Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: Bullcrap (Score 2, Insightful) 145

by Oriumpor (#37686688) Attached to: RSA Blames Nation State For Cyber Attack

I spend a week a year listening to crap like this for hour after hour. In 2010 everyone said (and still this year the big Security firms are still clueless) that the PLC attack against the Siemens controllers "Was an extremely sophisticated attack" blah blah blah "nation state" blah blah blah.

This is based on the following:
1. Obviously the 2 signed pieces of code would have required real human assets.
2. The PLC controllers are incredible sophisticated and expensive.
3. The method of infiltration was extremely well planned.

Until earlier this year I was spouting the same crap... then an individual busted Comodo wide open. Then later Diginotar (as if Comodo wasn't evidence enough.) SO Check, #1 no longer requires human assets.
Then I saw a talk that blew #2 and #3 out of the water. A relatively low funded talk ( about 6k) was done, where an individual (not a team, not even two people) was able to identify a direct backdoor that provided shell access into all PLCs of the model applicable in the Stuxnet attack, and could perform the attack without the need of the configuration stations...

THERE WAS NO NEED FOR A USB PAYLOAD TO BOOTSTRAP THE COMPILER! You could actually login, and patch the damn executables on the plc itself using the backdoor.

My conclusion about 30 seconds after these things were demonstrated (on the actual PLCs) was that it probably did take a team of engineers to create the rube goldberg that was stuxnet, but it didn't involve anyone at Siemens (since when confronted with the researchers findings, they acknowledged them, saying they were already aware.)

Since the RSA attack is like three steps down from that, I would say that RSA is trying to perform damage control with their shareholders since in terms of sophistication a user clicking a malicious URL in an email is sooooOoo 1999.

Comment: Rudyard Kipling said it best (Score 4, Insightful) 167

by Oriumpor (#36041730) Attached to: Red Hat CEO On Patent Trolls: Just Pay Them Off

It is always a temptation to an armed and agile nation
    To call upon a neighbour and to say: --
"We invaded you last night--we are quite prepared to fight,
    Unless you pay us cash to go away."

And that is called asking for Dane-geld,
    And the people who ask it explain
That you've only to pay 'em the Dane-geld
    And then you'll get rid of the Dane!

It is always a temptation for a rich and lazy nation,
    To puff and look important and to say: --
"Though we know we should defeat you, we have not the time to meet you.
    We will therefore pay you cash to go away."

And that is called paying the Dane-geld;
    But we've proved it again and again,
That if once you have paid him the Dane-geld
    You never get rid of the Dane.

It is wrong to put temptation in the path of any nation,
    For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
    You will find it better policy to say: --

"We never pay any-one Dane-geld,
    No matter how trifling the cost;
For the end of that game is oppression and shame,
    And the nation that pays it is lost!"

Comment: Favorite Feynman Piece (Score 1) 169

by Oriumpor (#35897634) Attached to: Microsoft Celebrates Feynman 50-year Anniversary

And I call it a piece of art because the man was a damn artist when it came to explaining physics.

The universe in a glass of wine.

Searching for it returns nothing.

I know you can look it up by the section of the class, but come on natural language search is the new pink.

I'll stick to the bad recordings passed around by CIT students for the past quarter century.

Comment: Re:What I have been telling people. (Score 1) 229

by Oriumpor (#34724426) Attached to: Nintendo Warns 3D Games Can Ruin Children's Eyes

So much sarcasm, must resist feeding trolls. Ahh well, yes Virtual Boy, it's what I get for phone posting. /. groupthink just hasn't caught up with the reality of the automatic misrepresentations that said virtual presence devices present. Blame the mods for modding it up, don't attack someone's credibility solely for underrated bumps to your virtual ego.

Comment: Holy shit sparky, what'd you do? (Score 2) 99

by Oriumpor (#34706988) Attached to: Tales From the Tech Trenches

Ok, well I have to take some blame because I was involved in this, but while working for a major retailer I was one of two engineers fixing the power going to a pair of 6509's. They had redundant power supplies, and both the backups were bad. I had sent them both back, and received the RMA units the same day. After scheduling the change, and getting all the paperwork filled out we were ready to begin. Because we anticipated issues with at least one of the units, anything in this Datacenter seemed to be cursed, we called in a proactive ticket with Cisco. As we lined up the 30 amp plug and had it seated in the plug housing (attached to a local UPS) the engineer I was working with began inserting the 20 pound power supply into the chassis.

Just as he was sliding it I noticed THE CABLE HOUSING WAS SLIDING OUT OF THE POWER SUPPLY!!! I was starting to shout for him to stop and the two exposed solder points contacted the outside of the power supply. Needless to say, milliseconds later, Sparky (who hadn't checked the screw that held the housing in place on the power supply) was cowering in the corner, the operator on duty ran in the DC and had to yell over our now popped ears what the fuck just happened. Occording to her it was a very large bang, to me it was like a lightning bolt in front of my eyes.

I was already reaching for the leather strap to yank him off it, when I saw he was on the ground and the UPS had locally blown it's fuse. Thankfully he wasn't hurt, and it only took me about 36 hours of explaining to TAC what happened to get the unit back up to 100%. Before that night I never thought I'd call and say, "The unit arc'ed out and I watched it ground through the chassis... we're gonna need some parts." From now on I write the instructions such that it's painfully fucking obvious "DON'T FLIP THE POWER TO THE ON POSITION ON THE FEED UNTIL THE UNIT IS SECURE!!!"

Sparky doesn't do IT anymore.

Image

Real-Life Frogger Ends In Hospital Visit 314 Screenshot-sm

Posted by samzenpus
from the going-for-the-logs dept.
BigSes writes "A 23-year old man has been hospitalized after police in South Carolina say he was hit by an SUV while playing a real-life version of the video game Frogger. Authorities said the 23-year-old man was taken to a hospital in Anderson after he was struck Monday evening. Before he was hit, police say the man had been discussing the game with his friends. Chief Jimmy Dixon says the man yelled 'go' and darted into oncoming traffic in the four-lane highway. Has it come time to ban some of the classics before someone else goes out and breaks a few bricks with their heads after eating a large mushroom?"

Comment: Re:Ellsberg actually redacted diplomatic cables (Score 1) 669

by Oriumpor (#34706228) Attached to: Wikileaks and Democracy In Zimbabwe

Either you're lying or nobody is listening. I've mentioned this on the ISSA forums, on linkedin lists and on Slashdot multiple times. Wikileaks has an agenda. Cryptome, read it, learn it, love it. And for the hate of Cthulu if I see a stereotypical "Cryptome is a lying pack of liars" I'll scream.

This is exactly the sort of thing they want to happen, it's not an accident. To put on the WL hat: It's a horrific display of global politics, built on lies. To look at it from the outside in, it's a terrible setback to a slow development of what might someday have been a democratic upheaval. Now bloodshed may be the only option. See: the Ivory Coast.

An inclined plane is a slope up. -- Willard Espy, "An Almanac of Words at Play"

Working...