Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Snowden will never leave Russia (Score 1) 252

The only way it would be even remotely safe for Snowden to return would be if he received a presidential pardon for any "crimes" he committed while revealing the NSA spying activities. However, do President will do this for fear of being branded a "in league with a traitor." Even if a President were to pardon Snowden, you can bet he'd be under constant surveillance and the first time he stepped out of line (say, drove 5mph over the speed limit), he'd wind up getting the maximum penalty. This could be used to harass him and make his life miserable. He could also wind up the victim of a "horrible freak accident." He's angered a lot of people who have a lot of power and his actions have made it slightly harder for those people to get even more power. This isn't the kind of thing that just vanishes because one person says he's pardoned.

Comment Re:What's Wordpress walling ... (Score 1) 79

The attack surface isn't a small one, but that doesn't mean that law enforcement will be dedicating tons of resources to catch anyone who utilizes the attack. If the compromised sites are small, law enforcement might not care enough to do anything other than fill out a police report. If the attackers are based outside the US, local law enforcement will do nothing and Federal law enforcement might not be able to touch them.

Just because a lot of sites might be compromised doesn't mean law enforcement can clamp down on anyone who uses the attack vector.

Comment Re:What's Wordpress walling ... (Score 1) 79

Considering that I work with WordPress on a daily basis - both on a surface level (installing plugins/themes) and on a deeper level (coding plugins and themes) - yes I do know what it is. If you hacked someone's WordPress installation, you could alter their theme to include ads or you could change content to link to sites of yours. You could also install plugins to perform actions such as e-mailing people (i.e. sending spam) or adding forms for users to fill out that collect personal information (i.e. phishing). All of these could wind up giving you (as the hypothetical WordPress hacker) money.

Comment Re:Well.... (Score 2) 580

I think that the militarization also amplifies the bad eggs in police departments. Years ago, a potential bad cop who gets off by enforcing his power over others might get a gun to play with. That was good for them, but had limited impact. Now, he can essentially be part of a paramilitary organization with all the equipment a group like that would have. This attracts more people who want to be cops not to enforce the law or help people, but to wield power over others which leads to peaceful protests being met with military-style responses.

Comment Re:Skeptical (Score 2) 580

In defense of the honest cops who don't rat out the dirty cops, there seems to be a "protect your own" atmosphere in police stations. What happens there is immense pressure not to finger a fellow officer no matter what they did. Breaking this code can result in your life being made a living hell - and considering the powers most police get, they are well equipped to make someone's life a living hell.

This isn't meant to excuse the honest cops' silence, but to explain why it'll take more than a couple of honest officers speaking up to change the situation. There needs to be a change in the culture of law enforcement organizations to value honesty and following the law over "standing with your fellow officer no matter what."

Comment Re:Highest Profit (Score 3, Insightful) 580

There are definitely the "person should have done X differently" scenarios, but there are also scenarios where the officers enter the encounter already expecting it to go south and itching to use whatever they have available to them against their alleged perpetrator (e.g. taser guns, regular guns, choke holds, etc.). In this case, there should also be mandatory training for officers on how to deal with people who don't immediately comply. Sometimes, the people might not be able to for some reason and responding by pulling out the taser or the gun might not be the best method to resolve the conflict. Furthermore, officers who do use inappropriate levels of force should be tossed out and not simply "given a desk job" or "transferred to another department."

Comment Re:What's Wordpress walling ... (Score 1) 79

Even if the attacker was stupid enough to use their own home connection (as opposed to using a bot net, VPN, or some other method of obscuring his IP address), that doesn't mean he'll be caught.

When my identity was stolen, I had to prompt the police to track down the online form that was used. We finally got the IP address used to submit the form as well as the exact date and time that it was submitted. This means we caught the criminal, right? Wrong. This IP address was in another jurisdiction and the police weren't motivated to devote a lot of resources to something that would wind up out of their jurisdiction. The investigation fizzled and nobody was ever charged for anything. Again, it doesn't mean we had the criminal's IP address, but it was a solid lead and the electronic nature of the evidence plus the different jurisdiction worked against me getting any resolution.

The same would be true of a WordPress hacker. You might have an IP address, but will the police listen to "my website - - was hacked, here's an IP address in another state/country"? Would they actually put in the time and effort to pursue this criminal? Or would they have you fill out a police report and then file it under "don't care enough/not enough resources to pursue"? Unless you could prove that your hacking was part of some larger criminal organization, my guess is it would be the latter.

Comment Re:What's Wordpress walling ... (Score 1) 79

Do you seriously think that a hacker that broke into a site to place ads on it is going to rely on their money being delivered physically to some location that's likely to have police around it? Their money will be electronically transferred to an account in a country that looks the other way (or, at least, will look the other way for a "reasonable fee"). If the hacker is in the US, the money will transfer through a few different accounts so that the trail is difficult to follow. If the hacker is actually in one of these countries, he might be all but untouchable. The hacker might also be working with a criminal organization that has political pull in their area. (Read: If you oppose them, you and your family wind up dead.)

People hack websites and make money from it every day. If hacking sites wasn't profitable, security would be less of a concern. (NOTE: It would still be a concern as people hacking "for the fun of it" would still exist, but those people are outweighed by the "hacking for profit" folks.)

Comment Re:Change Username From Admin (Score 1) 79

Agreed. I use a plugin called Apocalypse Meow to do this, but there are a dozen others that can do the same. It's not a perfect solution (attackers can come at you from thousands of compromised computers under their control), but the more speed bumps you place in a potential hacker's way, the more likely he is to decide to skip your site and focus on an easier target. (It's the security equivalent of not needing to run faster than a bear, just faster than other people who are running away from the bear.)

Comment Change Username From Admin (Score 4, Informative) 79

One of the first things you should do with any WordPress installation is make sure that the admin username isn't "admin", your site's name, "administrator", or simmering else that is easily guessable.

I have a login limiting plugin on my sites that keeps track of bad logins. Over 90% of bad login attempts use admin, the site name, or administrator. Making the admin username difficult to guess greatly decreases the chances that someone will brute force their way into your system.

Comment Re:I don't think it will mean much (Score 1) 203

My guess is that self-driving cars will, in the case of accidents, have a "black box" that will be able to tell investigators just what was going on with the car including whether self-driving mode was engaged or not. So if the accident investigators determine that your car was at fault, but your car was in self-driving mode at the time, you'd be off the hook for liability.

Comment Re:Please add this to the FAQ (Score 4, Insightful) 176

The thing is most government security agencies aren't saying "ban all encryption" but are saying "just give us 'law enforcement only' backdoors into all encryption." They try to present this as some kind of reasonable compromise, but they ignore the giant, gaping hole they'd create. No backdoor can be totally secured as "law enforcement only." At some point, someone will figure out how to spoof their way in. And then that "wonderful-encryption-with-government-backdoors" will be worthless. Except the politicians prefer to ignore this problem and just shout "TERRORISTS COULD USE ENCRYPTION" louder and louder as if that's an argument against it. (Terrorists also breathe air. We should ban all air!)

Comment Re:What John King [and Bill Gates] did to NY Schoo (Score 1) 30

As the parent of two kids in public school in New York, I can personally attest that John King was horrible. He pushed a high stakes testing regime whose only purpose seemed to be funneling money to Pearson. When parents complained at a public forum he hosted, he responded by refusing to hold any more public forums until he could change them around so nobody could complain at them. In short, the parents were responding to his changes with valid concerns (e.g. kids stressing out with tests so much they were vomiting on their papers) and he "addressed" these concerns by refusing to listen to feedback and doubling down on his failing strategy.

Sadly, once he left, Governor Cuomo has not only continued down the path John King was headed, but has made matters much worse. Cuomo's made it clear that he won't be happy until all public schools are closed and are replaced by business run charter schools (whose businesses contribute to his campaigns).

1: No code table for op: ++post