Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re: This is MY suggestion on how to start to fix t (Score 1) 118

by TapeCutter (#48681597) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

And Someone pays for CC thift and that someone is You and me with much higher prices/taxes for everything.

Taxes and store prices have nothing to do with CC theft, the money is recouped by the bank purely from the interest rates.
However what I think you are trying to say is that; - the "working poor" are the people who end up paying interest because they can't afford to keep the CC balance at zero, they can't "just say no" to the CC debt because they also can't afford not to fix the car that takes them to work.

Comment: Re: This is MY suggestion on how to start to fix t (Score 4, Informative) 118

by TapeCutter (#48681477) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

Just don't spend more money than you have...

Easier said than done if you're always broke before the next payday. And no, that scenario doesn't automatically mean you're a lazy or that you squander your money. Quite the opposite, it generally means you work 60-80hr weeks in retail or some other minimum wage (or less) industry. When the shit-box car that takes you to work dies a CC is normally the only way it can be revived/replaced.

The vast majority of the "working poor" know it's a financial trap when they get the card, but sometimes in life deliberately walking into a trap is the best option you have, thankfully I haven't been in that position for over 20yrs now.

Comment: Cards are safer than cash. (Score 1) 118

by TapeCutter (#48681371) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites
I use a CC with a low limit specifically for internet purchases, I repay it straight away so I pay zero interest/fees. Over the last couple of decades I have known several people who have had their DC/CC emptied by hackers, in every case the bank was quick to accept blame and take the financial hit. It's in the bank's interest to do so because (like banknotes) CCs work on trust, if nobody trusts them nobody will use them. Nobody has ever emptied my CC (other than the ex-wife) but on a couple of occasions I have had a phone call from the bank telling me that my CC was being replaced by the bank because "it was involved in a data breach".

Dependency: Of course the people who can't afford to keep their CC balance at zero end up paying for my peace of mind via increased interest rates. Ultimately CC's are an unfair burden on the "working poor" and become "just another bill" when they inevitably hit their limit (been there, done that). The sad fact is that if everyone at every point in their life could afford to keep the balance at zero nobody would pay interest and CCs would not exist.

Comment: Re:yep. I provide security to some ofthe listed si (Score 1) 118

by Tom (#48681071) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

It's pretty clear the hack is in the client side.

The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.

We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.

Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.

Comment: Re:Prediction: (Score 4, Insightful) 176

by daveschroeder (#48680051) Attached to: N. Korea Blames US For Internet Outage, Compares Obama to "a Monkey"

First of all, you say, "North Korea didn't hack Sony," as if it is an indisputable, known fact. It is not -- by any stretch of the imagination.

The fact is, it cannot be proven either way in a public forum, or without having independent access to evidence which proves -- from a social, not technical, standpoint -- how the attack originated. Since neither of those are possible, the MOST that can be accurate stated is that no one, in a public context, can definitively demonstrate for certain who hacked Sony.

Blameless in your scenario is the only entity actually responsible, which is that entity that attacked Sony in the first place.

Whether that is the DPRK, someone directed by the DPRK, someone else entirely, or a combination of the above, your larger point appears to be that somehow the US is to blame for a US subsidiary of a Japanese corporation getting hacked -- or perhaps simply for existing.

As a bonus, you could blame Sony for saying its security controls weren't strong enough, while still reserving enough blame for the US as the only "jackass".


Comment: Prediction: (Score 5, Insightful) 176

by daveschroeder (#48679895) Attached to: N. Korea Blames US For Internet Outage, Compares Obama to "a Monkey"

Many of the same slashdotters who accept "experts" who claim NK didn't hack Sony will readily accept as truth that it was "obviously" the US that attacked NK, even though there is even less objective proof of that, and could just as easily be some Anonymous offshoot, or any number of other organizations, or even North Korea itself.

See the logical disconnect, here?

For those now jumping on the "North Korea didn't hack Sony" bandwagon that some security "experts" are leading for their own political or ideological reasons, including using rationales as puzzling and pedestrian as source IP addresses of the attacks being elsewhere, some comments:

Attribution in cyber is hard, and the general public is never going to know the classified intelligence that went into making an attribution determination, and experts -- actual and self-appointed -- will make claims about what they think occurred.

With cyber, you could have nation-states, terrorists organizations, or even activist hacking groups attacking other nation-states, companies, or organizations, for any number of motives, and making it appear, from a social and technical standpoint, that the attack originated from and/or was ordered by another entity entirely.

That's a HUGE problem, but there are ways to mitigate it. A Sony "insider" may indeed -- wittingly or unwittingly -- have been key in pulling off this hack. That doesn't mean that DPRK wasn't involved. I am not making a formal statement one way or the other; just saying that the public won't be privy to the specific attribution rationale.

Also, any offensive cyber action that isn't totally worthless is going to attempt to mask or completely divert attention from its true origins (unless part of the strategic intent is to make it clear who did it), or at a minimum maintain some semblance of deniability.

At some point you have to apply Occam's razor and ask who benefits.

And for those riding the kooky "This is all a big marketing scam by Sony" train:

So, you're saying that Sony leaked thousands of extremely embarrassing and in some cases damaging internal documents and emails that will probably result in the CEO of Sony Pictures Entertainment being ousted, including private and statutorily-protected personal health information of employees, and issued terroristic messages threatening 9/11-style attacks at US movie theaters, committing dozens to hundreds of federal felonies, while derailing any hopes for a mass release and instead having it end up on YouTube for rental, all to promote one of hundreds of second-rate movies?

Comment: Re: For that, you'd have to do a different attack (Score 1) 317

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects to the Internet, I shouldn't put a packet that claims it originates from on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 317

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: Re:Haven't you heard of lock-in? (Score 1) 6

More generally, MS has always pursued a strategy.
Unfortunately, mobile devices seem to have higher switching costs.
For example, my 'droid device has a full Navigon suite. If Apple wants my business, they have to convince me to eat that sunk cost.

Comment: Re:Why does it need internet? (Score 1) 317

by TapeCutter (#48677389) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

So distract everyone and yell "ASSHOLES!!" and pretend you haven't been shown how buttfucked you are, and how willingly you bent for it.

Self-righteous cunt, what's it to you if other people are willingly bending over, did you ever consider they were enjoying it and just wanted to be left alone?

Comment: Re:Stupid/Misleading Title (Score 2) 117

by mcrbids (#48676163) Attached to: US Navy Sells 'Top Gun' Aircraft Carrier For One Penny

Actually, those $0.02 make all the difference in the world.

1) Sold for $0.01 means that the new owner can do whatever they want with it, including sell it to North Korea for $5, hoping that the NKs have enough to make the check clear.

2) Paid $0.01 means that it's a demolitions contract, and the recipient has obligations to perform a service under specific terms. While many commercial contracts limit liability to the size of the contract, (in this case, $0.01 damages) my guess is that this wouldn't be the case for a DOD contract.

Long computations which yield zero are probably all for naught.