Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 38 declined, 19 accepted (57 total, 33.33% accepted)

Submission + - The OpenSSH Bug That Wasn't (blogspot.ca)

badger.foo writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

Submission + - Password Gropers Hit Peak Stupid, Take the Spamtrap Bait (blogspot.ca) 1

badger.foo writes: Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're take from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally Peak Stupid.

Submission + - Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow (blogspot.ca)

badger.foo writes: Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course.

Submission + - The UK "Porn" Filter Blocks Kids' Access To Tech, Civil Liberties Websites (blogspot.ca)

badger.foo writes: It fell to the UK Tories to actually implement the Nanny State. Too bad Nanny Tory does not want kinds to read up on tech web sites such as slashdot.org, or civil liberties ones such as the EFF or Amnesty International. Read on for a small sample of what the filter blocks, from a blocked-by-default tech writer.

Submission + - The Hail Mary Cloud And The Lessons Learned (blogspot.ca)

badger.foo writes: Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe.

Submission + - Maintaining A Publicly Available Blacklist - Mechanisms And Principles (blogspot.ca)

badger.foo writes: When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist.
Security

Submission + - SSH Password Gropers Are Now Trying High Ports (blogspot.ca)

badger.foo writes: "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column."
Networking

Submission + - You're Being DDOSed - What Do You Do? Name And Shame? (blogspot.ca)

badger.foo writes: "When you're hit with a DDOS, what do you do? In his most recent column, Peter Hansteen narrates a recent incident that involved a DNS based DDOS against his infrastructure and that of some old friends of his. He ends up asking, should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)? How about scans that may or may not be preparations for DDOSes to come?"
Security

Submission + - The Optimum Attack Rate for SSH Bruteforce? 1 Per 10 Seconds (blogspot.com)

badger.foo writes: "Remember the glacially slow Hail Mary Cloud SSH bruteforcers? They're doing speedup tweaks and are preparing a comeback, some preliminary data reported by Peter Hansteen appear to indicate. The optimum rate of connections seems to be 1 per ten seconds, smack in the middle of the 'probably human' interval."
AMD

Submission + - What to expect in OpenBSD 5.0 onwards (blogspot.com)

badger.foo writes: "OpenBSD-current just turned 5.0-beta, providing us a preview of what the upcoming release (slated for November 1st) will look like. Book of PF author Peter Hansteen takes us through the main new features and explains the development process that has consistently turned out high-quality releases on time, every six months for more than a decade."
Security

Submission + - OpenBSD 4.7 preorders are up (openbsd.org)

badger.foo writes: The OpenBSD 4.7 pre-orders are up. That means the release is done, sent off to CD production, and snapshots will turn -current again. Order now and you more likely than not will have your CD set, T-shirt or other cool stuff before the official release date. You get the chance to support the most important free software project on the planet, and get your hands on some cool playables and wearables early. The release page is still being filled in, the changelog has detailed information about the goodies in this release.
Security

Submission + - The Hail Mary Cloud is Growing (blogspot.com)

badger.foo writes: The .au Rickrolling of jailbroken iPhones only goes to prove that bad passwords are bad for you, Peter Hansteen points out before he reports on the further exploits of password-guessing Hail Mary Cloud (previously /.ed here). The article contains log data that could indicate that the cloud of distributed password guessing hosts is growing.
Security

Submission + - Sloppy Linux Admins Enable Slow Bruteforcers (blogspot.com) 1

badger.foo writes: Peter N. M. Hansteen reports that a third round of the low-intensity, distributed bruteforce attacks is now in progress, and that sloppy admin practices on Linux systems is the main enabler: The fact that your rig runs Linux does not mean you're home free. You need to keep paying attention. When your spam washer has been hijacked and tries to break into other people's systems, you urgently need to get your act together, right now. The article has more info and references.
Security

Submission + - The slow brute zombies are back (blogspot.com)

Peter N. M. Hansteen writes: "In real life, zombies feed off both weak minds and the weak passwords they choose. When the distributed brute force attempts stopped abruptly after a couple of months of futile pounding on ssh server, most of us thought they had seen sense and given up. Now it seem that they have not. They are back. The article has some analysis and links to fresh log data."

Slashdot Top Deals

FORTRAN is for pipe stress freaks and crystallography weenies.

Working...