Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:Update from Synology-sec issue patched 12/2013 (Score 3) 150

by bhoar (#47606275) Attached to: Synolocker 0-Day Ransomware Puts NAS Files At Risk
Hmm, reading more, I think I'm fully or partly wrong about what's going on with the background, since synology states in the updated post that the symptom is that you were running 4.3 or earlier, but now you've got the extortion message and DSM reports it is 5.0. Apologies for posting that last message before I knew what I was talking about.

Comment: Re:Update from Synology-sec issue patched 12/2013 (Score 1) 150

by bhoar (#47606243) Attached to: Synolocker 0-Day Ransomware Puts NAS Files At Risk
Theory is that the DSM 5.0 looking background is a background image snapshot and what is displayed is a simpler webpage with just the countdown timer and links. Why program the payload as an actual DSM module when you can just put a much simpler webpage in place? Synology appears to think similarly, as they say one of the symptoms is that you didn't upgrade to 5.0 but the background looks like 5.0.

Comment: Update from Synology-sec issue patched 12/2013 (Score 5, Informative) 150

by bhoar (#47605839) Attached to: Synolocker 0-Day Ransomware Puts NAS Files At Risk
Updated posted 8/5/2014 by Jeremie on the English language Synology Forum: [We’d like to provide a brief update regarding the recent ransomware called “SynoLocker,” which is currently affecting certain Synology NAS servers. Based on our current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.]

Comment: Re:What's hardest, the crypto or the OS integratio (Score 5, Interesting) 250

by bhoar (#47272943) Attached to: TrueCrypt Author Claims That Forking Is Impossible
--- Redefining "OS integration" to include "OS and boot integration", the short answer is: the boot process, hands down. You can model a new app based on TC's approach for OS-level (container/partition/disk) encryption, and you can do the same for MBR boot/system disk encryption, but now that everything is moving to TCG-TCM/UEFI/GPT/etc. it's a lot more complicated. -- Some history: IIRC from the TC forum, the TC's developer had issues finding a public API/method in the MS docs that could be used to pass keys and boot control from the MBR/bootloader to the OS and tc driver shim. There were third party apps out there doing it, but there didn't seem to be a documented way to do it, and the tc devs wanted to avoid fragile hacks to get it done. -- Microsoft actually responded to the TC devs by either publicizing a private API or by creating an official one. Again, this was back in the MBR days. -- With UEFI/GPT, trusted boot, etc., this part has become a lot more complex. I'm not sure what Microsoft's responsiveness would be on pursuing an official UEFI/GPT API, but I wouldn't be surprised if it's something along the lines of "Just use Bitlocker, it does this already."

Comment: Occam's Razor (Score 1) 250

by bhoar (#47272777) Attached to: TrueCrypt Author Claims That Forking Is Impossible
1. Evidence seems to point that the main developer is in Europe. So, an NSA NSL doesn't seem (to me) to be a likely factor. 2. Evidence points to the history of the code perhaps being legally murky. But from what I recall of the forum discussion nearly a decade ago, most of the murk wasn't due to the code origins, which appeared to be on the up and up, but due to the legal threats/actions of a company that thought it could prevent a fork from *before* buying code/hiring the developer. That's IIRC, of course, I've seen reporting all over the map on this issue. Also, supposition: there may have also been verbal promises between the dev(s) and outside entities about what might trigger more legal issues. 3. Evidence points to English being the main developer's second language, so the conspiracy theories base on awkward sentence construction are probably just that, theories. 4. Evidence (now gone, due to the tc forums being removed) also seems to point to the main developer having strong feelings about control over the main code line and trademarks for a long time. Some of this seemed rational (wanting to block a plethora of backdoored versions being deployed) but some of this seemed personal. Most devs have been there, some have matured and learned to let it go. Conclusion: the simplest explanation, to me, is that the main dev wants to the code dead and buried so that he is entirely free of any future legal, ethical or emotional consequences of it continuing.

Comment: CVS/Walgreens do it too! (Score 1) 794

by bhoar (#46371403) Attached to: Whole Foods: America's Temple of Pseudoscience
Why single out Whole Foods? The cold/flu aisles of the local CVS & Walgreens are packed with explicitly homeopathic and semi-secretly homeopathic (e.g. Zicam) "cures". Drug stores carrying these things bothers me more than whole foods. Plus, I have many *other* reasons to hate on Whole Foods that make this seem minor in comparison...

Comment: Non-profit cd ripping robot deal (Score 1) 330

by bhoar (#42175251) Attached to: Slashdot Asks: SATA DVD Drives That Don't Suck for CD Ripping?
For what it's worth, I have a large number of 50-disc CD ripping Robots that I need to get rid of. They are USB connected. Internally they consist of a USB hub, a USB serial port controlled robot and a USB bridge connected IDE Teac CD-RW drive that work with Windows XP and dbpoweramp's batch ripper. Plus a command line driver stub I wrote that dbpoweramp calls. I need to get rid of them. Most of them are unused and in their original boxes. The boxes are heavy, so UPS ground shipping is about $30 per box to the lower 48 states (maybe a few bucks less). International shipping is prohibitive and probably not worth it ($100 to $200 per box) due to weight and size. I am giving them away for the cost of shipping. Contact me directly at brendan.hoar@gmail.com if you're interested. You can read more about them in the dbpoweramp forums if you look up "kodak" robots there. Brendan

An authority is a person who can tell you more about something than you really care to know.

Working...