Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Comcast's incompetence, lack of broadband competition force homeowner to sell 1

Submitted by BUL2294
BUL2294 (1081735) writes "Consumerist has an article about a homeowner in Kitsap County, Washington who is unable to get broadband service. Due to inaccurate broadband availability websites, Comcast's corporate incompetence, CenturyLink's refusal to add new customers in his area, and Washington state's restrictions on municipal broadband, the owner may be left with no option but to sell his house 2 months after he bought it, since he works from home as a software developer.

To add insult to injury, BroadbandMaps.gov says he has 10 broadband options in his zip code, some of which are not applicable to his address, have exorbitant costs (e.g. wireless), or are for municipal providers that are prevented from doing business with him by state law. Yet, Comcast insists in filings that “the broadband marketplace is more competitive than ever,” which appear to be very carefully chosen words..."

Comment: Re:Funny thing... (Score 4, Interesting) 229

by BUL2294 (#49216369) Attached to: Listen To a Microsoft Support Scam As It Happened
(IANAL) In Illinois, and likely most other states, if you believe that a crime will take place during the recording of a phone call (and this does likely count as a felony), you can record it without permission of the other party. In addition, you are shielded from prosecution for breaking wiretapping laws & your surreptitiously recorded evidence can be used for prosecution.

Comment: Floppies and IDE still have options... (Score 1) 178

by BUL2294 (#49001519) Attached to: Ask Slashdot: With Whom Do You Entrust Your Long Term Data?
The OP is not considering some easy options for his/her IDE & floppy dilemmas...

IDE - Find a USB-IDE enclosure. Sure, nobody makes them anymore, but there are plenty of used ones out there for 3.5" and 2.5" drives. Spend 5 minutes on Craigslist or eBay.
3 1/2" floppy - Seriously? You can pick up a brand new USB 3.5" floppy drive for US$10 on Amazon (and eligible for Prime).
5 1/4" floppy - This one would take a little more effort--buy a FC5025 card, a used 5.25" drive, an old USB enclosure (with a Molex power connector)--if you don't own a desktop PC, put it all together. Or pay someone to do it...

Comment: It's worse-Verizon also injects for non-customers! (Score 2) 70

by BUL2294 (#48825365) Attached to: Ad Company Using Verizon Tracking Header To Recreate Deleted Cookies
Verizon also injects the UIDH header even for those who aren't Verizon customers--like those of Straight Talk, a reseller that uses Verizon's network.

From https://www.eff.org/deeplinks/...

Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers. Notably, Verizon appears to inject the X-UIDH header even for customers of Straight Talk, a mobile network reseller (known as a MVNO) that uses Verizon's network. Customers of Straight Talk don't necessarily have a relationship with Verizon.

Comment: Great, more items to ransomware! (Score 4, Informative) 252

by BUL2294 (#48733781) Attached to: The Missing Piece of the Smart Home Revolution: The Operating System
After reading a few Slashdot articles ago about ransomware, and given what can happen via hacking such devices, the last thing I want is more of my home-based devices going online. The last thing I want is for my IoT thermostat (of which many exist already) to get hacked. I can see the thermostat's screen now...

"We turned your thermostat up to 85 degrees and you can't change it. We want $5000 worth of Bitcoins in 72 hours--or we find out if your furnace perpetually on full-blast will burn your house down. Think we're kidding? We also know that you have an [some brand name] WebOS-based TV (it was easy--the IP address was the same as your thermostat) and an [some brand name] Android-based refrigerator that we also pwned. In 24 hours fridge will be set to 50 degrees spoiling your food, and in 48 hours your TV will be permanently stuck showing random videos from Xtube. So, your only options are to pay us or cut off power to your house--but when it comes back on, we still own your pwned devices! Good luck replacing the devices we pwned but didn't mention here... TIMER: 71:59:59...71:59:58...71:59:57......."

Seriously, I'm not for government regulation in a competitive landscape, but such devices, especially given their manufacturers will abandon writing security updates for them--6 months after the new model comes out, are ticking time bombs... I'm not about to replace my oven, furnace, dryer, refrigerator, thermostat, dishwasher, home security system, TV, toaster, and toilets every 3-5 years because someone thinks such devices should be IoT and wants to gather even more "big data" about me...

Comment: Do you mean getting 1099'd? (Score 2) 117

If you do mean getting a 1099 for the "loss", then you're wrong. Getting 1099'd (1099A or 1099C) is dischargeable in bankruptcy, even if you get the 1099 after you're discharged. All you do is file Form 982 with your taxes and it's gone. (Of course, IANAA - I am not an Accountant...) I filed BK7 in 2011, got discharged in 2012, and had a property foreclosed on that was discharged, and got a 1099-C in 2013. The full amount of the 1099-C was not considered income on my 2013 taxes (filed & payable in 2014...)

Comment: Re:Blameless Random Employees? (Score 1) 343

And who isn't to say that, as part of the hack, once they found someone high enough with the right credentials, they didn't create a couple of AD accounts? In mid-size organizations, identity management is dealing with thousands of accounts, having to create numerous exceptions for specific people and applications (oh, this Task Scheduler task can't allow for the account to change--and it needs super-duper-Admin rights to these particular servers; this Windows Service that runs on the production CRM server can't change password). So, a hacker could just hide some new accounts with fake descriptions for applications in-house (e.g. "SQL-Salesforce sync"), give them super rights even allowing for password changes, and presto... Or worse, pick such a valid account and start adding servers it has rights to. Security by Obscurity (ironically on the security platform).

Comment: No real need for updates, either... (Score 2) 343

The other advantage of the air-gapped network is that you no longer "need" to update the computers within the network with most of the security updates that come across Windows Update. Build them from DVDs & SPs with known hash values, never having connected them. Who cares if those PCs are still stuck on Win7-SP1 or Win8.1 RTM. Their primary attack vector (e.g. the big bad Internet) is unavailable. Even if these machines are built with malware, the worst that could happen is that they get erased, but the data still doesn't go out.

But what about e-mail? IM? Interwebs? Facebooking? Really??? Buy a 2nd, low end PC, wirelessly connect it to the corporate network, and volia! Hell, you could even use a KVM for this purpose, if you'd rather not spring for the expensive $400 laptops. Don't take the easy approach of connecting the networks in a way that only allows for RDP sessions--a determined hacker with unlimited funds (e.g. state sponsors) would figure that one out.

But what about Adobe Cloud or whatever program needs to connect to the Internet? Most such programs have alternative options for air-gapped networks (e.g. a license server), and a company like Adobe could be brow-beat by a company like Sony into disabling phone home. For high-risk applications where you can't talk your vendor out of phone-home, it's time to look for a new vendor...

Comment: Brian Krebs received one & posted it... (Score 4, Informative) 250

by BUL2294 (#48604101) Attached to: Sony Demands Press Destroy Leaked Documents
Brian Krebs got one, reported on it, and was kind enough to post it for the world to see Sony for their true colors...

Article: http://krebsonsecurity.com/201...
Demand Letter: http://krebsonsecurity.com/wp-...

I can hear Barbara Streisand's voice now... (Well, what I hear is "her" voice from the Mecha-Streisand "South Park" episode...)

Comment: Re:Something is dodgy here. (Score 2) 184

I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation.

False-flag operation or not, that's a crime. If someone within Sony (or hired by Sony--e.g. their cybersecurity contractor) sent such an e-mail, that person is doing the equivalent of "screaming 'fire' in a crowded theater, when there is no fire". Not protected by free-speech and that person should be criminally charged with a felony.

Comment: Re:$1tr question--Why is all this Internet-facing? (Score 1) 528

by BUL2294 (#48531383) Attached to: The Sony Pictures Hack Was Even Worse Than Everyone Thought
Explain how airgapping doesn't make you immune to Windows Updates? If your PC can't talk to Microsoft, and unless you're going old-school sneakernet with flash drives, how is it going to get updates? Most Windows updates solve some sort of security hole, usually caused by the execution of malicious software or some sort of security hole that's exploitable from the Internet. Take away "the Internet" and lock down what people can execute on their PCs within "the island" and problem solved. Yes, you now have a known unpatched security hole--but one that can't be exploited without access to the Internet. No malicious links, attachments, unauthorized software, browser toolbars, etc. Just people using limited specific software & specific versions on (for example) Windows 7-SP1.

As has been proven by Stuxnet and this breach, unlimited state-sponsored funds ALWAYS beats "networks with layered protection". Big-name companies that spend shitloads of money on security still get breached. 15+ years of "breeding a culture of corporate security" also hasn't worked. But if you require the network to have a physical presence, then you've eliminated your primary attack vector.

Comment: Re:$1tr question--Why is all this Internet-facing? (Score 1) 528

by BUL2294 (#48530431) Attached to: The Sony Pictures Hack Was Even Worse Than Everyone Thought
So how did companies handle such networks 20+ years ago, where employees in "other offices" (cities, other locations in the same city, etc.) could access files, databases, etc., without any vector out to the Internet? Wouldn't be that hard to create a disconnected network island "war room" in each office--disconnect some ports & buy new routers. The real issue ultimately becomes that you now might want to consider multiple such air-gappped networks (e.g. R&D, HR, Finance, etc.)

I have to assume that data breaches are much worse cost... This one has lost sales, lost goodwill, lawsuits, potential government fines (e.g. HR data), network design changes, etc. Even a $10 million air-gapped network would have been a bargain compared to this mess...

I'm still waiting for a massive Salesforce data breach... That'll be interesting when it happens.

Comment: $1tr question--Why is all this Internet-facing??? (Score 4, Informative) 528

by BUL2294 (#48528091) Attached to: The Sony Pictures Hack Was Even Worse Than Everyone Thought
With all the state-sponsored corporate & military espionage caused by China & Russia, with the never-ending probes from government agencies like the NSA/DHS/GCHQ/etc., with malware & ransomware attacks that can encrypt data in (generally) unbreakable forms, with criminal hacking organizations making off with millions of credit card numbers from retailers, with apparently no network controls as to how much data leaves company firewalls & where it goes, and so on, why aren't there more internal air-gapped networks in companies???

This has hit the point of absurdity. If you are working on military plane designs, working on your next corporate acquisition, or even making movies or music worth tens of millions of $$$, why would you put your prized, unreleased digital files on computers that have Internet access? What kind of batshit stupidity is that? What, so your employees can browse Facebook & check Outlook e-mail at the same time? Such an air-gapped network would easily become an island--one that doesn't need Windows Updates, can stay on an old service pack, gets no software updates that solves 2 problems and but makes a new one (e.g. we know the bugs), and the like. And if those employees really need their Outlook e-mail, IM, or the Inter-Webs where they work, they can have a 2nd very low-end PC, connected to the main network, with a KVM between the two. Might even increase efficiency, given the mind's inability to multitask well. Or give them freaking iPads on a wireless network that's not connected to their "sensitive" work computer.

It boggles the mind that given all these problems, which are increasing in frequency & cost every day, we still have little more than software firewalls & hardware routers between a company's most highly-sensitive assets (files & computers) and the big-bad-Wild-West-no-holds-barred-Internet.

Comment: Re:Ummm ... Duh? (Score 1) 165

And you know this, how??? We all know that it should happen this way, but we have no way of knowing for sure whether that's the case. If my IoT thermostat gets hacked & reprogrammed to burn my house down, which is connected to my IoT furnace, how do I know that the IoT furnace a) hasn't also been hacked, b) even has the requisite hardware you speak of?

Read up on the Therac-25 incidents of the 1980s... http://en.wikipedia.org/wiki/T...

"Now this is a totally brain damaged algorithm. Gag me with a smurfette." -- P. Buhr, Computer Science 354

Working...