Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment It's 100%, those numbers are lies (Score 2) 122

I have hacked into 3 different hospitals, not large ones, moderate size.
None of which took more than 15 minutes to do, And I did it with my phone because I was bored waiting in line to see the doctor.
Got all the doctors names, what surgery is where, the insurance contacts, the accounting data, how much everyone gets paid(best part) but didn't touch patient data because I knew that one has it's own criminal penalties.
Point being no one noticed, no one cares to notice, after years they still don't know.
I didn't even go after the hospitals seriously, I used a fucking phone.
I don't know how much harder it can be to penetrate insurance companies or large hospital chains. but it can be done in a timely manner. I beleive You can actually have a timetable for hacking them because they all use the same crappy software vendors.

Comment Re:Inject adds in my pron? (Score 2) 278

Very easily, in fact
1.Have browser profiles for detecting your browser from it's behavior: connection handling, tcp packet timing, parallel connection count, cookie handling, request interval, dns caching behavor, resource refetching, caching settings, even favicon fetching interval and a lot more, it's called browser fingerprinting, they could use javascript injection too but that wouldn't be passive.
2.Determining if it will react to certificate authority changes. and proceed to next step if it doesn't.
3.Generate a trusted certificate with an extra certificate in x509 chain.
If you don't know already google has a CA. so they can
Once you know enough about browsers, https, tcp, x509, rsa, CAs, protocol design, 802.XX, ... it's will become trivial.

Comment Old, but still usable (Score 1) 48

This reminded me of my search for a 1930s(I think) mashpriborintorg russian AVO meter schematic. It took weeks to find.
They're still usable because they're the easiest thing to test some kinds of transistors. and they're really hard to find.
and I got to collect like a hoard of other manuals for similar devices.

Comment Re:Could this lead to false sharing allegations? (Score 1) 47

no, it doesn't really work that way. is the protocol that has problems in it. the bit-torrent protocol
The things IP owners use to track people are DHT and public trackers which are an entirely different thing used only for discovery of peers.
Theoretically they should be spoofable too, using very similar technics(they too are built on top of udp(mostly)), but it's not related to this.

Help me, I'm a prisoner in a Fortune cookie file!