Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Hmmmm (Score 1) 1051

by IceCreamGuy (#31388872) Attached to: Ars Technica Inveighs Against Ad Blocking

If the ad blockers would actually follow the links and give the people the clicks they desire, without displaying the advertisement, would that help?"

Are you asking if illegal click fraud would help Arstechnica? I think the answer is an unequivocal "no;"

...the demographic studies these revenue sources depending upon the click analysis would fail. How nice.

Why is that nice? Because then you'll see the ads that should have gone to 90-year-old widows instead of the video game ad you would normally see? How nice because Ars would go out of business? What exactly is your point here... because if it's what it seems to be on the surface then it's really dumb.

Comment Re:Was it a DoS exactly? (Score 1) 166

by IceCreamGuy (#31142904) Attached to: Was This the First Denial of Service Attack?

Simply sending a reboot command, or a single command that causes the machine to hang, isn't a DOS

This is a common view of a DoS because flood-style attacks are the types you hear about on the news and on Slashdot, however what you said is simply not true. Crashing a webserver remotely is, without a doubt, a denial of service attack, as you are denying service to the end user. It makes absolutely no difference what means you use to accomplish this goal. If you don't believe me, just take a look at this week's CERT security bulletin: http://www.us-cert.gov/cas/bulletins/SB10-040.html.
For Wireshark:

Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.

For Asterisk:

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.

Postgresql:

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

So we have malformed packet, bad handshake, and a poorly handled statement, all of which cause what the CERT is classifying as "denial of service," and none of which even remotely match what you describe as a DoS attack.

Comment Seriously? (Score 2, Interesting) 102

by IceCreamGuy (#30999174) Attached to: Gaining Root Access On Linux-Based Femtocells

Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms.

First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security. What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed? Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?" ("computer school?" ...seriously?). How many privilege escalation vulnerabilities were found in the Linux kernel last year? I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter, but the poster is being sensationalist here, and, honestly, comes across as undereducated in the subject matter. I wouldn't consider myself an expert, but this person doesn't seem to have a clear understanding of the issue. It's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password.

The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.
Security

Twitter Hackers Take Down Baidu 70

Posted by kdawson from the thought-they-were-friends dept.
snydeq writes "The group that took down Twitter last month has apparently claimed another victim: China's largest search engine Baidu.com. Offline late Monday, Baidu.com at one point displayed an image saying 'This site has been hacked by Iranian Cyber Army,' according to a report in the official newspaper of the Chinese Communist Party and other Web sites. The Iranian Cyber Army first gained notoriety with its Dec. 18 Twitter attack. Baidu's domain name records were the focus of the hack. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses."

Comment Lessons from M.U.L.E (Score 3, Informative) 110

by IceCreamGuy (#30693074) Attached to: <em>M.U.L.E.</em> Is Back
I think we, as a community, can learn a lot from the ancient and wise game:
  • Catch the Mountain Wampus for mod points
  • Press all player buttons to post first
  • Develop a cutthroat economy where a single asshole player can collapse the entire system

OK so maybe some aspects of the game are more plausible than others.

-Purple Mechtron
Medicine

The Medical Benefits of Carbon Monoxide 177

Posted by Soulskill from the my-garage-is-my-laboratory dept.
tugfoigel writes with this excerpt from the Boston Globe: "For more than a century, carbon monoxide has been known as a deadly toxin. In an 1839 story, Edgar Allan Poe wrote of 'miraculous lustre of the eye' and 'nervous agitation' in what some believe are descriptions of carbon monoxide poisoning, and today, cigarette cartons warn of its health dangers. But a growing body of research, much of it by local scientists, is revealing a paradox: the gas often called a silent killer could also be a medical treatment. It seems like a radical contradiction, but animal studies show that in small, extremely controlled doses the gas has benefits in everything from infections to organ transplantation."

Comment Re:WiMax ..umm right (Score 1) 128

by IceCreamGuy (#29476895) Attached to: WiMax In 2010 &mdash; Too Little, Too Late?

...a lot of dummies have bought into it.

The only reason I use Xohm is because I refuse to give any of my money to Comcast or Verizon; I think that's a pretty reasonable decision and does not make me a dummy. That being said, I do get minimum 120ms latencies to anywhere, and that does suck sometimes.

Comment Re:BackupPC (Score 3, Informative) 272

by IceCreamGuy (#29450435) Attached to: Best Backup Server Option For University TV Station
I couldn't agree more; BackupPC is really great. Not only does it support Tar over SSH and SMB, but it also supports rsync over SSH, rsyncd and now in the new beta, FTP. I backup everything to a NAS and then rsync that every weekend to another DR disk (you have to be careful about hardlinks when copying the pool, since it uses them in the de-duplication process). There are several variants of scripts available on the wiki and other sites for initiating shadow copies on Windows boxes, and with a little tinkering you can even get that working on Server 2008, though of course it really shines with *nix boxes. Highly recommended - the only drawbacks are that, as the parent mentioned, the learning curve can be intimidating at first, and the project has been pretty quiet the past few years since the original developer stopped working on it. Amanda (the MySQL backup company) seems to have picked it back up and they are the ones who released the most recent beta. Did I mention it has a really convenient web interface, emails about problems, auto-retries failed backups (while it's not in a blackout period), and somebody wrote a great Nagios plugin for it? I'm pretty sure I did, oh yes definitely.
NASA

Space Shuttle To Be Replaced By SpaceX For ISS Resupply 297

Posted by timothy from the how-to-squelch-space-mercantilism? dept.
destinyland writes "Next year SpaceX will perform resupply missions for the International Space Station after the Space Shuttle is grounded, as part of a $3.5 billion NASA resupply contract. 'The fledgling space industry is reminiscent of the early days of the personal computer,' notes one technology reporter, 'when a number of established vendors and startups reversed-engineered Microsoft's DOS and manufactured PCs using the Intel 8080 chip set. We're likely to see a similar industry shakeout in the private space vehicle market segment in the coming decades.'"
Networking

Military To Spend $42M To Build Advanced Network Control 102

Posted by CmdrTaco from the thats-a-lot-of-green dept.
coondoggie writes "BBN, which was bought by defense giant Raytheon today, got almost $11 million to help build self-configuring network technology that would identify traffic, let the network infrastructure prioritize it down to the end user, reallocate bandwidth between users or classes of users, and automatically make quality-of-service decisions. The advanced network technology is being developed by Defense Advanced Research Projects Agency (DARPA) and will include support for features like 32 levels of network traffic prioritization that will let data with a higher priority will be handled more expeditiously than traffic with a lower priority."

Slashdot Top Deals

The most exciting phrase to hear in science, the one that heralds new discoveries, is not "Eureka!" (I found it!) but "That's funny ..." -- Isaac Asimov

Close