Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Ain't surprised (Score 1) 125

by ls671 (#49085121) Attached to: Jamie Oliver's Website Serving Malware

This doesn't surprise me. I run modsecurity WAF and iptables, yes I know but iptables does the job for now, with custom rules and logging policies and it is amazing to see how many so called legitimate sites have been owned.

I used to contact site admins and participate in exchanges of offending IPs but I gave up a long time ago to run my own countermeasure system.

Boy we went a long way since the beginning with regards to that.

Comment: Re:Summary without technobabble (Score 1) 119

by ls671 (#48726985) Attached to: Bots Scanning GitHub To Steal Amazon EC2 Keys

>Thirdly, "bought" 30 million certs?

Oh and yes, that's why we were both laughing our hearts out and calling shenanigan at the same time. As I wrote in my OP, I would have been glad to generate those certs for them for 10,000$ instead of the 30,000,000$ they spent. But hey, a buck a piece for certs is a great deal, isn't it?

The usb key solution was suggested as well but the conclusion was that dumb users would lose their usb keys and that it would become too costly to manage.

In the end, we seem to be doomed unless we educate people.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...