Forgot your password?
typodupeerror

Comment: Accountability (Score 5, Insightful) 524

So they got a court opinion that said it was unconstitutional, yet they just ignored it. Someone must be accountable for that! Aren't all US federal officers sworn to uphold the constitution of the United States of America - all the way up to the president? At the very least, someone should be tried for contempt of court. No matter the justification and possible reasons for the NSA program, they can't just ignore the highest law of the land. Or can they? It is a very slippery slope.

Comment: A little too easy - sadly (Score 4, Interesting) 179

by PerformanceDude (#44627671) Attached to: Three Banks Lose Millions After Wire Transfer Switches Hacked
These attacks are actually a little too easy to effectuate. The drive to outsource to third world countries and lack of training for local staff means that they are all a prime target for a social engineering attacks. It does not take a lot of organised resources to then create the requisite diversion for the often overwhelmed security staff and you have a big win in the pipeline. Of course it requires some skill, but nothing more than a course or two at Blackhat USA will give you. If you also have the benefits of the funds of a large Russian crime syndicate and the personal "motivation" that flows from that, along with an almost zero risk of prosecution due to jurisdictions - hell - why wouldn't you go for it?

The bottom line is that we need to harden up our defences more and more. We may even have to disconnect essential financial infrastructure from the internet and bring it back onto a completely private network that it costs a substantial amount of money to join and be authenticated to. It should come with the proviso that any device connecting to it, could also not be connected to the internet or an unknown intranet device at the same time. This would not be bulletproof, but it would substantially reduce the risk.

Comment: Re:Overpriced, have some slightest creativty? (Score 4, Insightful) 132

by PerformanceDude (#44484035) Attached to: Wi-Fi Pineapple Hacking Device Sells Out At DEF CON
Not lazy, just time poor. Some of us security professionals haven't got the time to play with distros, find the right drivers, mess around with package levels , find a proper sturdy case and all the rest. We just need a tool. Even the most expensive version of the Pineapple is less than half of what we charge per hour. I only spend time building my own hacking tools when I'm doing something out of the ordinary or if I have to make a hacking device look like it's not one. The things the Pineapple does is just pen-testing for dummies - but sadly, often that is enough to get through. I always start with the basics and move to more complicated attacks only if I have to. Same as any other genuine blackhat out there.

Comment: Punishment out of proportions? (Score 5, Insightful) 84

Even though the actions of these low-life, sewer-dwelling misfits angers me, I can't help but wonder why the punishment in the US is on a scale that you wouldn't even get for premeditated murder in most other countries. Aaron Swartz payed the ultimate price for such over the top threats of deprivation of liberty.

At what point does the punishment no longer fit the crime? Sure, confiscate all the profits, bankrupt them, take all their assets and lock them up for a couple of years. But 30-40 years? For real? Why not just send them to Mars or something? Locking them up for 5 years without access to computers would ensure that when they get out their hacking skills would be so redundant they could never do it again.

Isn't the justice system supposed to be about a balance between punishment and reformation - not about revenge?

Comment: Re:What's Google's excuse for not patching the N4? (Score 1) 87

Yeah - same here - and never mind that the latest version of Android on my Galaxy Nexus made Bluetooth inoperable in my car too. Google has hundreds of bug reports, but are yet to offer a fix or even acknowledge that there is a problem. Sadly Google are letting the very people down they should be giving most attention: The early adopters and Android enthusiasts.

+ - Bifloor suspends trading in Bitcoin indefinetely->

Submitted by PerformanceDude
PerformanceDude (1798324) writes "Bitfloor (a New York based online exchange for Bitcoin) has just made the following announcement on their website:

I am sorry to announce that due to circumstances outside of our control BitFloor must cease all trading operations indefinitely. Unfortunately, our US bank account is scheduled to be closed and we can no longer provide the same level of USD deposits and withdrawals as we have in the past. As such, I have made the decision to halt operations and return all funds.

Over the next days we will be working with all clients to ensure that everyone receives their funds. Please be patient as we process your request.

- Roman
  founder — bitfloor.com"

Link to Original Source

+ - Ask Slashdot: Is it legal to spam a phishing site? 1

Submitted by MillerHighLife21
MillerHighLife21 (876240) writes "I'm at a business that has to deal with a lot of phishing attacks and we've spent a significant amount of time over the last year building security policies to deal with it (Geographic account locking, etc). It's helped to protect accounts when compromised, but the continued phishing is a huge annoyance and a waste of time. I've been wondering about trying to actively become just as much of a pain to them as they are to me by setting up a bot to spam the login forms of phishing sites that our users report to us until we get them taken down. I figure at the very least polluting the data they are gathering could help make it less effective or even potentially just drop in some fake logins that we can use to flag IP addresses that try to login with them. Anybody know if something like that would be legal?"

"And do you think (fop that I am) that I could be the Scarlet Pumpernickel?" -- Looney Tunes, The Scarlet Pumpernickel (1950, Chuck Jones)

Working...