Forgot your password?
typodupeerror

+ - Is running mission-critical servers without a firewall a "thing"?

Submitted by Anonymous Coward
An anonymous reader writes "I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns."

+ - Six Ways Big Telecom Tries to Kill Community Broadband

Submitted by Jason Koebler
Jason Koebler (3528235) writes "Beyond merely staying out of each other's way in many big cities, ISPs have managed to throw up legal, logistical, and financial roadblocks at every turn to prevent municipally owned fiber networks from taking hold in many parts of the country.
The lobbying money is well-documented, but some of the other strategies, such as threatening to cut off business with companies who help build municipal fiber networks, are less known. Catharine Rice of the Coalition for Local Internet Choice, says there are at least six distinct tactics national telecom companies have perfected to do this."

+ - A 24-Year-Old Scammed Apple 42 Times In 16 Different States-> 1

Submitted by redletterdave
redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn’t really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that’s the problem with this system: as long as the number of digits is correct, the override code itself doesn’t matter."
Link to Original Source

+ - Cellphone Unlocking Bill Has One Big Gotcha-> 2

Submitted by itwbennett
itwbennett (1594911) writes "The cellphone unlocking bill that passed in the House of Representatives on Friday, and which President Obama said he would sign, comes with a catch that will likely prevent you from switching carriers — at least right away: Your existing wireless contract takes precedence over the law. So if your wireless contract says that you can't unlock your phone until your contract expires, you can't do it."
Link to Original Source

+ - Silicon Valley has created an imaginary staffing shortage->

Submitted by walterbyrd
walterbyrd (182728) writes "As longtime researchers of the STEM workforce and immigration who have separately done in-depth analyses on these issues, and having no self-interest in the outcomes of the legislative debate, we feel compelled to report that none of us has been able to find any credible evidence to support the IT industry's assertions of labor shortages."
Link to Original Source

+ - Bird flocks resemble liquid helium->

Submitted by sciencehabit
sciencehabit (1205606) writes "A flock of starlings flies as one, a spectacular display in which each bird flits about as if in a well-choreographed dance. Everyone seems to know exactly when and where to turn. Now, for the first time, researchers have measured how that knowledge moves through the flock—a behavior that mirrors certain quantum phenomena of liquid helium. Some of the more interesting findings: Tracking data showed that the message for a flock to turn started from a handful of birds and swept through the flock at a constant speed between 20 and 40 meters per second. That means that for a group of 400 birds, it takes just a little more than a half-second for the whole flock to turn."
Link to Original Source

+ - The Long and Winding Road to the Surveillance Society->

Submitted by smugfunt
smugfunt (8972) writes "There is a new blog post by Adam Curtis tracing some of the strange connections and interesting characters in the evolution of the digital Panopticon we find ourselves living in. He posits that many of the data-driven systems now used in all sectors of society have the effect (deliberate and accidental) of forestalling change/fostering stability. As always, he brings to our attention some hitherto unnoticed 'men behind the curtain'."
Link to Original Source

+ - Pi Power - the power supply the Raspberry Pi *should* have come with->

Submitted by nsayer
nsayer (86181) writes "The Raspberry Pi is awesome. There's only one thing I dislike about it — how you're meant to power it. Crappy USB power supplies are ubiquitous, and the power more or less goes straight onto the +5 rail. Not only that, but the micro USB connector is SMT, and USB cables are much thicker and heavier than their 2.1mm barrel connector cable counterparts. No, it's just not the best tool for the job.

So I made Pi Power. It's a small board that sits on the GPIO pins (it comes with a stacking header so you can piggyback onto it) and has a 2.1mm barrel connector that will accept any DC voltage from 6-15 volts and output up to 2A of well regulated 5V power.

I sell them on Tindie for $15 ( https://www.tindie.com/product... ) and am running an IndieGoGo campaign to fund building 1000 of them at http://igg.me/at/PiPower ."

Link to Original Source

+ - Ask Slashdot: After TrueCrypt->

Submitted by TechForensics
TechForensics (944258) writes "(Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?"

Link to Original Source

+ - Enraged Verizon FiOS Customer Seemingly Demonstrates Netflix Throttling->

Submitted by MojoKid
MojoKid (1002251) writes "The ongoing battle between Netflix and ISPs that can't seem to handle the streaming video service's traffic, boiled over to an infuriating level for Colin Nederkoon, a startup CEO who resides in New York City. Rather than accept excuses and finger pointing from either side, Nederkoon did a little investigating into why he was receiving such slow Netflix streams on his Verizon FiOS connection. What he discovered is that there appears to be a clear culprit. Nederkoon pays for Internet service that promises 75Mbps downstream and 35Mbps upstream through his FiOS connection. However, his Netflix video streams were limping along at just 375kbps (0.375mbps), equivalent to 0.5 percent of the speed he's paying for. On a hunch, he decided to connect to a VPN service, which in theory should actually make things slower since it's adding extra hops. Speeds didn't get slower, they got much faster. After connecting to VyprVPN, his Netflix connection suddenly jumped to 3000kbps, the fastest the streaming service allows and around 10 times faster than when connecting directly with Verizon. Verizon may have a different explanation as to why Nederkoon's Netflix streams suddenly sped up, but in the meantime, it would appear that throttling shenanigans are taking place. It seems that by using a VPN, Verizon simply doesn't know which packets to throttle, hence the gross disparity in speed."
Link to Original Source

+ - Mark Zuckerberg now richer than Google co-founders and Jeff Bezos->

Submitted by Anonymous Coward
An anonymous reader writes "Facebook's Chairman Mark Zuckerberg is now richer than Google co-founders Larry Page and Sergey Brin; not letting Amazon's CEO Jeff Bezos out of the picture.

The 30-year old Facebook founder is now worth $33 billion after he earns $1.6 billion on Thursday(today) after his company went up from $71 per share on Wednesday to $73 per share on Thursday. Facebook, on the other hand, is now valued at $205.57 billion"

Link to Original Source

+ - Experian breach exposed 200 million Americans' personal data over a year ago

Submitted by BUL2294
BUL2294 (1081735) writes "CNN Money is reporting that, prior to the Target breach that exposed information on 110 million customers, and prior to Experian gaining Target's "identity theft protection" business from that breach, Experian was involved a serious breach, to which nobody admits the scope of. Their subsidiary, Court Ventures, unwittingly sold access to a database to a Vietnamese fraudster named Hieu Minh Ngo. This database contained information on some 200 million Americans, including names, addresses, Social Security numbers, birthdays, work history, driver's license numbers, email addresses, and banking information. "Criminals tapped that database 3.1 million times, investigators said. Surprised you haven't heard this? It's because Experian is staying quiet about it. It's been more than a year since Experian was notified of the leak. Yet the company still won't say how many Americans were affected. CNNMoney asked Experian to detail the scope of the breach. The company refused. "As we've said consistently, it is an unfortunate and isolated issue," Experian spokesman Gerry Tschopp said.""

The biggest mistake you can make is to believe that you are working for someone else.

Working...