Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re: Figures (Score 2) 358

by thogard (#49540877) Attached to: iTunes Stops Working For Windows XP Users

I find it odd that there isn't a well known man in the middle SSL-> TLS 1.2 proxy for XP that can fake things enough to work for most programs.

The entire XP TCP/IP stack can be replaced and there are replacement WINSOCK versions for XP.

With the large number of programs that talk to specific hardware that simply won't run on anythign newer than XP, combined with how many machines are still functional for their users, it will be around for a very long time. Remember that Microsoft has only dropped free support for the consumer version of XP and paid support (and some free support) will be going on for another 4 years.

Comment: Re:How about basic security? (Score 2) 381

by thogard (#49517613) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

Scanning IPv6 isn't as hard as you make it out to be. I look at it more like using dictionary attacks rather that sequential scans. The 1st 64 bits are known if your after a specific target. It is also trivial to know if a given /64 is even used. A tree of all known used /64 shouldn't take long to create.

The 64 bits of the host is a bit different. They could be fully random (which is rare) or they are allocated based on mac address or statically assigned. The mac addresses means that 40 bits of the address are known if you know anything about the targets buying habits (i.e. they tend to buy Dell or Polycoms). That leaves 16 million guesses which can be reduced based on the vendor or the product version you which you intend to exploit once you find a target.

You may not be looking for one in 2^64, but a network of devices that all may have many addresses and you might only need one.

The static address assignment space isn't very large as well as netadmins like using :: when they type in addresses so they are unlikely to be random. That means their 1st network will be 0::something and their second is likely to be 0001::something. Oddly enough you might find they skip ::a and use ::8,::9,::10 as well or use something that match with their existing ip v4 address so things like ::192:168:1:1 is very likely.

All these things mean that Monte Carlo scans of a specific IPv6 allocation on a remote network is well within the ability of small time hackers.

Throw in a firewall that isn't filtering IPv6 properly and that will result in remote exploits of internal devices.

Comment: https^wmetadata everywhere (Score 2) 70

by thogard (#49507617) Attached to: Chrome 43 Should Help Batten Down HTTPS Sites

The push for https everywhere also means there is more metadata floating around. If all your are looking at is the metadata and not the data stream, https gives an observer more info about what is going on than with just http. Once you get into properly verifing certs, both sides and an observer has more info to tie a converstaion between a specific client and a server.

You can see this yourself by getting something that does netflow and look at the data that comes from that.

+ - ICANN and the MPAA

Submitted by rs79
rs79 writes: There has been widespread dissatisfaction that ICANN has been co opted by Intellectual Property types and this revelation from the Wikileaks Sony Email archive sheds some light on the matter: "The MPAA will be actively participating and working with the ICANN steering committee and the US government to make the LA meeting a meaningful event".


There are 36 other references to ICANN in the Sony emails which makes for a fascinating glimpse on how a media giant sees and treats the organization.

Comment: Re:So basically he is acting like every other MD? (Score 2) 320

by rs79 (#49501967) Attached to: Columbia University Doctors Ask For Dr. Mehmet Oz's Dismissal

Actually chinese snake oil actually works - it' made from water snakes with a high Omega 3 content and is still sold today. It has proven efficacy at a topical liniment to relieve inflammation mostly in joints..

American snake oil was made from rattlesnakes who ate mice and contained no Omega 3 and didn't do anything. So it's really a pejorative of the patent medicine industry in the US, and a known working product in Asia. It says more about the person using it that doesn't know this than it does about anything else.

That is it's not really hokum the pharma industry just fucked it up without knowing what they were doing and never tested it properly. If you watch Ben Goldacre's Ted talk you'll see the exact same thing happens today and if you look at the history of scurvy it's been going on for at least 500 years.

And they always say they're right of course.

Comment: The thing is... (Score 1) 320

by rs79 (#49500535) Attached to: Columbia University Doctors Ask For Dr. Mehmet Oz's Dismissal

Evidence based medicine is commonly wrong because the evidence is interpreted incorrectly.

Around the 1600s, cedar leaf tae saved Jacques Cartier's crew from scurvy, 25 died the rest were save and when he got back to France was told there as no evidence this worked.

Prior to that Vasco de Gamma nearly diet near the Cape of Good Horn but his crew found eating citrus fixed it.

Hundreds of years later, evidence showed citrus prevented scurvy and it became institutionalized. Later it was boiled on copper kettles (which neutralize the C) and nobody noticed it didn't work any more as diets had improved, until sailors and polar explorers began dying. Similarly at around the same time the new process of warming babies milk to kill bacteria also killed the vitamin C and a new disease of the rich emerged: infantile scurvy. By 1933 vitamin C had be found and scurvy became much less widespread.

The point is scurvy has been around for 20 million years, it' s in recorded history for 5500 years but as of the Scott Antarctic expedition people were still dying of it despite cures being known since Egyptian times ("bitter herbs" all have ascorbate). It's not that the evidence is lacking, it's that there's a disruptive influence from commerce and industrialization. Some unintentional, some because of vested interest. History records that "the evidence was contradictory" and while this is true it never stopped being true that two fresh citrus a day prevented and even cured scurvy, of course more was better, ascorbate does not take up into the body in hours it takes days. so any time i the past 500 years it's been true people have been saying "look I know if I eat fresh fruit I won't get sick" while the medical community insisted, no, it' something else we disproved that. During Scott's antarctic mission the medically accepted ce for scurvy was a brew called "vitriol" containing sulphuric acid. That where evidence based medicine got you and this is one of the reason it's a UN right that you can deterring your own course of treatment to any illness. Science is just a sure it's right the nit's wrong as it is when it's right and it's been worn as recently as elat year, the recent fats ans cholesterol deacle as well as finding out sugar is the cause of cholesterol is proof at least to me that the conventional wisdom is neither.

It cannot be said this does not exist today. I'm not a TV guy and have only a very casual knowledge of the claims he made. ome I know are wrong and know why there are right and I know why but are rejected by industry. Given the near complete control by industry of antu to do with pharmaceuticals they are not the best ones to adjudicate this. The belief that if it's in our pharmacopoeia it's good and anything that isn't is bad it fatally flawed in many many ways.

I don't think they'll pursue this very far. All it's going to take is one thing Oz says that works that they say doesn't but actually does and now everything else they say is in question.

If you have unwavering faith in the pharmaceutical industry to be acting only out of the best interests of your health in an ethical manner at all times then you must not have seen these:


But once you accept the premise they're not infallible than anything they say must be regarded with some scepticism. Goodness knows it wouldn't be the first time something from science for so long only to be ridiculed - for decades or even a century - before being accepted by mainstream medicine despite the evidence it worked being there all along: in the past 10 years therapeutic use of niacin, fish oils and the gut flora hypotheses have been examples of this.

Another way to look at this is the harm done. For all the crazy things Oz said where's the pile of bodies? It's the usual metric governments use for these sorts of things. Now compare that to the pile of bodies (zero) with the pharmaceutical industry (who are the ones complaining he is dangerous, nobody else has budget and time to bother with this, and make no mistake, sales are down) from unintended side effects: 60 - 100,000 every year in the US in no small way making the medical system the third leading cause of death in the US behind Cancer and heat disease.

I realize how crazy this all sounds. But it's only crazy if it's not true. I've looked at this for some years now and the evidence is pretty overwhelming and there's a lot to learn.

To the landlord belongs the doorknobs.