SpzToid - Slashdot User

Comment This could totally work out (Score 2) 129

by SpzToid on Monday July 21, 2014 @05:47AM (#47499025) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

Edward Snowden certainly has name recognition in the security space, which in branding terms equals big money. He's got his share of wild and crazy times overseas doing various hijinx not always on the up and up, sorta just like other security specialists of an earlier generation. Sure, in terms of branding alone Snowden could easily become the next McAfee, and he's still very young!

And isn't as if they weren't both wanted on international warrants either; and street cred. does sell sneakers.

Comment Re:Derp (Score 1) 168

by SpzToid on Sunday July 20, 2014 @08:39PM (#47497293) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

Here's the link to the blog post, that didn't make it into my previous reply: https://www.adayinthelifeof.nl.... It clarifies several reasons for using the standard port 22 for ssh.

Comment Re:Derp (Score 1) 168

by SpzToid on Sunday July 20, 2014 @08:36PM (#47497275) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

Yes, you are right and I stand corrected. In fact late yesterday, I happened upon a blog post teaching me the same explanation you gave me just now:

when we start SSH on port 22, we know for a fact that this is done by root or a root-process since no other user could possibly open that port. But what happens when we move SSH to port 2222? This port can be opened without a privileged account, which means I can write a simple script that listens to port 2222 and mimics SSH in order to capture your passwords. And this can easily be done with simple tools commonly available on every linux system/server. So running SSH on a non-privileged port makes it potentially LESS secure, not MORE.

Thank you for your important clarification regarding my security practices.

Comment Re:Derp (Score 2) 168

by SpzToid on Friday July 18, 2014 @12:41PM (#47483745) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

Start your security process by not using port 22 for ssh, and instead using some random, legal 5-digit port number. Then block IPs from anyone doing a port scan. Also, setup port-knocking prior to any authorized user even starting to login using ssh. Of course certificates should only be used, not passwords for authorization. That should go a long way to keep the bad guys out.

Also bots tend to have the same user-agent strings, which tend to be obscure in and amongst themselves. These obscure, identifying user-agents can also be blocked, once identified.

To read and actually make sense of machine logs, the free ELK Stack rocks! Here's a guide to setup your own machine, for the purpose of reading logs in a very user-friendly way.

Comment Re:Those bloody sepratists! (Score 1) 752

by SpzToid on Thursday July 17, 2014 @01:50PM (#47476617) Attached to: Malaysian Passenger Plane Reportedly Shot Down Over Ukraine

Replying to myself here. I was being sarcastic dammit. 'Separatists', in the most-classic sense, typically don't have such sophisticated weaponry or manpower at their disposal, when they 'rebel'. Duh.

I even cited with photos of what a BUK missile battery looks like. Please don't think I'm some sort of anarchist, okay?

Comment Re:Why fly over a war zone? (Score 1) 752

by SpzToid on Thursday July 17, 2014 @01:20PM (#47476303) Attached to: Malaysian Passenger Plane Reportedly Shot Down Over Ukraine

Up until this period of time, airspace at that altitude, over this region, wasn't in any way shape or form considered to be a war-zone, I can assure you. Or else that commercial flight would not have been there in the first place. I do not believe this particular international commercial flight up there was something like an isolated event either. Now your point in retrospect perhaps...

Comment Those bloody sepratists! (Score 2) 752

by SpzToid on Thursday July 17, 2014 @12:44PM (#47475879) Attached to: Malaysian Passenger Plane Reportedly Shot Down Over Ukraine

That rag tag militia got lucky it seems, with a direct hit no less. Those light ammunitions gathered from round the house, what the odd Klashnikov and what have you.

Speculation at this point is this is what those rag-taggers managed to bring it down with: http://www.telegraph.co.uk/new...

Submission + - X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration (phoronix.com)

Submitted by Anonymous Coward on Thursday July 17, 2014 @10:48AM

An anonymous reader writes: The much anticipated Xorg Server 1.16 release is now available. The X.Org "Marionberry Pie" release features XWayland integration, GLAMOR support, systemd support, and many other features. XWayland support allows for legacy X11 support in Wayland environments via GL acceleration, GLAMOR provides generic 2D acceleration, non-PCI GPU device improvements, and countless other changes.

Submission + - Hackers Steal Personal Information of US Security-Clearance Holders (nytimes.com) 1

Submitted by schwit1 on Thursday July 17, 2014 @10:47AM

schwit1 writes: The article says they were Chinese but offers no evidence:
The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their personal information through the website.

This is a big deal. If I were a government, trying to figure out who to target for blackmail, bribery, and other coercive tactics, this would be a nice database to have. — B Schneier

Submission + - Microsoft kills Nokia's Android phones (themukt.com)

Submitted by sfcrazy on Thursday July 17, 2014 @09:13AM

sfcrazy writes: Stephen has announced that Microsoft (Nokia) will shift the focus of Nokia X (the devices used for Android) to Windows operating systems. I never believed Linux to be part of Microsoft’s vision (outside support in enterprise segment where Linux dominates), with the death of MS-Android, my belief is stronger now.

Submission + - Congress "Defends" State Rights by Passing Law Prohibiting Local ISP Competition

Submitted by Anonymous Coward on Wednesday July 16, 2014 @06:33PM

An anonymous reader writes: The U.S. House of Representatives voted on Wednesday to approve a proposal that would essentially allow states to prohibit local municipalities from setting up their own ISPs to introduce competition in local markets. The bill seems to be a pre-emptive strike against FCC claims that it plans to limit the ability of individual states from stifling local competition. The proposal was inserted into a general appropriations bill (appropriations bill = government funding bill) by Representative Marsha Blackburn (R-TN) and passed 223-200. Blackburn, of course, has received thousands of dollars in "donations" from large, well-known ISPs and from the National Cable & Telecommunications Association. The bill has to pass in the Senate in order to become law.

Comment Re:Slew of missing business applications (Score 1) 171

by SpzToid on Wednesday July 16, 2014 @07:46AM (#47465373) Attached to: Is the Software Renaissance Ending?

6: An Amazon Glacier client for archiving documents for the long haul.

May I refer you to git-annex-assistant?

Submission + - Pseudonyms Now Allowed On Google+ (google.com)

Submitted by Anonymous Coward on Tuesday July 15, 2014 @06:15PM

An anonymous reader writes: When Google+ launched, it received criticism across the internet for requiring that users register with their real names. Now, Google has finally relented and removed all restrictions on what usernames people are allowed to use. "We know you've been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today's change is a step toward making Google+ the welcoming and inclusive place that we want it to be."

Comment Re:105 megabits per second (Score 1) 401

by SpzToid on Tuesday July 15, 2014 @04:10PM (#47460431) Attached to: Comcast Customer Service Rep Just Won't Take No For an Answer

TFA says he's a producer at AOL. Seeing as how he's an AOL employee, he probably needs a lot more bandwidth than you do, as you're someone who probably just works in I.T. Go figure. I don't understand anything about AOL either.

Obviously he needs way more bandwidth than he can get via an (AOL) dial-up modem, which explains why he's been with Comcast for the last 9 years.

Someone that works from home might opt for a larger package to obtain greater uploading bandwidth. I did that to advance from 1.5 to 6 Mbps recently myself, and I'm glad I did.

Maybe this is just AOL picking a Telecom fight with Comcast. Seriously, since when is it ever legal to record a call like this? But I suppose it becomes legal when you're on hold and the recording played to you says they'll record you first.

Comment Re:H1B (Score 1) 300

by SpzToid on Tuesday July 15, 2014 @10:38AM (#47456987) Attached to: Massive Job Cuts Are Reportedly Coming For Microsoft Employees

This New York Times article states he arrived to work at Microsoft, from Hyderabad, India in 1992. It says nothing about any initial H1b status of his. Obviously he lives in America now.

http://www.nytimes.com/2014/02...

Slashdot Top Deals