Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:So what (Score 1) 36

Not everyone is so butthurt about the potential to look stupid as you clearly are..

It's not looking stupid which concerns me .. I look stupid fairly constantly. That doesn't bother me.

But the whole ream of security issues caused by letting a website have the password for your email account absolutely hurts my brain. Under what other circumstances would you hand that password over to anybody? Ideally none, but suddenly a website asks for it and people do it.

The problem is the internet requires a level of paranoia which doesn't come natural to most people. Failing to assume the internet is constantly trying to fuck you over is a perilous mistake.

But, make no mistake about it, the internet is a place which does not have your best interests at heart. Which means you have to have a fairly constant mind-set that it's a potentially hostile place.

Comment Re:Not surprised ... (Score 1) 36

It may surprise you to know that tons of people successfully ignore Facebook all the time.

I have all my browsers set to explicitly not trust facebook at all .. I don't allow their shit to set cookies, run scripts, or track me across the internet. Nada. Zip.

Actively blocking and not using facebook is an entirely viable strategy.

If you can't ignore FB, that's your problem.

Comment Re:attack? (Score 1) 36

i had a more hollywood version of events in mind. using linkedin to map out government employees that can be used to identify weaknesses that are then used for blackmail.

Honestly, by the time you're talking about a nation state doing espionage ... that level of investment could be plausible.

Maybe not so much with the blackmail, but if you could then move on to some social engineering or spear phishing that's probably the point. LinkedIn likely gives you a way to identify your targets.

A bunch of hackers may not reach that level of sophistication. A nation state employing some hackers to achieve a goal has the means to do a LOT more.

Comment Re:attack? (Score 1) 36

anyone care to outline the anatomy of such an attack?

I won't claim to know the specifics, and I wouldn't tell you if I did ...

But, like all social engineering, the intent is to trick someone into believing you're someone you're not. To do this you try to give yourself some bona fides which someone will interpret as a level of trust. You then exploit that to weasel your way into gaining access or information.

Social networks designed to link you to people you don't remember or never knew just provide a mechanism whereby someone goes "oh, he knows Larry, OK, this seems fine". It causes you to let your guard down, and hopefully you play along and they get what they want.

So, if you want to gather intel on someone, posing as a recruiter means you might just hand it over to them.

Short version: trust, but verify; and if you can't verify, don't trust.

They really should teach adults about "stranger danger". It seems like people become adults, and then become naive idiots all over again. (And in fairness, social engineering can be really sophisticated and doesn't require a naive idiot.)

Comment Re:So what (Score 1) 36

Yes, they do ... and if you ever give a website your email address and the password for that email address you should consider yourself a fucking moron.

But, I think I've seen Facebook do it, I think I may have seen Google do it ... for some reason I will never understand people will do this. They think "oh, awesome, how convenient".

Why the hell anybody would let an entity like LinkedIn access to their email account is utterly mind boggling to me. Imagine walking into a store and someone just saying "hey, can I look through the contacts in your phone to sign up your friends for our rewards program?"

Why the hell people think that isn't utterly idiotic on the internet is beyond me. It's like the internet makes people stupid or something.

And letting some website have direct password level access to your stuff is mind-bendingly stupid.

Comment Re:Not surprised ... (Score 3, Interesting) 36

If someone says "I'm a recruiter", then you can choose to add them or not. Me, I don't have any interest in unsolicited recruiters trying to pester me ... I consider them like door to door salesmen or spam; I'm just not interested.

But, yes, some people do choose to link in recruiters. I personally won't do it.

This fake that I saw the other week ... it was really hard for me to identify what the heck it was. It was written in such a way as to insinuate he'd worked at a place I knew, but fell just short of stating it .. the more I read it the more I became convinced there was something quite slippery about it. In the end after some pretty careful reading I concluded the profile wasn't what it claimed to be.

I find it highly unlikely nefarious super hackers are personally targeting me, but if it was a recruiter it seemed like a pretty well crafted way to lie your way into someone's network ... and any recruiter trying that hard to mislead you about who they are isn't someone you should be trusting. At all. Ever.

So, either it was what I'd consider a really shady recruiter, or some other shady entity.

Either way, people in general need to have a little more "street smarts", both on the intertubes and in real life. Because, there's an awful lot of humans who are complete bastards and need to be distrusted. Not nearly enough people stop to think "just who the hell is this person and what are their motives?"

Which is precisely why social engineering and other con artists are so successful.

Some people think being wary and distrustful is a bad way to live .. me, I have seen enough of crap like this to know that it's better than being someone's mark and realizing you've been ripped off.

Comment Not surprised ... (Score 4, Interesting) 36

I've seen a fair bit of evidence of shady players (most of whom seem to be recruiters) on LinkedIn.

I recently got an invite from someone who had crafted their profile to strongly suggest they had worked at a previous employer, and you had to look pretty closely to realize they didn't. Either he was a shady recruiter, or an even shadier player -- definitely a profile which took me several minutes to look at against who I thought it could me.

I have a fairly firm policy that if I don't know you, I'm not adding you. So all those recruiters who are obviously recruiters get ignored.

But the ones who have carefully crafted a profile to mislead you into thinking it could be someone you know, those are much more worrying. I even saw that one of those misleading ones had been added by someone I did formerly work with, because it was a good enough fake that people would fall for it.

This has always been a problem with social networks in my opinion: if the goal is to collect as many links as possible without actually stopping to think of "just who the hell is this person again?", then people are going to be suckered into linking to people they don't know at all.

So you pretty much have a platform in which people are trying to expand their network, and don't seem to think critically enough about just who those people are and if you really want a random recruiter or someone you don't know in your network. Me, I've pretty much decided that I won't link to people I don't actually know.

So, am I surprised to see stuff like this? Not hardly, because in a lot of ways LinkedIn is as much of a pest on the internet as Facebook and Twitter. And if fooling people into adding you into their network gives you a way to fool more people, it's all the more reason to look at those invites and ask "who the fuck is this and why the hell do I care?".

Comment Re:Bullshit ... (Score 5, Insightful) 449

No, the point (made many times already, try googling for once)

Oh go fuck yourself.

VW lied about how they achieved these numbers, and are claiming a couple of software engineers are the culprits.

So, yes, actual mechanical parts they never implemented and then lied about, and now they're looking for a scapegoat.

The people responsible for the engine design pretty much had to know this. Blaming it on software engineers is an outright lie.

They lied about how they did this, they lied about how they faked it, and they're lying about who is at fault. The only "clever design" was systematic fraud.

Comment Bullshit ... (Score 5, Insightful) 449

Aren't there actual mechanical parts of the engine which simply weren't even implemented and then this kludge was done in software?

You can't design this way of cheating without people who know the details of the engine signing off on it.

This is so much bullshit it isn't funny.

A software engineer could not have made the decision to leave off the components which were supposed to make clean diesel.

This is purely about finding a scapegoat.

Comment Pretty much screwed ... (Score 1) 36

He allegedly encouraged the hackers to use the credentials to âoego fuck some shit up.â

And, really, if that was his attitude, he gets no sympathy.

In terms of the definition of "computer fraud and abuse", that's pretty much it.

Of course, the problem is you could do a LOT of non-digital crimes and do a LOT less time, which makes me ask if these prison sentences are even sane.

Hell, you could probably intentionally run down someone with your car and do less prison time.

Comment Re:MOOC = Massive Open Online Course (Score 1) 107

Bah ... MOOCs are for cows, you're all cows ... MOOC cow ... MOOC ... cower before me and stuff.

Yay cows ... or whatever that cow thing is supposed to say. It's cows all the way down.

MOOC may be used a lot, but so are all other bullshit buzzwords ... Massively Online Ocelots and Cows or something.

It may surprise you that a lot of us don't give a crap about these buzzwords, and don't keep track.

Now moove along.

Comment Re:Define speeding (Score 1) 153

Really? You mean I can tell the officer I was doing 80 in a 50 zone because I was passing someone?

I'm pretty sure I've never heard of passing as an exemption to speed limits. I'm pretty sure they don't write traffic laws which says "you can't go faster than X ever, unless you're passing, then it's OK".

Are you sure it's actually "legal"? Or just something you heard once?

Comment Re:Idiots (Score 1) 356

Unfortunately, in the modern context "mentally infirm" is pretty much a design feature, and people feel they're entitled to believe any old irrational shit and that should be OK.

There's a tremendous amount of people who seem to wear their own self-created ignorance as some kind of badge of honor.

"Complete idiots" now probably covers a good portion of society these days ... and we seem to accept this as a fairly normal thing.

He's dead, Jim.