Forgot your password?
typodupeerror

Comment: Re:Do it enough times (Score 1) 149

by PhunkySchtuff (#46738443) Attached to: NSA Allegedly Exploited Heartbleed

Private key grabbed. Game over.
One successful attempt took >2.5M requests over a day. Second successful attempt was something like 100k requests.

http://blog.cloudflare.com/the...

It's all in the luck of the draw. When you don't have any logging of this, you've got no idea how long people have been poking at this and literally no idea what anyone has made off with.

Comment: Re:Viable Replacement? (Score 1) 240

by PhunkySchtuff (#46688797) Attached to: Dyn.com Ends Free Dynamic DNS

Yep, I found that too. I had a privately registered domain with afraid.org that still allowed other people to create their own hostnames in that domain. These hostnames were then used to spread malware with the result that I was receiving notices from Google saying my web site was compromised.

I had, say, www.example.com and then others were making asd34ghjb5fbs.example.com and using that to spread malware. Google saw that I owned example.com and so I received the notifications. I'd log into afraid.org and shut down all the hostnames that I didn't create, but they kept getting made even though I had private registration on my domain name.

Comment: Re:Viable Replacement? (Score 1) 240

by PhunkySchtuff (#46688779) Attached to: Dyn.com Ends Free Dynamic DNS

I've had problems with afraid.org where a privately registered domain I held allowed other people to create their own hostnames in that domain. These hostnames were then used to spread malware with the result that I was receiving notices from Google saying my web site was compromised.

I had, say, www.example.com and then others were making asd34ghjb5fbs.example.com and using that to spread malware. Google saw that I owned example.com and so I received the notifications. I'd log into afraid.org and shut down all the hostnames that I didn't create, but they kept getting made even though I had private registration on my domain name.

Comment: Re:A Microsoft Killswitch (Score 5, Insightful) 214

by PhunkySchtuff (#45980435) Attached to: Microsoft Remotely Deleted Tor From Windows Machines To Stop Botnet

Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?

No, of course not. Old, known-bad versions of TOR that have numerous exploits active in the wild are removed. Not Chrome browser as it's not malicious software.

To quote another poster a few threads down

If a PC was infected with Sefnit and had the signature old version of Tor in the hidden location, Tor was removed because it's logically the case that Tor was just part of the virus payload. Because of the unique install directory, there wasn't even a remote chance for false positives. Publicly available tools that can be used for good or bad are hijacked by viruses all the time, and it's never a surprise if an anti-virus removes that tool when the virus specific files are removed.

Comment: Apple Caching Service (Score 1) 159

by PhunkySchtuff (#45743755) Attached to: Ask Slashdot: Managing Device-Upgrade Bandwidth Use?

On any Mac in your office, running 10.8 (Mountain Lion) or 10.9 (Mavericks) purchase (for $20 or so), download and install the OS X Server app.
Turn on the Caching service. Problem solved for Apple devices.

The server then registers itself with Apple, they see the registration coming from your IP, so when further devices from that IP address request a software update, these machines are pointed to your internal Caching server. Then, when a device (or a Mac) tries to download an update or purchase something from the App store, it will come from the persistent cache in preference to the WAN.

Comment: Re:Am I imagining it? (Score 1) 230

by PhunkySchtuff (#45340487) Attached to: Stolen Adobe Passwords Were Encrypted, Not Hashed

This is a huge part of the problem. Just about all security researchers (white or black hat) will have an account with Adobe - even if it's using a throwaway email address. They know what the email address is, they know what their password is, so can begin to mount a known-plaintext attack against the data in the database.

Unless Adobe are using a different encryption key for every password in the database (unlikely as if they were this careful, they'd not encrypt them and instead hash and salt them) then discovering the key for one password will reveal the rest.

Comment: You're probably not getting DDOS'd (Score 2) 319

by PhunkySchtuff (#45110525) Attached to: Ask Slashdot: Mitigating DoS Attacks On Home Network?

You are probably either the victim of a malware infection, or you're torrenting too much. If a machine on your network has been properly pwned (and this is a lot more likely than you being the target of a DDOS) then running AV on top of the OS most likely won't find the malware...
Download and burn the Kaspersky Rescue CD, boot off that (a known-good OS) and scan your machines. Report back how much malware it found that everything else missed.
If you're participating in a DDOS (or otherwise maxing out your upstream bandwidth - eg torrents) then uploading at the maximum throughput will have the side effect of dropping your download speed to the same as your upload speed.

Comment: Re:New "traditional" energy source (Score 2) 140

by PhunkySchtuff (#45087519) Attached to: Two-Laser Boron Fusion Lights the Way To Radiation-Free Energy

There's one area where renewables can win out, and the space they take up doesn't make any difference.
If a law were to be passed where every new house had to have, say, a 5kW photovoltaic system on the roof, it would take up zero additional space, would be cheaper to implement at the design stage of a new house and all new houses would be largely self-sufficient for power, with the ability to feed extra power into the grid.
As a bonus, on those really hot (and, coincidentally, sunny) days where everyone has their AC on, they are the kinds of days where a distributed power generation system like this will easily be able to cope with the additional load.

Comment: Re:Stay away from OCZ and SandForce (Score 1) 512

by PhunkySchtuff (#44838151) Attached to: SSD Annual Failure Rates Around 1.5%, HDDs About 5%

I can't verify the reasons you've given, but I can back up those failure rates.
When SSDs were still crazy expensive, OCZ were at the more affordable end of the range. It got to be that they failed so much whenever I put in an RMA for one with my supplier they wouldn't even ask for details or attempt to troubleshoot to verify the fault.
Me: "Hi, I've got an SSD for a warranty return"
Them: "OK, have you got the serial number or the original invoice?"
Me: "It's an OCZ"
Them: "Oh, no worries, we'll courier a new one out to you"

Since prices have dropped, I now only use Intel and have had a grand total of one failure, in a 4 year old 80GB disk.

Comment: Re:everyone caps speed (Score 1) 353

by PhunkySchtuff (#44786833) Attached to: Ask Slashdot: How Do You Fight Usage Caps?

No consumer ISP in Australia caps your speed. You get an ADSL2 connection and it's as fast as the line can go, depending on your distance to the exchange etc. Up to 24Mbs. You get a DOCSIS2 cable connection and it's up to 30Mbs. You get a DOCSIS3 cable connection and it's up to 100Mbs.

With respect to your download quota however, you want to download more, either you pay more or you move to a cheaper tier 2 or 3 ISP with some kind of "unlimited" plan.

Comment: Re:Start your own provider? (Score 1) 353

by PhunkySchtuff (#44786811) Attached to: Ask Slashdot: How Do You Fight Usage Caps?

If it's not possible for you to hit your cap during the billing period, then why would you have a cap in the first place?
I'm on 100Mbs cable. I get 200GB/month. I'd much rather this than be limited to 0.6Mbs which would would render me physically incapable of hitting my cap in a month. If I want to download more (remember that this data transfer isn't free to my ISP) then I can pay more. Simple economics. My speed however is completely uncapped - it's as fast as the DOCSIS3 network equipment is capable of going.

Hacking's just another word for nothing left to kludge.

Working...