Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:Touchscreens Suck for Situation Awareness! (Score 1) 66

by mlts (#48649983) Attached to: "Infrared Curtain" Brings Touchscreen Technology To Cheap Cars

Nail, head, hit. My vehicle (which was bought with a non touch screen) has all the basic controls available by buttons or dials. No need to take the eyes of the road to look at the touch screen, punch a tab on it to select the A/C or heat, tap and drag a slider up and down, then hit another tab to control fan speed. Of course, with how UIs are, there will be lag where you can't tell the device noticed your tap or not. At least with a dial, you know that it registered it due to tactile clicks.

My biggest complaint about newer cars is the fact that a touch screen is needed, coupled with the fact that the audio head is on the same CAN as the radio... which means if the radio glitches, the car can stall or go haywire in random ways.

Comment: Re:Why bother? (Score 1) 362

Funny thing is C# isn't where .NET is and isn't where its popularity comes from. is why .NET is popular, and unfortunately why the GP is wrong.

Shame, but I'm hoping an influx of interest now the platform is open source will move .NET more towards C#. And I hope the superiority of C# to tJPL will, ultimately, move Enterprises to the platform. Java has stagnated in large part because its real competition - that nobody wants to admit - are PHP and Visual BASIC. And, ironically given Oracle's actions against Google, Android is the only thing giving non-Enterprise developers exposure to the language and keeping it in the public eye.

A sudden popularity in C# may push Java to be more relevant, and if Java fails, we might see some interesting moves in areas that have traditionally been Java based.

Comment: Re:Never could get into Star Trek (Score 1) 103

by ThePhilips (#48644439) Attached to: Behind the Scenes With the Star Trek Fan Reboot

3. Badly done aliens, with a lame explanation.

After watching the Japanese "Fafner" TV animation, I was quite intrigued by the whole "assimilation" idea. Tried to watch the Star Trek version of it - and was largely disappointed.

The "Q" are one hell of a plothole - but still pretty much the only "true" aliens in the Start Trek.

Comment: More of the same (Score 1) 103

by ThePhilips (#48644425) Attached to: Behind the Scenes With the Star Trek Fan Reboot

intent on keeping true to the spirit of Gene Roddenberry's television show.

That's just another way of saying "more of the same".

I can understand why the entertainment industry is so obsessed with the canons: to not dilute value of the original.

But I still can't grasp the why the fans are so obsessed with the "more of the same"?

P.S. I like how Japanese animes often parody and make fun of themselves. I like how they sometimes shuffle the roles and characters. Occasionally the shenanigans are way too transparent and shallow - but sometimes very brilliant and deeps ideas come out of it.

Comment: How is this new? (Score 0) 31

by FuegoFuerte (#48643331) Attached to: New Record Set For Deepest Dwelling Fish

"it's so weird-looking; it's up in the air in terms of what it is. It is unbelievably fragile, and... it looks like it has wet tissue paper floating behind it. And it has a weird snout — it looks like a cartoon dog snout."

Sounds an awful lot like someone I saw walking out of the women's restroom at WalMart once.

Comment: Re:BitTorrent Maelstrom (Score 1) 84

by ThePhilips (#48641069) Attached to: Tor Network May Be Attacked, Says Project Leader


Dismantling the centralized institutions one by one - DNS, IANA/RIRs, hosting providers - whatever Maelstrom is capable of - is a step in the right direction.

If sufficient number of decentralized alternatives appears, one can try to nest them like a russian dolls. More layers of the nested services - higher the privacy (at the potential cost of reliability).

Comment: Re:Nice! I was one of the ones hit by these charge (Score 1) 51

by squiggleslash (#48640867) Attached to: T-Mobile To Pay $90M For Unauthorized Charges On Customers' Bills

At least you got some unsolicited text messages ;-) Most victims of this scheme, my wife included, never even got that. There was literally no connection between activity on our accounts and the unauthorized charges.

To this day I find it unfathomable T-Mobile would allow any company to add charges to one of their customer's bills on their say-so. At the very least, I'd expect a "Show an example of a text message FROM customer TO creditor" requirement, something T-Mobile (and apparently the other companies to, according to Legere) never bothered to require.



Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony 167

Posted by timothy
from the forewarned-is-forearmed dept.
wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

Comment: Re:Sure... (Score 1) 328

There is a balance between going back to paper and double-entry books versus putting the whole thing so close to the Internet that a single compromised box can make it easy for an attacker to slurp everything down. There are also tools to help separate data, but yet allow people to do their daily jobs.

VDIs come to mind. If one can serve up apps from different desktops, a user can have an external Web browser, internal Web browser, E-mail, the internal finance application, with appropriate separation between all of them.

On a different level is putting assets behind Citrix or RDP. The user can manipulate them, but doesn't have access to fetch the files. This helps limit potential damage, the worst thing being RATs, next would be screenshot snappers/keyloggers, but again, the signature of a RAT should be detected by the network IDS/IPS, especially if that network doesn't allow access to the external Internet other than through an application.

So, there is a balance between unfettered Internet access and a complete airgap, with security maintained. As an extreme, there is always moving back to a text terminal emulator and using SSH or even a 3270 emulator as opposed to going all the way back to paper and pencil.

Comment: Re:Why Apple? (Score 1) 193

by FuegoFuerte (#48636491) Attached to: Investigation: Apple Failing To Protect Chinese Factory Workers

Actually, suicide is typically not talked about in Western media because they're trying not to encourage copycats. That's why, with very few exceptions (Robin Williams, other famous people) you typically won't find anything in the paper. I know Microsoft has had at least one jumper from the Lincoln Square office in Bellevue, other tech companies probably have too. Funny thing, anywhere you treat people as sub-human for long enough, strange psychological things happen and they start to lose the will to live.

But, by and large, I agree with the lack of coverage in the media. People who may be borderline suicidal can be triggered by reading about other peoples' suicides, no need for the media to perpetuate the problem with in-depth coverage and how-to guides.

Comment: Re:How naive... (Score 4, Insightful) 88

Your use of the term "naive" suggests you think it's designed that way due to conspiracy.

SS7 is a protocol designed to do all these things because it's designed to manage the phone network. That's it's job. If it didn't do those things, it couldn't be used to route phone calls.

Does it have poor security? Yes in the 2014 world, but at the time it was developed virtually every phone company was a monopoly, and it was just assumed only a small handful of easily accountable giant telcos, usually only one in each nation, would ever use it directly. You might just as well criticize non-networked single-user circa-1977 CP/M for not having logins and user/group ownership of files.

Comment: Re:North Korea has proved something. (Score 2) 220

by mlts (#48634395) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

Hacking something on the Internet is one thing. Compromising SIPRNet or NIPRNet... completely different.

I wonder when businesses will stop trying to put band-aids on this problem and actually build a WAN between themselves that isn't the Internet, nor is connected to the Internet directly. It wasn't that long ago when the Internet wasn't the only WAN (DECNet anyone.) Maybe it is time for businesses to start getting leased lines, laying fiber, and creating networks that are well separated. For smaller businesses, ISPs could offer connections not just to the Internet, but to the business WAN, with ACL rules in place so if machines are not arranged to communicate with each other, they can't.

Again, this isn't a 100% measure... but it sure ups the ante to requiring physical access, especially if endpoints encrypt all traffic between each other.

As for malware, a decent IDS/IPS would have stopped those attacks cold. Some SANs (NetApp for one) can offer tools to look at logical drives and scan off-box for the bad stuff.

Comment: Re:Wow. This whole sorry clusterfuck sucks (Score 1) 549

by squiggleslash (#48633937) Attached to: FBI Confirms Open Investigation Into Gamergate

Most of the people I've seen speaking out against GG seem to be the politcally correct thought police

Or... the loudest voices against GG have been those targetted by GG, who by and large are people seen by GG to be Feminists and widely misrepresented as a thought police rather than people sharing concerns they have about sexism.

"No job too big; no fee too big!" -- Dr. Peter Venkman, "Ghost-busters"