data on the network and steal it. This situation is a hackers dream! If a victims credentials were captured, a hacker could use those credentials to login to that particular account and they would have access to anything the victim would have access to, such as addresses, birthdays, e-mail, phone and credit cards. They could even book a flight in the victims name." (Read on below for more details.)

Submission + - How useful is ipv6 depends on the destination webs (atoomnet.net)

Submitted by TeddyR
TeddyR writes: IPv6 enabled TOP 1000000 websites as of Jan 8 2012
From the site:
"Here is a list which contains all popular sites (according to Alexa) with an IPv6 address. Out of the 990068 tested websites only 14229 have one or more IPv6 addresses. That is 1.44%.
  Out of the 24500 IPv6 addresses 18766 are connectable. That is 76.6%."

Even more shocking is that many of the top ipv6 sites are not the "goto" sites for many users and are not US based sites, showing how far the US must go in order for ipv6 to be useful.

A question for slashdot maintainers: why isnt slashdot.org on the list by now?

Slashdot Top Deals

The brain is a wonderful organ; it starts working the moment you get up in the morning, and does not stop until you get to work.

Close