Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:yep. I provide security to some ofthe listed si (Score 1) 124

by Tom (#48681071) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites

It's pretty clear the hack is in the client side.

The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.

We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.

Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.

Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.

Comment: Re: For that, you'd have to do a different attack (Score 1) 317

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects to the Internet, I shouldn't put a packet that claims it originates from on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 317

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: Re:For that, you'd have to do a different attack (Score 1) 317

by Tom (#48675107) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

spoof the IP address of your target (...) it proves that the DNS protocol itself is beyond repair

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

MS and Sony have a security that matches the opaqueness of an erotic dancer's dress

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Comment: Re:Rubbish (Score 3, Insightful) 317

by Tom (#48675071) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

Comment: Re:miscreation (Score 1) 347

by Tom (#48674659) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

Comment: Re:*sips pabst* (Score 1) 347

by Tom (#48666041) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

he was dragged kicking and screaming into directing it

And at no point did he have the option to say "no" and walk away, I'm sure. Because he's not living in a free country and he is so poor that he would starve if he did that.

When you burn out in life, you'll understand.

No, when you burn out in life you walk away from everything that causes you trouble and find a place where you are safe and can recover.

Comment: miscreation (Score 3, Insightful) 347

by Tom (#48665989) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

I've seen the first two so far and they didn't convince me for the 3rd. I'll probably go because my GF wants to.

The problem is that The Hobbit is an entirely different book compared to LOTR. It's a childrens book, a soft introduction to Middle Earth, not an epic fantasy tale. It should've been dealt with in a different way, not as a "we made a shitload of money, so let's make more LOTR movies" prequel. It basically fell into the same trap as the Star Wars prequels - the attempt to replicate a success by doing more of the same, completely missing the idea that maybe the first was a success exactly because it was not more of the same, but stood out from what else was on offer at the time.

And omg were they filled with crap that had nothing to do with story or book and was only added to complete some Hollywood recipe.

They should've made it one move, for a younger audience, made by a different director, without trying to make it a prequel and "foreshadowing" everything we've already seen.

Comment: Re:Metadata (Score 4, Interesting) 36

by Tom (#48658967) Attached to: How a Wildfire Helped Spread the Hashtag

Because they are a hack. Twitter wasn't designed to include any metadata except author, date, etc. - certainly not topics, tags or keywords.

The problem is feature creep. Of course users want tags and keywords and topics and threading and circles and access levels/restrictions and grouping and two hundred other features. But if you give them what they want, they will complain that it's all too complicated and move elsewhere.

Comment: Re:the rules changed, that's why the manual contro (Score 1) 90

by Tom (#48658631) Attached to: Google Unveils New Self-Driving Car Prototype

Who said emergency? An emergency is probably exactly when you want a computer to be in control, simply because it can process more information more quickly, and the decisions to be made are trivial and minimal (aka "bring vehicle to a safe stop, right now").

But I would want manual controls on my car of the future because on some weekends I drive into the countryside and I drive on small dirt roads that may or may not be on the map. Or to festivals or other big events where at the end you park on a field. Or you drive through a really crowded street where the computer will most likely just stop and stand because there's always someone in front of the car.

There are plenty of non-emergency situations that I'm not sure the automatic driver can handle.

Comment: Re:News Flash : All Corporate IT security is a jok (Score 1) 239

by Tom (#48656125) Attached to: Anonymous Claims They Will Release "The Interview" Themselves

Security is a cost vs benefit equation for a business.

In the textbooks, it is. In the real world, humans make decisions, and they are not purely rational. The whole marketing industry is based on the fact that the free market doctrine of the rational buyer is nonsense.

The board have to do what it feels is best financially for the shareholders

There, highlighted the keyword for you. Thank you for supporting my argument so strongly, that exactly is the point.

Comment: Re:News Flash : All Corporate IT security is a jok (Score 4, Insightful) 239

by Tom (#48648935) Attached to: Anonymous Claims They Will Release "The Interview" Themselves

The problem isn't just stupid C*Os, though they certainly exist. The problem is also our inability to communicate properly with them. Me personally, guilty as charged, btw. -- it took me many, many years to understand how the C-level thinks and how to talk to them to get what you want. And even then you often don't because of some under-the-radar corporate politics that's going on right then.

No, this hack will in no way change anything. None of the previous public hacks did.

One of the main problems is that C*Os are right that a lot of security money is totally wasted on bullshit, like security awareness trainings for an audience that doesn't give a fuck, shouldn't have to give a fuck, and will forget everything they accidentally heard over their playing Farmville or bullshit bingo while you were talking in front, wasting their precious office time. Or on technically cute systems that are as fascinating as they are useless. Or on trying to convince a C*O that he needs military-grade security without explaining him why he should consider himself a military man.

For about 10 years now the security industry has - at the speed of a turtle - realized that it doesn't take human factors into consideration nearly enough. We've all thrown the mantra of the stupid user around as if it would explain anything, and explained our consistent failure to complete our mission by pointing fingers at others, just like you do above.

Guess what? Everyone in a company has too few resources, executives meddling in their things and idiot managers fucking things up, but the others still manage to largely accomplish their goals.

Comment: Re:Conservatives mostly don't like the involvement (Score 1) 218

The reason this hasn't happened is because it is fucking illegal.

In your stupid backwater country.

They've gone so far as to pressure local city councils to forbid century link to operate in the area.

You elected the fuckers, stop whining.

So no. Frankly I am just offended that you cited experience before as justification for your argument when you're so ignorant of what is going on.

Because armchair politics on /. beats industry experience.

How fucking dare you.

Look, troll. I worked for 10 years in a company that owned a city-wide telecom network and had a couple million phone and Internet customers. The people who do the switching in those grey boxes on the street corner worked one floor below me (I was in IT, not networking). The last mile issue is real and that some corrupt city council in some 3rd world country whose primary industries are advertisement and entertainment pass some silly laws is a tiny drop in the ocean of the telco industry. If you had a solution to solve the last mile problem that is feasable, affordable and legal, you could be rich faster than you can spell out your account number.

But since you've returned to ad hominem attacks after a short interlude of actual arguments, I'll leave you here to celebrate your "victory" all alone. Bye.

Comment: Re:Conservatives mostly don't like the involvement (Score 1) 218

You'd roll it out as it became convenient. Things need to be replaced.

This transition will take several decades, as those cables are not in need of much maintainance. But it could be done.

Who would pay for the change, though? I doubt the ISPs are going to do it, the current system works for them. The house owners won't, for the same reason.

Yes, it can be done. I wouldn't bet on it, though. Most likely, by the time this transition is over, all the cables are obsolete. That's one of the reasons nothing like this has happened so far - the players in the field are afraid that their investment will be outdated before it is amortizied.

Comment: Re:Conservatives mostly don't like the involvement (Score 1) 218

by Tom (#48643409) Attached to: Single Group Dominates Second Round of Anti Net-Neutrality Comment Submissions

However, if another company wants to lay cable on that street... what is the problem?

That tearing up a street is expensive, inconveniences a lot of people and these costs to both the parties involved and those around the event far outweigh the benefits. It's the same reason that we have one publicly owned street and not 20 parallel roads owned by different companies competing for your car to drive on them. It's stupid, that's why.

With telcos, the only reason we have the last mile problem at all was because initially telecommunication was built as a public service, like roads. Then someone decided to make it all private, because free market magic. The proper decision would have been to keep the last mile as public property, but it wasn't made, because idiots.

You're basically just saying

That's not what I'm saying. I'm saying that visions are a dime a dozen. Realizing them is the hard part, and it takes more than a few "look, a three-headed monkey" sentences to do that.

The first version always gets thrown away.