Forgot your password?

Comment: Re:Wrong paradigm here (Score 2) 187

by Lesrahpem (#46671745) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?

For example on a CentOS system you might allow your webserver to make outgoing SMTP connections via something fun like this: "iptables -A OUTPUT -m owner --cmd-owner httpd --dest-port 25 -j ACCEPT". (Why CentOS? Because it matches the command against HTTPD. On Debian systems the webserver process is more typically called 'apache2'.)

The cmd-owner match was removed in kernel 2.6.14 because it was broken with SMP.

Comment: Re:Wrong paradigm here (Score 3, Insightful) 187

by Lesrahpem (#46671399) Attached to: Ask Slashdot: User-Friendly Firewall For a Brand-New Linux User?
The parent poster is correct. Windows and Linux are totally different animals in regards to firewalls. There is only one firewall for Linux and it is built into the system. IPTables is how the firewall is configured. All other tools are just front-ends or wrappers for IPTables.

IPTables doesn't have support for application-based firewalling. You can do that kind of thing using something lilke the Grsecurity patch for the kernel, but it is not for beginners.

Grsecurity will let you create policies exactly like what you're talking about and then some. For example, it will allow you to create a policy limiting which files and folders a given program can access. To be specific, on my machine I have a policy that Firefox can only write data to it's own folders and to my Downloads directory, and can't execute/run any files inside those folders. That way, if somebody hits me with a drive-by download or something it simply won't work.

Comment: Re:Despite all of the complaining about it... (Score 1) 627

by Lesrahpem (#44550671) Attached to: Your preferred Linux distribution for 2013?

Where ALSA fails in it's most basic configuration is it's ability to handle multiple simultaneous audio streams. One stream going directly to an ALSA device, locks that device for playback thereby preventing any other application from using it.

This is only true if you have a shite sound card which doesn't support multiple audio streams.

Comment: Re:Brain discrimination (Score 1) 187

by Lesrahpem (#43292427) Attached to: Brain Scans Predict Which Criminals Are More Likely To Re-offend

It's not illegal to discriminate against people on the basis of their brain activity. Should it be? Can you judge someone on the basis of their biology? Is it really that person's fault anymore if a part of their body predelects them to wrongdoing? Where does liability start? Can you fix people? Should you?

Too many questions about really understanding the brain that our primitive moral system could begin to address.

Does it really matter whose "fault" something is? Discrimination based on assumptions, regardless of the basis, should certainly be illegal. However, discrimination based on objective, observable things shouldn't be. For example, it should be illegal to discriminate against potential employees based on ethnicity. It should not be illegal to discriminate against people with a measurably low IQ when the job can be shown to require a higher IQ. It doesn't, or shouldn't, matter that a person's intelligence quotient isn't exactly their fault.

Comment: Re:Good (Score 1) 459

This information was on a public webserver without any type of authentication. If a large company like AT&T is irresponsibly handling customer data in this way the public should absolutely be informed immediately. Mr. Aurenheimer could have handled the situation better, but I do not think his actions should be criminalized at this level. Did he endanger people by blowing a whistle? Yes. Did he compromise a secure computer system to do so? No. IMHO this should fall more under "creating a panic" or something.

Comment: Re:YAWN (Score 1) 242

by Lesrahpem (#43043099) Attached to: China Says It Is the Target of US Hack Attacks

Wake me when American military hackers are targeting Chinese civilians.

Is it so hard to believe that something like that may actually be happening already? Afterall, many of the operations conducted by our intelligence agencies (namely the CIA) are aimed at people many would consider civilians.

If I'm a national intelligence service and I want to create a botnet for military purposes, I also want to have plausible deniability. So, I construct my botnet the same general way criminals do. I hijack civilian computers, I purchase services through stolen credentials and fake ID's, etc.

Comment: Re:What if.. (Score 1) 242

by Lesrahpem (#43043077) Attached to: China Says It Is the Target of US Hack Attacks

Or maybe they hacked our Internets and burned down our firewall? Seriously, IP spoofing is not as useful as the movies make it out to be.

Spoofing IPs is easy, but it's only effective in a few situations, such as when you're sending a message with no expectation of a reply (e.g. spam e-mail, DDoS attack, etc.). If you're trying to break into someone's system, you need to be able to get a response back, and that means providing an IP address you can be reached at to your target. Now, you may try to anonymize your IP address somehow, such as through the use of proxies, VPNs, and other such technologies that can allow you to hide behind or within someone else's system, or you may spoof an IP address of a zombie computer you control and can use to route return packets to you, but at some point, an IP address you control needs to be provided to someone else, otherwise you have no way of getting back a response, and that address can be traced.

I think the point still stands that it's possible for an attack to appear to originate from a location different from where it actually did. What is to stop someone from using a hijacked wifi access point to attack servers in, let's say France, and then use those French servers to launch attacks on Australian businesses?

I have personally witnessed an attack where computers owned by an American company were infected with a persistent agent designed to infect computers in a specific business in China (during a visit of the American execs to the Chinese location), for the purpose of then using the hijacked Chinese computers to conduct industrial espionage against another American company which also conducted business with that Chinese company. The actual attackers were neither American nor Chinese.

Comment: Re:About time. (Score 1) 242

by Lesrahpem (#43043021) Attached to: China Says It Is the Target of US Hack Attacks

How do you know China isn't simply counting a hacked home box sitting on a cable connection as a governmental hack?

Perhaps we should be asking the same of our government? Whose to say that many of these "Chinese hackers" we keep hearing about aren't, in fact, hackers from elsewhere using compromised machines on Chinese networks?

Comment: Re:Thou shalt not steal (Score 1) 116

by Lesrahpem (#42996181) Attached to: Hector Xavier Monsegur, Aka Sabu, Dodges Sentencing Again

The plea bargain system in particular is appalling. Either accept a lesser charge or we'll hit you with everything and nail you to the wall somehow. And indeed that is what is happening here.

In addition to that, many people fail to realize that sentencing modifications made in a plea bargain are generally not binding. The prosecution can recommend whatever, but the actual sentence is entirely up to the judge.

Comment: Re:He's a pathetic snitch who will have no friends (Score 1) 116

by Lesrahpem (#42996167) Attached to: Hector Xavier Monsegur, Aka Sabu, Dodges Sentencing Again

If you're willing to break the law as an activist then be prepared to go to prison for as long as necessary. That is something that hacktivists and activists need to start thinking about and planning for.

Part of what is being protested here is the legal system itself and the (often) ridiculous sentences it doles out. Yes, activists should be prepared to face the consequences of their actions, but should not be expected to be quiet about them.

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.