Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Dust, critters, and humidity (Score 2) 253

One more thing to keep in mind: Mold. The heat from the computer plus the humidity in a crawlspace can cause mold. We once housed a server in a small room with a previously unknown leak in the wall. The heat from the server caused so much mold, that everyone in the bottom floor of our office had to be moved until the mold was contained.

Comment Re:Don't use the company as a playground (Score 1) 205

This is excellent advice. Contract out the service to professional penetration testers. It takes years of practice to become a good penetration tester (I've been doing it off and on for nearly 12 years).

In the mean time, this will get you pointed in the right direction:

Also, make sure you understand the difference between:
  * Vulnerability assessments.
  * Penetration tests.
  * Security audits.

The goal of a vulnerability assessment is to identify all vulnerabilities (or as many as possible). It will typically include a vulnerability scan (with a tool like Nessus) of a sample of the network. Make sure you interpret the results of the vulnerability scan into something meaningful for the customer.

The goal of a penetration test should be to provide the organization with an understanding of how (and how easy) the organization can be compromised. In this scenario, you are playing the bad guy. The goal isn't to identify all vulnerabilities, but to gain access. It is typically segmented into external, internal, phishing, social engineering, and physical tests (just follow an employee into the office when they come back from lunch. They will hold the door open for you).

A security audit will be based on the standards that the customer is interested in. Typically, there are a standard set of questions that you have to ask the customer. The customer will then need to explain what they are doing to address the question and show proof. To demonstrate proof that they are following the standards, they can provide evidence. Additionally, you will select a sample of the systems, and have the customer show that the security control is implemented on your randomly selected sample.

Good luck on your new career :)

Comment Alternatives (Score 5, Insightful) 88

Personally, I would like see one of two things happening:

1. Break up Comcast and make the new pieces share infrastructure (so they would have to compete with each other).
2. Allow the merger, but with the stipulation that laws would be put in place to spur competition. Such as allowing municipalities to bulid their own network (like Chatanooga).

While few people actually have a choice, I'm still left wishing I didn't have to choose between AT&T & Comcast.

Comment Re:13 to 15 deaths (Score 1) 518

What I was trying to communicate was let's not think of it in terms of "if it saves one life", but in terms
of "if it saves the life of someone I know" (which would have been our case).

I think the argument would have been much different
if we were trying to ban cars rather than changing something small to make it a little safer.

Comment Re:13 to 15 deaths (Score 1) 518

Hopefully Intelligent Transportation Systems ( will be mature enough to reduce those accidents/deaths as well. But for now, we will have to be content with 15 - 30 lives.

On a personal note, a close friend of ours lost their child to an accident that could have been avoided with a rear-view camera. Seeing all the pain that they went through, it makes me wish this existed back then.

User Journal

Journal Journal: Running Oracle DB modules in Kali Linux

Apparently, there is some manual work that needs to be done before one can run Oracle DB modules in Metasploit under Kali Linux. This is because of proprietary libraries from our dear Oracle.

Here are the instructions that worked for me:

User Journal

Journal Journal: TP-Link wr703n minipwner

So I followed the instructions here:
to create a minipwner box using a TP-Link mini router.

However, using an older openwrt image would break the ones with the 1.7 firmware.
Here is the fix:

Unbrick wr703n wifi router

Comment Re:SGI was doing this a looong time ago... (Score 1) 230

+1 to the parent. I used to work at SGI and, as you said, this is old news. One small note, unless rackspace is also doing something different, I believe you are talking about Rackable Systems intead of Rackspace.

This might be the first time Intel is doing it with their HW though. If I recall correctly, SGI did it with their MIPS systems.

Comment Re:Attitude (Score 2, Insightful) 165

One advantage of changing your default SSID a vanilla install is that it makes it harder to crack.
The SSID is used as salt in the encryption mechanism.

Here is an article that describes it in more detail:

Plus... having a goofy SSID is fun :) Mine is "Dialup".

User Journal

Journal Journal: Wrote my first snort rule!

Wrote my first snort rule! It detects if someone is trying to capture credentials via the auxiliary/server/capture/smb module.
More information about this type of attack is here:;

Wireless Networking

Submission + - Your Neighbor's WiFi Wants You to Vote for Romney

Hugh Pickens writes writes: "Megan Garber writes that wireless routers have become the lawn signs of the digital age particularly in large apartment buildings, where almost every unit has a unique wifi network that will be detected in turn by all the other unique wifi networks, SSIDs can be a cheeky, geeky way to broadcast messages to your immediate neighbors. Most of us keep it simple with "275_Elm_Street," "Apt23," or "my_network" but some get more creative with names like: "Apt112IHaveYourMail," "PrettyFlyForAWiFi," or "WeCanHearYouHavingSex" — a great way to freak out your annoying neighbors without hiding in their bushes or peeping in their windows late at night. Now the team at OpenSignalMaps, which maintains a database of geolocated wifi access points, analyzed the data they've collected about wireless routers to see whether wifi names are "being used to fly political colors" and have found, globally, 1,140 results for "Obama" and an additional six for "Romney" — an indication not necessarily of Romney's popularity relative to the president's, but of the attention that four years as president can confer. "There's something uniquely contemporary and incredibly old-school about that kind of broadcasting: It's messaging meant only for your immediate neighbors," writes Garber "It's both intimate and isolating, both invasive and impersonal, both omnipresent and invisible, both passive and aggressive." Which makes them a good metaphor for political discourse as it looks in the US today with its particular mix of intimacy and impersonality. "The politicized network names are like lawn signs for people who don't have lawns.""

Comment The cost of DRM (Score 0) 5

Why don't you release a 'not for commercial use' copy w/o the spying. That will prevent it from being distributed on P2P sites. The added benefit is that people would learn to use and love your software. Eventually, they can be your marketing arm and help convince management to purchase the software for business use.

Also, as you might be aware, developing DRM is very costly. The cost of DRM is expected to reach $9bln this year:


Submission + - Apple orphans Linux CUPS features- handicaps open source printing

donadony writes: "CUPS, is the printing standard that open source projects have used successfully to convert desktops and computers to become printer servers, allowing plug-in, modular type of printing. However, now Apple after it acquired it from its developer Michael Sweet, at Easy Software Products, in 2007, has chosen to abandon certain Linux exclusive features, and continuing with popular Mac OS X features.The changeover is being attempted by Appleto set new printing standards that will not require ‘drivers’ in the future. However, the journey in between from the present ‘driver-only’ printers that communities across the world are engaged to Apple’s printer-utopia, just got tougher and essentially involves more work for Linux users."

"The Mets were great in 'sixty eight, The Cards were fine in 'sixty nine, But the Cubs will be heavenly in nineteen and seventy." -- Ernie Banks