Forgot your password?
typodupeerror
Cloud

Apple Denies Systems Breach In Photo Leak 311

Posted by Soulskill
from the not-my-fault-i-promise dept.
Hamsterdan notes that Apple has posted an update to its investigation into the recently celebrity photo leak, which was attributed to a breach of iCloud. Apple says the leak was not due to any flaw in iCloud or Find My iPhone, but rather the result of "a targeted attack on user names, passwords and security questions." Despite this, Wired reports that hackers on an anonymous web board have been openly discussing a piece of software designed for use by law enforcement. Whether it was involved in the celebrity attacks or not, it's currently being used to impersonate a user's device in order to download iCloud backups.

"For Apple, the use of government forensic tools by criminal hackers raises questions about how cooperative it may be with Elcomsoft. The Russian company’s tool, as Zdziarski describes it, doesn't depend on any 'backdoor' agreement with Apple and instead required Elcomsoft to fully reverse engineer Apple’s protocol for communicating between iCloud and its iOS devices. But Zdziarski argues that Apple could still have done more to make that reverse engineering more difficult or impossible." Meanwhile, Nik Cubrilovic has waded into the data leak subculture that led to this incident and provides insight into the tech and the thinking behind it.

Comment: a multi-sensical cloaking device (not just sight) (Score 1) 828

by dberstein (#28037685) Attached to: I'll keep my castle secure primarily with ...
The device would create the illusion of a standard habitat (sound, sight and smell) to those outside... but inside the cloaked frontier you'll perceive all wonders of my castle. The main point is that I need not to defend from those that don't intend on attack me. Since for the "world" there's nothing special in my castle, why would they want to spend resources attacking me?

Comment: Re:Um, (Score 2, Interesting) 109

by dberstein (#27292821) Attached to: Giving Your Greytrapping a Helping Hand
Webmail as your primary MUA?! Are you kidding me?
I guess that's like saying skateboarding should be your primary transportation vehicle. Some people do it I suppose, but is it the best idea?
Get your own infrastructure and access your emails as you wish, like for example mutt on a remote terminal, or webmail (squirrelmail), or in any mobile IMAP client (my iPhone works great).
What about backups? What if tomorrow they change the policy of old/archived message?
I do have a couple of gmail accounts, but those are mostly for redundancy and seldom used by me.

Comment: Re:Um, (Score 2, Informative) 109

by dberstein (#27291751) Attached to: Giving Your Greytrapping a Helping Hand
I run my own mail server(s) and actually the number of spams I get is quite low with a daily average of 0.75 spams per day. That's down from ~20 spams a day before I enabled gray listing, RBL on my MTA and HELO restrictions.
There 0.75 spam/day emails are detected by my MUA's spam filter, meaning I tend to never have a spam email in my inbox!
You can find good/reliable VPS'es from $10/mo. that'll allow you to:
  • Run your own DNS servers.
  • Run your own SMTP/IMAP/POP servers (Postfix/Dovecote make a great combo).
  • Run your own web server.
  • Practice/learn sysadmin skills.
  • No lock-in to any vendor.

I rather pay for my own VPS than pay Google for a freaking email account and/or their App Engine.

Comment: Give a man a fish... (Score 2, Insightful) 936

by dberstein (#27142681) Attached to: Living Free With Linux, Round 2

Give a man a fish...

To click icons and tick boxes you need to first understand the meaning of them, rationalize which of these elements fulfill your desired goal, and then activate the proper GUI widgets... each time to you're confronted with the GUI.

...Teach a man how to fish and he'll eat every day.

Using the CLI you need to know before hand the arguments/parameters that will fulfill your desired goal. It requires preparation (i.e. read the man page), but once you learn it it stays with you.

IMO CLI provides a more immutable interface, as opposed to GUI widgets that can and will change over time.

Software is a tool than when someone uses routinely its sensible to expect him to learn how to use it properly... for the rest of the human race there is Windows.

I couldn't be happier that the Linux experience is different from the Windows experience! Attempting to make a Linux or OSX experience Windows-er is as wrong, futile and useless as trying to compare a high-school romance with your spouse.

Comment: My spam fighting recipe and some theories (Score 1) 597

by dberstein (#24615459) Attached to: Where Has All My Spam Gone?
I have a similar setup, but got tired of content filters at the MTA level. My solution was to configure Postfix (my MTA) to abide more closely by RFCs (specifically for ELO|HELO commands) and install postgrey (`aptitude install postgrey`). Of course ensure you're not an open relay.
These measures decreased the number of spam arriving at my inbox by 90%. The spam that reaches my mailbox is handled by my MUA (Mail.app currently). The volume is low enough for me to check if its working. It does! As it was already commented read your mail logs... they make a fun read!
As for your sudden decrease of mostly spam incoming emails, some theories:
1. Some big telco closed port 25 for residential customers?
2. The recent DNS saga called sysadmins around the globe to check their servers and apply security patches and perhaps close open relays.
Businesses

+ - Borders.com Email Database Stolen?->

Submitted by
borderstheft
borderstheft writes "Two nights ago, the plus-based address I gave to Borders.com started receiving spam and virus-containing emails. No other plus-based address at the domain has been receiving spam of any kind. I attempted to contact Borders.com but they won't acknowledge there is a problem. If there email database has been stolen, what else could be at risk? Can anyone else serve as verification of the problem?"
Link to Original Source
Businesses

+ - My company's website was plagiarized: what next?-> 1

Submitted by
Anonymous
Anonymous writes "After a recent design revamp, I discovered that my company's website (www.ripstyles.com) has had a large portion of its content "ripped off." After digging through this other site (I am purposefully leaving out the URL) I have discovered that they have taken quite a bit of content from multiple other websites besides my own. A few calls and emails have been disregarded on their part ("Sorry....my boss is out sick...), and I'm trying to avoid legal action for as long as possible. It seems inevitable though, and I have to ask: do I owe it to the other companies to show them that their content has been plagiarized, or is it their own problem? If so, should I take this on alone? What would you Slashdot readers do in this situation?"
Link to Original Source
Privacy

Privatunes Anonymizes iTunes Plus 176

Posted by CmdrTaco
from the i-don't-know-if-anonymizes-is-a-word dept.
njondet writes "French-law.net reports that Ratatium.com, a French website specialized in technology news and software downloads, has just launched Privatunes, a free software that anonymizes DRM-free files bought on iTunes Plus. Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns. Ratatium.com explains (in French) that Privatunes is aimed at guaranteeing the privacy of users but also their rights as consumers to freely share and trade the songs they have purchased. However, the claim that this software is perfectly legal will surely be tested."
Software

+ - DrinkOrDie leader senteced to 4 years jail->

Submitted by Anonymous Coward
An anonymous reader writes "Hew Griffiths, the long-time leader of the DrinkOrDie software piracy network and an elder in the underground Internet piracy community, will spend 4 years in jail. Griffiths pleaded guilty to two copyright-related charges in U.S. District Court for the Eastern District of Virginia in Alexandria. His sentence is half of what he faced. http://www.computerworld.com.au/index.php/id;15031 07502"
Link to Original Source

What this country needs is a good five dollar plasma weapon.

Working...