Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

+ - SSH Brute force Attackers Taken Down->

Submitted by Anonymous Coward
An anonymous reader writes: Cisco Talos and Level 3 communications have worked to take down a group that was conducting large scale SSH Brute Force attacks. At times the group was accounting for more than a third of the SSH traffic on the Internet. The threat has been known and action needed to be taken. Show your support by tweeting #DownWithSSHPsychos
Link to Original Source

+ - Sniff and decrypt BLE with Ubertooth->

Submitted by mpeg4codec
mpeg4codec writes: Hot on the heels of Omri Iluz's BLE-sniffer-on-the-cheap, I decided to write up the BLE (Bluetooth Smart) sniffer I built on Ubertooth. My sniffer is highly robust, can capture data from connections, and is 100% open source.

I also discovered a major flaw in BLE's crypto that allows an attacker to crack its encryption key and decrypt data, 100% passively. I wrote a tool called crackle that will automatically decrypt encrypted BLE data captured by Ubertooth.

Link to Original Source

Comment: Classified. You keep using that word. (Score 1) 243

by Da w00t (#45390293) Attached to: Apple Developing Curve Screen iPhones and Improved Sensors
I do not think it means what you think it means. Classified documents originate from a classification authority. There is no classification authority within Apple. Classification authorities are within the state and federal government. While Apple is large (and last I heard had more money than the federal reserve), that doesn't mean they can classify documents :)

Now, there can be trade secrets, that's an entirely different thing. :)

Comment: So, that KORUS treaty is still a problem, I think. (Score 4, Interesting) 378

by Da w00t (#44882411) Attached to: Obama Asks FCC To Make Carriers Unlock All Mobile Devices

Comment: Go with Linode. (Score 1) 375

by Da w00t (#38481512) Attached to: Ask Slashdot: Best Inexpensive VPS Provider?
I've been a customer for what feels like 10 years now. Their support is great, they have knowledgable people and yes, you do get root. You can have console access, just not graphical console access. (Who would want X running on a colocated server anyway?)

Here's their faq: http://www.linode.com/faq.cfm - They've got a great community, go pop on IRC on irc.oftc.net and join #linode. Ask your questions there if there's something you want to know that isn't in the FAQ.

Here's a referral link - you don't really need to use it, but if you do I'll get some free service as a thank you for referring you.

http://www.linode.com/?r=8304c52b0c2b67372d5dcbe998ee4e04271275d6

Comment: This explains why I still have a job. (Score 1) 388

by Da w00t (#38288104) Attached to: IT Pros Can't Resist Peeking At Privileged Info
I used to do sysadmin work professionally, and I still do it personally (I have a Linode VPS) where I host my personal e-mail, website, jabber server, and personal e-mail of family members. It's just one of those things that as a geek a lot of us end up doing.

One of the unspoken golden rules of trust was this: don't fucking read other people's e-mail. Period.

Now I do information security, where I keep my employer's network safe. This includes both external, and internal threats - such as domain admins going rogue, and abusing their powers (I've seen it happen, and wrote up the incident). It really bothers me that 1 out of 4 "IT Professionals" are unprofessional enough to violate the trust that has been granted them.

Comment: Valve != iD I suppose (Score 2, Informative) 520

by Da w00t (#33339682) Attached to: Steam Not Coming To Linux
iD software has historically produced Linux versions of their games; I remember fondly playing the quake(s), and doom 3 under Linux. While there have been lots and lots of reports over the years showing there is a Linux gaming market, it isn't a large enough market share for these game developers to put serious effort into it. I bet some of them actually see developing for Linux as a hindrance, even though most big game dev companies essentially abstract-out the bits between PS3, XBOX, Wii, PC, etc that are different.

Comment: Re:Well... (Score 1) 546

by Da w00t (#32039780) Attached to: Sony Sued Over PS3 "Other OS" Removal
One for me please. I want to know how to join too. In the mean time I'm boycotting everything that is sony. Which is hard, because they've already got thousands of dollars of my cash. But I won't be doing any of the following:
  • Going to the movie theatre (sony pictures)
  • Listening to sony music (I havn't bought RIAA music in years, so this isn't hard)
  • Purchasing sony hardware (AV equipment, etc)
  • Purchasing any video games

Comment: Things to do to lose me as a customer (Score 5, Informative) 373

by Da w00t (#31882184) Attached to: Media Industry Wants Mandated Spyware and More
Disable all analog outputs on my high definition devices (such as blu-ray players) - this is coming up in a couple years.
  • This makes a feature I paid for on my $1000 USD receiver for "multiple zones" absolutely useless. That very same feature is also crippled by default by Sony such that *only analog* video and audio can be piped to the other zones.

Charging extra for "digital download" for content I have already purchased a license for

  • I've intentionally not purchased many blu-ray discs because of the absurd crypto on them preventing me from watching that content on something besides a severely locked down combination of HDCP compliant players and display sets. When blu-ray's crypto is 100% broken like CSS for DVDs, then I'll start purchasing all my favorite shows in high definition on blu-ray. Until then, I'm downloading shows that I watch on TV in the US via BitTorrent.

Cable Companies that set the CCI bytes such that TV shows can't be transferred from one DVR to another

  • http://www.zatznotfunny.com/2009-09/tivo-and-the-cci-byte/ Cox Communications (my cable TV and cablemodem internet provider until I get Verizon FiOS) sets the CCI bit to prevent me from moving content off my TiVo. FiOS doesn't set these CCI bytes, and permits "multi room viewing" on both TiVo DVRs and their own FiOS DVRs. I've been working approximately a 66 hour work week for the past month and a half, and I can't be sure that when I have time between work and sleep to watch a TV show that it will be present on my DVR because other programs have been recorded and replaced it. So, back to BitTorrent.

MPAA/RIAA/friends suing their consumers instead of getting with the program and adopting the new world that they find themselves in

  • I stopped buying CDs entirely. I stopped buying music entirely. I now find music that I enjoy much more than the cookie cutter "formula" stuff I hear on the radio that artists put on their own website available for free. And you know what? I paypal them money as a thank you for producing the music. Direct cash to the artist. If you like ambient/chillout electronica, go to http://www.scene.org/ and look up the artist Xerxes.

Take away features with a software update

  • Yep, I'm pissed that instead of Sony fixing a software problem with a patch, they remove a feature all together. When was the last time that Microsoft told you that they were retroactivly removing support for Mice and all pointing devices in Microsoft Windows because of a Click-Jacking vulnerability? Fix the hardware or software bug you made and don't negativly impact your consumers, or live with the fact that users will get what they want out of what they purchased. Licenses be damned, I'll take a soldering iron to my Sony PS3 if I damn please.

This is now. Later is later.

Working...