Forgot your password?

Close
typodupeerror

+ - Ask Slashdot: Is it legal to spam a phishing site? 1

Submitted by MillerHighLife21
MillerHighLife21 writes "I'm at a business that has to deal with a lot of phishing attacks and we've spent a significant amount of time over the last year building security policies to deal with it (Geographic account locking, etc). It's helped to protect accounts when compromised, but the continued phishing is a huge annoyance and a waste of time. I've been wondering about trying to actively become just as much of a pain to them as they are to me by setting up a bot to spam the login forms of phishing sites that our users report to us until we get them taken down. I figure at the very least polluting the data they are gathering could help make it less effective or even potentially just drop in some fake logins that we can use to flag IP addresses that try to login with them. Anybody know if something like that would be legal?"
Mars

4-Billion-Pixel Panorama View From Curiosity Rover 101

Posted by samzenpus
from the take-a-look dept.
SternisheFan points out that there is a great new panorama made from shots from the Curiosity Rover. "Sweep your gaze around Gale Crater on Mars, where NASA's Curiosity rover is currently exploring, with this 4-billion-pixel panorama stitched together from 295 images. ...The entire image stretches 90,000 by 45,000 pixels and uses pictures taken by the rover's two MastCams. The best way to enjoy it is to go into fullscreen mode and slowly soak up the scenery — from the distant high edges of the crater to the enormous and looming Mount Sharp, the rover's eventual destination."
GNOME

GNOME 3.8 Released Featuring New "Classic" Mode 267

Posted by Unknown Lamer
from the extend-freely dept.
Hot on the heels of the Gtk+ 3.8 release comes GNOME 3.8. There are a few general UI improvements, but the highlight for many is the new Classic mode that replaces fallback. Instead of using code based on the old GNOME panel, Classic emulates the feel of GNOME 2 through Shell extensions (just like Linux Mint's Cinnamon interface). From the release notes: "Classic mode is a new feature for those people who prefer a more traditional desktop experience. Built entirely from GNOME 3 technologies, it adds a number of features such as an application menu, a places menu and a window switcher along the bottom of the screen. Each of these features can be used individually or in combination with other GNOME extensions."
Electronic Frontier Foundation

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Posted by Unknown Lamer
from the bending-the-rules dept.
Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"
Networking

Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks 179

Posted by Unknown Lamer
from the check-your-sources dept.
msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.
Google

Google Pledges Not To Sue Any Open Source Projects Using Their Patents 153

Posted by Unknown Lamer
from the now-and-forever dept.
sfcrazy writes "Google has announced the Open Patent Non-Assertion (OPN) Pledge. In the pledge Google says that they will not sue any user, distributor, or developer of Open Source software on specified patents, unless first attacked. Under this pledge, Google is starting off with 10 patents relating to MapReduce, a computing model for processing large data sets first developed at Google. Google says that over time they intend to expand the set of Google's patents covered by the pledge to other technologies." This is in addition to the Open Invention Network, and their general work toward reforming the patent system. The patents covered in the OPN will be free to use in Free/Open Source software for the life of the patent, even if Google should transfer ownership to another party. Read the text of the pledge. It appears that interaction with non-copyleft licenses (MIT/BSD/Apache) is a bit weird: if you create a non-free fork it appears you are no longer covered under the pledge.

Comment: 1st Corinthians 5, Verse 1-2 (Score 2) 1121

by MillerHighLife21 (#43291657) Attached to: USPS Discriminates Against 'Atheist' Merchandise

"1. can hardly believe the report about the sexual immorality going on among you—something that even pagans don’t do. I am told that a man in your church is living in sin with his stepmother.a 2. You are so proud of yourselves, but you should be mourning in sorrow and shame. And you should remove this man from your fellowship."

This is reiterated throughout the New Testament in Timothy and others but is never preached on that I've ever heard. I grew up in church, turned away from it for 6 years as an agnostic, and then came back after I finally sat down and started reading the Bible. When you actually read it, you'll be shocked at how heavily it's manipulated and abused on a daily basis for one purpose or another. If churches actually followed this rule of kicking out people who pretend to live one way and disgrace the entire congregation because of it you'd see dramatically less "duality" because the people who were there for show would no longer be there.

Churches should and do welcome people who are struggling with issues and seeking help. Everything from addictions to financial troubles. These people are not a problem. It's the people who try to visibly play the part with no intention of actually following through that continue to give the church a bad name.

Comment: Re:Work Ethic Propaganda (Score 1) 292

You're talking employers and he's talking about contract work. Contract work is usually hourly so you are always compensated for your time and it's usually paid at a mark up specifically because its a contract and not full time position. As a contract job it's an existing expectation that it will not be long term so why should you handle it any way other that as professionally as possible? That will land you more contract work at the high rate and let you continue your lifestyle.

A full time employee being asked to train their replacement is a whole different ballgame. That's down right offensive to ask somebody to do in many cases.

Comment: Re:I love doing that, actually (Score 5, Insightful) 292

Totally agree. I've always gone into projects with the goal of automating things (right down to outage buffering, failover, etc) to the point that they don't need me anymore. I take it as a point of pride and my work reflects it.

If you're taking any other approach, namely one that will force your client to remain attached to you I'd have to question your ethics, motive, and ability because what you're doing is creating a dependence on you that is borderline blackmail (if that's something you're doing).

So to the original question, help with a smile on your face, show him how the more complex pieces of the code work, document where possible and generally make sure that the tools are there for the project to continue to go on without you. They're either going to recommend you to other people because of how professionally you handled the transition and what a good job they did or they're going to be calling you back shortly when new guy isn't delivering at the rate you did. Drop off a copy of Mythical Man Month when you leave. Just leave it laying around the office somewhere. :-)

Comment: Re:Small numbers for Big Data? (Score 1) 57

by MillerHighLife21 (#43162177) Attached to: Book Review: Hadoop Beginner's Guide

There's an entire field dedicated to Data Warehousing who's entire focus is Big Data. Large companies with auditing requirements have to keep mountains of historical data. Business Intelligence is largely based on analyzing huge segments of data.

As storage gets cheaper and options for going through large amounts of data become more widely available, companies invariably store more data. The biggest difference is that while you previously would have simply chosen not to track certain types of data in your database...now you might.

Comment: DMARC (Score 4, Interesting) 187

by MillerHighLife21 (#42815735) Attached to: Ask Slashdot: How Do You Handle SPF For Spam Filtering?

That's what DMARC is for. It let's companies specify exactly how to handle their SPF (and DKIM) rules based on how thoroughly they have covered their bases. The company I work for deals with a ton of phishing against our user base and implemented SPF, DKIM, and DMARC with great success.

Google has excellent documentation on the protocol.

I would rather say that a desire to drive fast sports cars is what sets man apart from the animals.

Close