Please create an account to participate in the Slashdot moderation system


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Know Thy DNS IP's! (Score 4, Informative) 31 31

by WD (#49775675) Attached to: Exploit Kit Delivers Pharming Attacks Against SOHO Routers

Yeah, that helps for sure. The other option is to see if there's a 3rd-party firmware for the router. The firmwares that come with home equipment out of the box are often pretty poor. And are often abandoned after they are shipped. However, something like dd-wrt / openwrt / tomato is likely to be better supported.

Comment: Unforeseen consequences (Score 2) 200 200

When doing security testing of any system, one must consider the possibility of unforeseen consequences. That is, while you think that your test may be harmless, you'll really never know this for sure until you perform the test. And even then, you might not know of all possible damage that was done to the system.

Just as system architects and developers make certain assumptions that may introduce vulnerabilities, a security tester may make assumptions about the consequences of their actions. The problems happen when these assumptions don't map up to reality 100%.

Yes, airplanes' computer systems should receive security testing. But to perform any sort of testing without authorization and when there are potential safety (human life) consequences is inconceivably irresponsible. Regardless of whether or not the tester suspects any damage will occur.

Comment: Ridiculous article title (Score 4, Informative) 629 629

by WD (#49447805) Attached to: Florida Teen Charged With Felony Hacking For Changing Desktop Wallpaper

The student observed the teacher's keyboard while the password was typed in. The student then used that observed password to unlawfully gain access to the system in question.

This has nothing to do with the wallpaper. The student leveraged unauthorized access to a system to do something.

Comment: Re:My FreeBSD Report: Four Months In (Score 1) 471 471

by WD (#48971691) Attached to: Systemd Getting UEFI Boot Loader

Yes, ZFS is amazing. But my concern about FreeBSD in general is that from an exploit mitigation perspective, it's in the dark ages. Like, maybe close to Windows XP. http://networkfilter.blogspot....

For a file server, great. But for anything that's parsing untrusted data or is exposed to the internet, I'd be concerned.

Comment: Who says that the attack is over? (Score 5, Informative) 35 35

by WD (#48851443) Attached to: Microsoft Outlook Users In China Hit With MITM Attack

The evidence that China was performing MITM attacks on was because of temporary use of an SSL certificate chain that wasn't signed by one of the hundreds of root CAs included with modern operating systems. (and therefore the software complained)

If the software people are using stops complaining about the SSL certificate chain, does that mean that they're not performing MITM anymore? Hell no. At the very least it means that they're just using an SSL certificate signed by one of the hundreds of trusted root CA certificates. You know, like CNNIC. The internet organization with ties to the Chinese government.

Comment: Easier said than done (Score 1) 324 324

by WD (#48804321) Attached to: How To Hijack Your Own Windows System With Bundled Downloads

How do you teach a non-geek to find and recognize the canonical source for a software download? Is the official VLC site? Is the right place to get 7-zip? Is the place to get the latest LibTIFF? The answer to all of these is "No", but I'd like to hear the teaching technique that allows a non-geek to come to these conclusions.

"Ninety percent of baseball is half mental." -- Yogi Berra