Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment To stop all communication with Microsoft = work (Score 5, Insightful) 469 469

I have been going through and cataloging everything that Windows 10 does, and looking to end the communication with Microsoft component-by-component. It'll take removing packages with dism, setting group policies and making secure policies into the "default user", blocking employees being able to lock out admin simply because they want to log in to the store etc., turning off the update services, etc. It's a long road to lock down win10. You still can't keep the OS from doing anything it wants though, basically Microsoft has decided that they get to rootkit and keylog your box while background capturing your location and data files.

The first thing that admins should be doing is looking at how MS has invaded windows 7 with it's GMX and telemetry updates for the older OSs. Besides the tray ad, a whole new package of privacy invading phone-home and send your data was included in the "critical updates". There are about eight different tasks added to windows 7 scheduled tasks that even admin can't remove, they have to be manually pruned from the registry.
It takes a good amount of powershell, registry editing, and dism to script-remove this malware from windows 7, and if you were letting windows update since April, the damage is already done.

Comment Re:settled cannon for about a decade now (Score 1) 81 81

"AMD does a great job of getting open source?" AMD is the one flipping the bird, they burned users of Radeon HD 4xxx and below in Linux. This hardware was shipping integrated in new desktops/laptops in 2011+, and they abandoned their driver by 2013, leaving something that will only run in old X, so basically useless in anything Ubuntu 12.04.1 or newer.

It just takes one big FU like this for me to make sure everybody knows what AMD really thinks about Linux.

Comment Re:Uhmmmm (Score 2) 619 619

winnt4 in production is nothing, it is often required on equipment such as HP chromatographs and other lab equipment that is otherwise top-tier (before the company was destroyed by (presidential hopeful) Carly Fiorina.

If you are looking for old production equipment, I think you'd be impressed by the DEC PDP-11s still running in nuclear power plants that have a commitment to run through 2050. http://www.vintage-computer.co...

Comment Re:I know (Score 3, Insightful) 172 172

Well, I am pretty sickened by the constant data connections between Windows 10 and Microsoft. Running in a VM, the network activity light and CPU load is constant. Granted some of this is the keylogger-level telemetry that they are gathering, but my OS should never start initiating network connections without my permission; this OS wants to automatically update itself and any apps you have installed (can't be turned off unless you just kill the services), comes with dozens of scheduled tasks to do so, and encourages you to store your data, contacts, emails, etc in their apps without clearly stating that it is all being duplicated on Microsoft servers.

Annoyance #2, actually dealbreaker, is how they've made the OS almost broken if you don't use a Microsoft account login. This means that your computer's login is the same password as your email address, and is out of your control. Microsoft or anyone pressuring them can get into your (their) computer since they control the password. It is way to easy for SOHO users looking for time-wasters in the Microsoft store to convert the local account into their own user login and lock out everybody including admin. The email address of the logon is proudly displayed on the logon screen to unauthenticated users, with no way to turn this off.

Comment Re: Who? (Score 2, Interesting) 574 574

45 years old = Neil WHO? High school years were not spent listening to music like this, they were Def Leppard, Quiet Riot, and Rick Astley years. This is music for old codgers, although probably better creatively than the formulaic top 40 stuff now.

I've noticed that classic rock stations have got in tune with actual listener demos because we're getting older. When I was a kid, oldies stations would play Chuck Berry and Elvis, music that only senior citizens would have heard new. Now I turn on the classic rock station, and they are playing Nirvana, REM, and Collective Soul alongside less Stones and Pink Floyd. Won't be long before classic rock would need to play late 90s, years where there was no more rock music.

The main change this article addresses is that people are starting to no longer buy or even download music, it's good enough to just put on internet radio, since it can narrowcast exactly what you want to hear. Radio and streaming, what was one a promotion tool for record companies, has become something out of their control that IS the end product for most people.

Comment Since the summary is impenetrably obfuscated (Score 5, Informative) 45 45

Here's the narrative:

- Trend Micro documented a 0-day Java exploit, leading to it's patching http://blog.trendmicro.com/tre...

- The hacking org Operation Pawn Storm that was using the exploit got all pissy, and redirected a domain that computers infected with their malware contact, pointed it to an IP address in Trend Micro.

The domain names contacted for command and control instructions are usually randomly encoded and encrypted, and rotate on a regular basis. The crackers know what the next domain name to be used is, but they are hard to deduce from the binary. Infected systems will likely move on to contacting the next domain/ip looking for remote control instructions in hours/days.

Comment Re:Disable Java == Broken Websites (Score 1) 122 122

>> For the record, I completed my Bachelors in Computer Engineering in 2010, in the US. I never once needed a Java web plugin. I don't know how "widely used" it was back then, much less today, but it certainly wasn't required.

You're lucky, in the late 90's it was impossible to get a CS degree without at some point installing Java in your brain. Still not as bad as the C++ course where the lab portion was some crashtastic IDE on Mac OS 9.

Comment Re: How about 2015 July 15 0000UTC? (Score 3, Informative) 283 283

That's better than VMWare 5.5, which required it's own NPAPI plugin, which barely worked with an old version of Chrome on Linux, and doesn't work with any distro you can just spin up. As a cross-platform management solution, it was dead before it was born.

Worse is Chinese no-name security DVRs that are still being deployed, that require an activex plugin.

Comment Google on your phone, unstoppable data flow out (Score 4, Informative) 217 217

I have a Galaxy S5, and have encountered the same types of problems with the baked-into-the-OS Google services. I have rooted the phone, installed app-ops (useless Google window dressing), and then xposed framework and xprivacy. The level of intrusion and data capture is simply stunning.

The first thing that usually blows people mind is when they visit Google GPS location history page at https://maps.google.com/locati... - even though they weren't aware of it, every move they've made for months has been tracked down to the minute by Google. You can "turn location history off" on that web page, but the GPS is so baked into the OS that this cute web page checkbox is almost guaranteed not stop the continuous GPS gathering. In fact, after blocking location access by GPS, you get a stern warning "enable location services for gps", and the "do not ask again" is greyed out if you do not allow it, you will get nagged regularly.

Your phone is essentially rooted. If it can ring remotely, be located via GPS and be disabled by "find a phone" features, it is not you that has root on the OS. It is the company that can employ that at any time.

The Google intrusion is multifaceted once you start digging in, dozens of different components of the OS that make contact with external servers without documentation. Spending massive time disabling their access to your personal data one by one will usually result in a borked phone. One of those back doors is going to get your data even if you think you turned everything off.

Then we have the Samsung apps that are in full intrusion mode. The health app? Wants your contacts and location. The keyboard software? Wants your contacts and location.

It is of course impossible to use these devices without your entire contact list, phone and text engagement, password list, etc, being scarfed up and sent to the cloud. Any single OS library that has network access can act as a gateway to other components that look like they are otherwise behaving when they access your clipboard, screen, etc.

The biggest problem is not that every aspect of your life is tied together by a corporation, who has recordings of your voice, keystrokes of everything you've typed, pictures of you that are run through facial recognition, etc. It's that this is all going over the wire to a corporation that is too big for one government to reign in. A corporation that has had their internal communications tapped by the NSA. A corporation that "plays ball" with law enforcement by giving them their own handy web portal to data. And of course is all behind one password that can be hacked and cracked on by the entire world of hackers from lawless nation states. Soon coming to a Windows 10 computer near you.

Comment Re:Die, white whale, die (Score 1) 249 249

Starbucks does acquire, gut, and destroy. In the Pacific Northwest there was a small chain called "Coffee People", that made an excellent product, including coffee milkshakes (not just coffee sugar slurpees). They sold out to Starbucks, and within a year all the locations were shuttered, except about 10% where the real estate was useful and were closed and turned into Starbucks.

The "Seattle's Best" brand was bought in 2003, and within months their production was closed and moved to Starbucks HQ. The brand survives probably just to take double the retail shelf space and make customers they are getting a choice.

Submission + - Cyberlock lawyers threaten security researcher over vulnerability disclosure

qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states:


The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i .. hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results.

What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity?

Comment "Monitors black hat sites??" (Score 1) 141 141

I was going to dissect the security service for not taking customer data importantly, but the linked articles have no mention of "Microsoft monitoring black-hat sites for employee credentials" at all. I don't know where the Slashdot article editor got that.

Advanced threat analytics is from Microsoft's acquision of Aorato last November, who's main product protected against internal threats by warning of non-typical login activity:

A compromised employee's mobile device exposes the organization, through Active Directory, to identity theft and information disclosure.

Monitoring and auditing solutions (such as tracking changes) of Active Directory cannot correlate information between entity behavior and information residing in Active Directory.

Never invest your money in anything that eats or needs repainting. -- Billy Rose

Working...