Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:How about this.. (Score 1) 55

by BUL2294 (#49564505) Attached to: Supreme Court To Consider Data Aggregation Suit Against Spokeo
Huh? How does a EULA apply here???

First, most people have never heard of "Spokeo", so how would Spokeo have an EULA that applies to the public at-large? What, they claim that an EULA applies to anyone they collected data on?--NO WAY. Second, if an EULA can trump a right provided by Federal law (in this case the Fair Credit Reporting Act, "FCRA"), then the "big 3" credit-reporting Agencies (Equifax, Experian, TransUnion) would have used EULAs long ago to stamp out FCRA violation lawsuits & their need to hold accurate data. Finally, if you read the articles, the potential exists where people could sue data aggregators under the Fair Credit Reporting Act for "perceived harm". (After all, the $1000 award in a FCRA lawsuit is statutory). As of right now, data aggregators have little incentive in ensuring their data is correct--beyond making sure that inaccuracies are below a certain level of tolerance to their paying customers. But the harm inaccurate data could cause to you as an individual can be huge...

+ - Supreme Court to consider data aggregation suit against Spokeo

Submitted by BUL2294
BUL2294 writes: Consumerist and Associated Press are reporting that the Supreme Court has taken up the case of Spokeo, Inc. v. Robins — a case where Spokeo, as a data aggregator, faces legal liability and Fair Credit Reporting Act violations for providing information on Thomas Robins, an individual who has not suffered "a specific harm" directly attributable to the inaccurate data Spokeo collected on him.

From SCOTUSblog: "Robins, who filed a class-action lawsuit, claimed that Spokeo had provided flawed information about him, including that he had more education than he actually did, that he is married although he remains single, and that he was financially better off than he actually was. He said he was unemployed and looking for work, and contended that the inaccurate information would make it more difficult for him to get a job and to get credit and insurance." So, while not suffering a specific harm, the potential for harm based on inaccurate data exists. Companies such as Facebook and Google are closely watching this case, given the potential of billions of dollars of liability for selling inaccurate information on their customers and other people.

Comment: Re:I don't get it (Score 1) 400

If he'd happened to have had the dog with him, and decided to have the dog give the car a once-over, fine.

Actually, NO. Read the ruling at

I'll spare you... Read page 11... Basically SCOTUS is saying that you can't suddenly decide to do your traffic duties "expeditiously" to gain bonus time to do "other things", like a drug dog sniff. If your purpose is to write a ticket, that's it. Rodriguez declined a search, he was detained & searched anyway, and it was outside the scope of writing a traffic ticket (and the usual stuff that goes along with that--drivers license check, proof of insurance, checking for warrants, etc.) Case closed, 6-3.

+ - Comcast's incompetence, lack of broadband competition force homeowner to sell 1

Submitted by BUL2294
BUL2294 writes: Consumerist has an article about a homeowner in Kitsap County, Washington who is unable to get broadband service. Due to inaccurate broadband availability websites, Comcast's corporate incompetence, CenturyLink's refusal to add new customers in his area, and Washington state's restrictions on municipal broadband, the owner may be left with no option but to sell his house 2 months after he bought it, since he works from home as a software developer.

To add insult to injury, says he has 10 broadband options in his zip code, some of which are not applicable to his address, have exorbitant costs (e.g. wireless), or are for municipal providers that are prevented from doing business with him by state law. Yet, Comcast insists in filings that “the broadband marketplace is more competitive than ever,” which appear to be very carefully chosen words...

Comment: Re:Funny thing... (Score 4, Interesting) 229

by BUL2294 (#49216369) Attached to: Listen To a Microsoft Support Scam As It Happened
(IANAL) In Illinois, and likely most other states, if you believe that a crime will take place during the recording of a phone call (and this does likely count as a felony), you can record it without permission of the other party. In addition, you are shielded from prosecution for breaking wiretapping laws & your surreptitiously recorded evidence can be used for prosecution.

Comment: Floppies and IDE still have options... (Score 1) 178

by BUL2294 (#49001519) Attached to: Ask Slashdot: With Whom Do You Entrust Your Long Term Data?
The OP is not considering some easy options for his/her IDE & floppy dilemmas...

IDE - Find a USB-IDE enclosure. Sure, nobody makes them anymore, but there are plenty of used ones out there for 3.5" and 2.5" drives. Spend 5 minutes on Craigslist or eBay.
3 1/2" floppy - Seriously? You can pick up a brand new USB 3.5" floppy drive for US$10 on Amazon (and eligible for Prime).
5 1/4" floppy - This one would take a little more effort--buy a FC5025 card, a used 5.25" drive, an old USB enclosure (with a Molex power connector)--if you don't own a desktop PC, put it all together. Or pay someone to do it...

Comment: It's worse-Verizon also injects for non-customers! (Score 2) 70

by BUL2294 (#48825365) Attached to: Ad Company Using Verizon Tracking Header To Recreate Deleted Cookies
Verizon also injects the UIDH header even for those who aren't Verizon customers--like those of Straight Talk, a reseller that uses Verizon's network.


Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers. Notably, Verizon appears to inject the X-UIDH header even for customers of Straight Talk, a mobile network reseller (known as a MVNO) that uses Verizon's network. Customers of Straight Talk don't necessarily have a relationship with Verizon.

Comment: Great, more items to ransomware! (Score 4, Informative) 252

by BUL2294 (#48733781) Attached to: The Missing Piece of the Smart Home Revolution: The Operating System
After reading a few Slashdot articles ago about ransomware, and given what can happen via hacking such devices, the last thing I want is more of my home-based devices going online. The last thing I want is for my IoT thermostat (of which many exist already) to get hacked. I can see the thermostat's screen now...

"We turned your thermostat up to 85 degrees and you can't change it. We want $5000 worth of Bitcoins in 72 hours--or we find out if your furnace perpetually on full-blast will burn your house down. Think we're kidding? We also know that you have an [some brand name] WebOS-based TV (it was easy--the IP address was the same as your thermostat) and an [some brand name] Android-based refrigerator that we also pwned. In 24 hours fridge will be set to 50 degrees spoiling your food, and in 48 hours your TV will be permanently stuck showing random videos from Xtube. So, your only options are to pay us or cut off power to your house--but when it comes back on, we still own your pwned devices! Good luck replacing the devices we pwned but didn't mention here... TIMER: 71:59:59...71:59:58...71:59:57......."

Seriously, I'm not for government regulation in a competitive landscape, but such devices, especially given their manufacturers will abandon writing security updates for them--6 months after the new model comes out, are ticking time bombs... I'm not about to replace my oven, furnace, dryer, refrigerator, thermostat, dishwasher, home security system, TV, toaster, and toilets every 3-5 years because someone thinks such devices should be IoT and wants to gather even more "big data" about me...

Comment: Do you mean getting 1099'd? (Score 2) 117

If you do mean getting a 1099 for the "loss", then you're wrong. Getting 1099'd (1099A or 1099C) is dischargeable in bankruptcy, even if you get the 1099 after you're discharged. All you do is file Form 982 with your taxes and it's gone. (Of course, IANAA - I am not an Accountant...) I filed BK7 in 2011, got discharged in 2012, and had a property foreclosed on that was discharged, and got a 1099-C in 2013. The full amount of the 1099-C was not considered income on my 2013 taxes (filed & payable in 2014...)

Comment: Re:Blameless Random Employees? (Score 1) 343

And who isn't to say that, as part of the hack, once they found someone high enough with the right credentials, they didn't create a couple of AD accounts? In mid-size organizations, identity management is dealing with thousands of accounts, having to create numerous exceptions for specific people and applications (oh, this Task Scheduler task can't allow for the account to change--and it needs super-duper-Admin rights to these particular servers; this Windows Service that runs on the production CRM server can't change password). So, a hacker could just hide some new accounts with fake descriptions for applications in-house (e.g. "SQL-Salesforce sync"), give them super rights even allowing for password changes, and presto... Or worse, pick such a valid account and start adding servers it has rights to. Security by Obscurity (ironically on the security platform).

Comment: No real need for updates, either... (Score 2) 343

The other advantage of the air-gapped network is that you no longer "need" to update the computers within the network with most of the security updates that come across Windows Update. Build them from DVDs & SPs with known hash values, never having connected them. Who cares if those PCs are still stuck on Win7-SP1 or Win8.1 RTM. Their primary attack vector (e.g. the big bad Internet) is unavailable. Even if these machines are built with malware, the worst that could happen is that they get erased, but the data still doesn't go out.

But what about e-mail? IM? Interwebs? Facebooking? Really??? Buy a 2nd, low end PC, wirelessly connect it to the corporate network, and volia! Hell, you could even use a KVM for this purpose, if you'd rather not spring for the expensive $400 laptops. Don't take the easy approach of connecting the networks in a way that only allows for RDP sessions--a determined hacker with unlimited funds (e.g. state sponsors) would figure that one out.

But what about Adobe Cloud or whatever program needs to connect to the Internet? Most such programs have alternative options for air-gapped networks (e.g. a license server), and a company like Adobe could be brow-beat by a company like Sony into disabling phone home. For high-risk applications where you can't talk your vendor out of phone-home, it's time to look for a new vendor...

Comment: Brian Krebs received one & posted it... (Score 4, Informative) 250

by BUL2294 (#48604101) Attached to: Sony Demands Press Destroy Leaked Documents
Brian Krebs got one, reported on it, and was kind enough to post it for the world to see Sony for their true colors...

Demand Letter:

I can hear Barbara Streisand's voice now... (Well, what I hear is "her" voice from the Mecha-Streisand "South Park" episode...)

Comment: Re:Something is dodgy here. (Score 2) 184

I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation.

False-flag operation or not, that's a crime. If someone within Sony (or hired by Sony--e.g. their cybersecurity contractor) sent such an e-mail, that person is doing the equivalent of "screaming 'fire' in a crowded theater, when there is no fire". Not protected by free-speech and that person should be criminally charged with a felony.

"Joy is wealth and love is the legal tender of the soul." -- Robert G. Ingersoll