Forgot your password?
typodupeerror

Comment: Re:Tricky. (Score 1) 356

by blizz017 (#39089591) Attached to: UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense

On the one hand, Mangham definitely didn't have prior authorization. His actions were illegal, regardless of his intentions.

On the other hand, Facebook's long-term security has been dramatically weakened. Now, anybody who finds a vuln in Facebook isn't going to report it for fear of doing jail time.

Sounds like a fuck-up for everyone involved.

Or you know you follow Facebook's procedure for their bug-bounty program: https://www.facebook.com/whitehat/bounty/ Paying special attention to the following section:

Exclusions The following bugs aren't eligible for a bounty (and we don't recommend testing for these): Security bugs in third-party applications (e.g., http://apps.facebook.com/%5Bapp_name%5D) Security bugs in third-party websites that integrate with Facebook Security bugs in Facebook's corporate infrastructure Denial of Service Vulnerabilities Spam or Social Engineering techniques

If you want to test any of those, you do what practically any book on "ethical hacking" ever states and you get prior authorization.

Comment: Re:Military vs. Civilian Justice (Score 5, Informative) 172

by blizz017 (#38433346) Attached to: Tech Forensics Take Center Stage in Manning Pre-Trial
1. He's not at trial yet; this is an Article 32 hearing.. basically a grand jury hearing/pre-trial. 2. At Trial, he would have a jury of his peers; far more so than you'd find in a civilian courtroom. He's and enlisted soldier, so if his defense team opted, they can have a jury full of enlisted soldiers. 3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

Comment: Re:Service Guarantees Citizenship (Score 1) 231

by blizz017 (#37720316) Attached to: Security Researcher Threatened With Vulnerability Repair Bill

So if I disclose all your bank password, would that make me immune ? I agree in part, but it is a problem. If as a delivery dude, I find your key under the front door mat, can I make a 1000 copies and drop them off all over the city with your address to teach you to be safer ? I am genuinely asking, I don't have the answer. If I simply return your key, and you keep putting it under the mat, then what do I do.

That's not what he meant; If you disclose the vulnerability that exposes his passwords, you're immune. If you exploit the vulnerability and disclose the passwords than you're not immune from the action of disclosing data improperly. You don't have to disclose the passwords to prove the vulnerability. In your little example, the vulnerability would be the key under the front door mat. The exploit would be using that key and/or making copies of the key. Proper disclosure would dictate that you notify him that his key is under the front door mat and give him time to respond and remedy the situation after a period of time (say 30 days) if he ignores the vulnerability or the vulnerability is remedied, than disclose the vulnerability. Improper disclosure would be letting the public at large know the day you found the key; you don't need to make copies of the key to prove or disclose the vulnerability.. it adds nothing and just makes you a dick. In the reality of this case; the guy didn't disclose any customer data to the public at large (at least from what I gather), and he stated that he will delete any data resulting from the breach and would even allow the company to verify as such. Following the whole "Disclosure Guarantees Immunity" philosophy this guy should be in the clear. Data access is going to occur at times in vulnerability research, what you do with that data is what should determine whether you get immunity or not.

Comment: Re:Long term, it is a good thing... (Score 2) 135

by blizz017 (#37168524) Attached to: Motorola's Identity Crisis
Last thing I read on it was from April in this article: http://www.businessinsider.com/next-xbox-may-be-profitable-on-day-one-2011-4 Seems like the business segment containing Xbox is down 5.5 billion over its lifetime, but has been turning a profit for each of the last 11 quarters.. they may be down overall, but they're going to break even here pretty quickly; even more so if they decide not to go the hardware loss route with the next xbox.

Comment: Re:Why? (Score 1) 572

by blizz017 (#36898304) Attached to: Space Station To Be Deorbited After 2020

The Space Station is in a Low Earth Orbit (LEO) and will fall to the Earth without its regular altitude boosts

The ISS is in LEO because NASA was INCAPABLE of building a space shuttle that could achieve higher orbit! Because it had to have WINGS so it could land with secret military payloads at designated airfields in the continental USA.

So the AMERICANS crippled the INTERNATIONAL Space Station. It should have been in higher orbit to start with then it would last longer, but NO the Americans had to have it their way. Hopefuly the Chinese won't make the same dumb mistakes.

Nobody said the other partners had to take NASA's money... they were free to build a space station on their own. Don't bitch when the biggest financial and technical partner mandates its way; especially when the next closest partner barely surpassed 1/10th of the AMERICAN cost on the project.

Comment: Re:Why? (Score 1) 572

by blizz017 (#36898174) Attached to: Space Station To Be Deorbited After 2020

Interesting that this is not a NASA announcement...

Despite the fact that most American news media refer to it as 'The NASA Space Station" It is, in fact, not exclusively a NASA space station. Its correct title is "ISS" which stands for "International Space Station".

NASA is just one partner of many on this project.

What american news media refer to it as 'The NASA Space Station'? I'm curiously interested, as I have never seen it referred as such.

Comment: Re:WikiLeaks 2014 - DOD Spied on employees (Score 1) 210

by blizz017 (#36847990) Attached to: A Linux Distro From the US Department of Defense
And it wouldn't be news at all... given that LPSL its primarily meant to access DoD systems not for general browsing/playing around (In fact the primary point of it is for accessing webmail which requires CAC authentication, and configuring CAC authentication on home systems has generally been a PITA for IT Support), and given nearly every DoD system has the following disclaimer:

THIS IS A DEPARTMENT OF DEFENSE COMPUTER SYSTEM. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized U.S. Government use. DoD computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of the system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this DoD computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes.

I think it's fairly safe to say that people already know their stuff is being monitored...

Comment: Re:NATO Hacking (Score 1) 304

by blizz017 (#36835354) Attached to: Anonymous Hack One Gigabyte of Data From NATO
They are for the most part (Packet switching over shared lines for certain networks being the obvious case of non-isolation physically). Hitting internet connected servers nets you some unclass/fouo maybe confidential level stuff. If you're lucky and hit the right place at the right time, you might get some info that was accidentally uploaded that's classified higher and hasn't yet been cleansed. Keep in mind we have whole groups of people dedicated solely to finding classified info uploaded to NIPR/Public Internet facing systems and to investigate the cause and clean the affected systems. This is why I always take the 'We've hacked NATO's public facing servers and netted some juicy info!!!' type stories with a very big grain of salt. Remember none of the Bradley Manning/Wiki-leaks stuff came from a internet connected network.

Comment: Re:The Real Real problem (Score 1) 1306

by blizz017 (#35615814) Attached to: US Contemplating 'Vehicle Miles Traveled' Tax
What gives you the impression that Energy Efficient Vehicles are lighter than Gas Guzzlers? A Chevy Volt is 3781 lbs A Nissan Leaf is 3354 lbs A Ford Mustang is 3655 lbs A Chevy Corvette is 3350 lbs Granted you'll have differences between different variations of the same model; but just use those as generalized examples. Now if you're comparing a Leaf to a Suburban that's a whole other ballgame and is like comparing apples to oranges.

Comment: Re:The shuttle doesn't (currently) black out (Score 1) 88

by blizz017 (#34794078) Attached to: Hypersonic Radio Black-Out Problem Solved

And this article wasn't talking about the space shuttle. In fact the word "shuttle" doesn't exist in either the summary or the article.

Really? Damn.. i guess I just imagined reading this line:

Ordinarily, this plasma absorbs and reflects radio waves at communications frequencies, leading to a few tense minutes during the re-entry of manned vehicles such as the shuttle.

Comment: Re:Epic Fail? Hardly. (Score 1) 534

by blizz017 (#34710836) Attached to: Playstation 3 Code Signing Cracked For Good
I'm surprised you actually expect such an announcement to come from them. Why in the hell would they ever open themselves to a potential lawsuit by announcing it publicly. That's not to say it hasn't been done, particularly since depending on what the PS3 cluster is being used for, the NSA and/or DISA has almost assuredly broken the PS3 down to find out its flaws security wise.

If you hype something and it succeeds, you're a genius -- it wasn't a hype. If you hype it and it fails, then it was just a hype. -- Neil Bogart

Working...