Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Patching is NOT ENOUGH (Score 1) 136

The problem in this case is that there are workarounds allowing you to impersonate a DC. For example, someone could sniff your DNS requests and use ARP poisoning to redirect your requests for GPO files or login scripts to its own servers, and Windows would automatically downgrade its SMB security to connect to this fake DC. This could easily be done to a computer connecting in a remote network, even if its corporate trafic is in a VPN. Read up on this article from the guys who found the vulnerabiltiy:


One issue which Microsoft also did not mention is how AD-joined Windows systems by default leak a lot of info, and will send out DNS requests for domain resources from ANYWHERE. It doesn't matter that the servers aren't available from the Starbucks WiFi, Windows will still do DNS requests for "domain.local" and try to run "\\domain.local\NETLOGON\logon.bat".

Comment Patching is NOT ENOUGH (Score 5, Informative) 136

One very important part of this latest vulnerability is that patching your systems is NOT ENOUGH. The patch is not so much a fix as an entirely new security functionality which must be configured properly.

It is required to configure a group policy to harden your systems. Any domain-joined system must have both the patch installed and a group policy setup to force the system to use secure authentication and validation mechanism on any sensitive share. Domain shares such as NETLOGON and SYSVOL are an obvious priority, but any share used for software deployment or script execution must be similarly listed.

Make sure you read the KB article and take the proper steps to secure your systems:


Comment Re:Um... (Score 4, Insightful) 77

Euh locks on doors don't stop burglars. They stop kids from doing petty vandalism. Burglars can easily pick your door locks, or will simply break a window to enter.

Door locks are the equivalent of FTP server banner messages telling people "access is restricted to those authorized".

What prevents burglaries in civilized countries is the social contract, and the fact that most people have a common moral and ethical sense that tells them it's wrong. The idea that you're better off working for a decent salary and that you should respect the property of others so they'll respect you is a basic logic that holds true in many places (less so nowadays in some countries where the working poor are worse every day).

The reason it doesn't work on the Internet is because this contract falls apart because of distance and the anonymizing nature of the Internet. Not just the fact that bad guys can be pseudonymous, but because to them you're not a person, you're an IP address. It de-humanizes contact and makes it easier to justify bad behavior.

Add to it the fact that there may be a small portion of people in a city or neighborhood who are lacking enough in morality to do burglaries, but in the whole world there's a lot more of them. And although they can't all break into your house, they can all break into your computer...

Comment Re:Yeesh (Score -1, Flamebait) 584

You are a sexist troll. The fact that you got a +5 insightful on this post is disgusting.

The truth of the matter is that there is no significant difference, physiologically, between men and women, as far as the brain is concerned; and thus no difference psychologically. Almost every so-called "male" or "female" feature is a result of brain plasticity and is imparted culturally.

The way to get a girl interested in science is exactly the same way to get boys interested in science. Do not treat a woman differently from a man and you will get the same results.

Comment Seriously? (Score 0, Offtopic) 76

No one with red blood in their veins buys a sports car and hands the keys to a chauffeur

This is such a ridiculous sentence, I couldn't get past it to read the rest. First of all, veinal blood is really dark, not red. But most telling is that the writer assumes people like cars, want to drive cars, and can drive cars. I don't like them, I don't drive, and I don't own one. If I was to ever buy one, I would have someone else drive me. So according to this un-enlightened individual, I don't exist.

Comment The lottery winner problem (Score 2) 245

Planning for such an event is like planning for winning the lottery: it is almost certain will win the lottery, and it's almost certain it won't be you.

Likewise, such catastrophic events happen to someone sometimes, but you don't have to worry about it happening to you. Really. Stop worrying so much.

If you live in a tornado-targeted area, you should prepare for a tornado to hit your house.

If you live in a flood area, prepare for a flood.

It's all about statistics and the Bernoulli equation: examine the chance of something happening and the effect it could have on your life, and prepare for the events that pose a significant danger.

Comment Worst: when they use magic (Score 1) 512

I rewatched the whole series last year, and I got really annoyed at the episodes where magic is featured. There are quite a few, considering it's supposed to be a science-fiction show.

That's about every episode where Troi uses her magic powers, incidentally. I especially hate when she can sense an alien being's emotions at a distance of A FEW LIGHT-YEARS.

Comment Reliability? (Score 1) 133

What is likely to be the accuracy of this system? Even a 99% accurate system would be fairly useless. Say you get 1 rager per day out of 100 000 drivers. Over 100 days (about 3 months), it will properly flag 99 people and miss one. But during the same period would flag 1000 people per day who aren't raging or dangerous.

It's the same every time someone says they can "detect" a rare event out of a completely random sample, whether it is mass screening for rare diseases or conditions, terrorists or road rage. Unless your screening method is extraordinarily accurate, the sheer number of individuals examined by the system will cause a significant number of false positives.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.