Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Sounds like a lot of BS (Score 1) 119

by GrenDel Fuego (#31988186) Attached to: All GSM Phones Open To Attack, Tracking

I should say that I think a lot of the confusion comes in because it was a long talk covering a lot of different related topics, some related some not. There were bits covering calling IMSI info by acting as a tower, determining a phone's carrier by the block of numbers, the caller ID piece and more.

Comment: Re:Sounds like a lot of BS (Score 1) 119

by GrenDel Fuego (#31988158) Attached to: All GSM Phones Open To Attack, Tracking

The article is BS and overblown. The talk itself was interesting.

The "find the name of the subscriber" bit has to do with the fact that a lot of carriers register the mobile phone subscribers name with the caller ID database. Since most cellphones don't use caller ID and only pair the number with their local address book, you wouldn't notice this unless the cellphone is calling your landline.

They demonstrated a technique to use a VOIP line to call another VOIP line spoofing the calling number (say 555-555-0001). They then harvested the caller ID info and moved onto the next number (555-555-0002), creating a massive database of number/name combinations.

Kind of like wardialing in reverse (cycling through source numbers not destinations).

Comment: Re:Openfire (Score 1) 360

by GrenDel Fuego (#27487767) Attached to: Internal Instant Messaging Client / Server Combo?

I second Openfire. I set it up at work integrated into Active Directory for a user store, using Mysql replicating to a second box as a DR instance.

My server currently averages about 370 users per day or so, but I fully expect it to eventually handle the 1000+ employees in the company.

I don't use the chat logging functionality myself, but it is available in the product.

If you're using the Spark client you can also configure the FastPath plugin in order to create a "Live Support" chat queue for your helpdesk people so that other employees can talk to the next available person via a web interface.

Software

Symantec Support Gone Rogue? 268

Posted by Soulskill
from the less-than-helpful dept.
DigitalDame2 writes "PCMag Security Analyst Neil Rubenking has always praised Symantec's tech support. Lately, though, a number of readers have reported problems with chat support, so he investigated. Rubenking was trying to install Norton 360 version 3.0 on a malware-infested system when the computer crashed with a blue screen error. He connected with Symantec tech support and was told that they could fix the problem, but for a fee of $100! (Here is the transcript and screen-captures of the chat.) Even more, Symantec support suggested that he use a malware-removal tool that wasn't even made by Symantec."

Comment: Re:Ok then... (Score 5, Insightful) 244

by GrenDel Fuego (#26896967) Attached to: Researchers Hack Biometric Faces

I definitely disagree here. While passwords can be brute forced given enough time, your face is almost certainly available to someone who has access to get at your computer.

There is a difference between identification and authentication (your claim of who you are, and your proof of that claim). What you look like is identification.

Comment: Re:Have Teleco Block Outgoing International Calls? (Score 4, Insightful) 300

by GrenDel Fuego (#26176219) Attached to: Hacked Business Owner Stuck With $52k Phone Bill

If a stranger hacks my WIFI encryption in my neighborhood and downloads child prOn, warez, illegal MP3, etc.. through my router/IP that DOES NOT mean that I did it and I AM NOT responsible for those communications/transfers as I have made reasonable accommodations to prevent that (plus I shutter to think that any of my neighbors are into any of that).

There's a difference between criminal liability and financial. You wouldn't be convicted of downloading child porn (or shouldn't be at least), but if your internet access was pay as you go, you may still be required to pay for the bandwidth used.

Comment: Why would they do that? (Score 5, Informative) 300

by GrenDel Fuego (#26176037) Attached to: Hacked Business Owner Stuck With $52k Phone Bill

This certainly isn't the first time someone has exploited the phone system and stuck another with the bill. Maybe it's time for the phone company to get their fraud detection and prevention services at least on par with what the credit card companies have done.

As long as the customers are responsible for the charges, they have no business reason to invest in fraud protection.

Bruce Schenier refers to this as an externality, and had written about it a number of times in the context of credit card security and computer security.

http://www.schneier.com/blog/archives/2007/01/information_sec_1.html

http://www.schneier.com/blog/archives/2006/03/credit_card_com.html

http://www.schneier.com/blog/archives/2005/10/preventing_iden.html

Comment: Re:Why does wireless security suck so bad? (Score 2, Informative) 349

by GrenDel Fuego (#25347139) Attached to: Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

EAP-TLS is used for the key exchange process. The encryption used for the connection can either be TKIP, which uses rotating RC4 keys or CCMP which uses more secure AES encryption keys.

CCMP is the more secure choice, but is incompatible with older wireless cards. If you care about the security of your network, you are better off choosing hardware that supports CCMP.

Comment: Re:fair use (Score 1) 512

by neuroticia (#15283004) Attached to: Apple Sics Lawyers on SomethingAwful
"Apple reserves the service manuals to authorized service providers. To be authorized, they have to demonstrate their competence. If Apple doesn't act against anyone publishing their confidential service manuals in whole or in part without authorization, then they lose control of the service of Macs, which results in slipshod work performed by unqualified technicians." How many times do you ask the repair guy "Can I see your manual to verify that it's a valid copy?" If there's gonna be slipshod work, there's gonna be slipshod work regardless of who sees the manual. There are a million and ten "Fix your computer" businesses in NYC, for example. What's more appealing-having a college kid fix your Mac for 20 bucks an hour at your home, or schlepping the monster-Macs down to the Apple store/Tekserve? If you've got a laptop, I guess the answer's obvious- schlep away. But an iMac or a G5? Forget it. You practically have to hire movers.

6 Curses = 1 Hexahex

Working...