Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:What took them so long? (Score 1) 189

by TheCarp (#48646389) Attached to: Cyberattack On German Steel Factory Causes 'Massive Damage'

Well hindsight is always 20/20. Few people look into securing their houses what haven't been robbed or known someone who was. Nobody benefits from this sort of attack; like you say, its a motive issue. Why does the production network need so much proection? Up until now it hasn't. There was nothing of any value there for anyone....only of theoretical value.

The only people who carry out this sort of attack are the ones who work for armies because they don't have to worry about personal reprisal and they are not interested in any sort of profit. Its just a game to them; and they will work to whatever goal they are told to.

Its the rise of this "cyberwar" bs that creates the danger in the first place. The only result is going to be to hurt some insurance company that is going to pay, or the steel factory, but more will be built. However, within the context of a cyber war group this is a demonstration of effecitveness or even a win for some petty head of state.

This is one more area where I was happier with the old threat of money hungry gangs and the occasional rambunctious kid than the massive politically directed machine that is supposed to protect me from them but ends up just being bigger, badder, and more capricious versions of the same.

Comment: I doubt it was North Korea (Score 4, Insightful) 231

For one thing, if North Korea was capable of this sort of hack they've got more tempting targets to use that capability on. And it's just a bit too convenient, coming on the heels of a disappointing performance by Sony, for SPE to suddenly get an excuse to get out from under another apparent flop. My bet is the hack's just another in a long string of breaches by the usual gangs of malcontents, aided and abetted by corporate obliviousness to security, and various parties are just taking advantage of superficial connections for their own reasons.

Comment: Re:Network Level (Score 1) 97

by Todd Knarr (#48640371) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

There should be more isolation, yep. When I handled POS the terminals had no local storage at all, they were network booted from images on the site server and the LAN they were on had no outside access at all. The site servers were on our own wide-area network that connected them to corporate, and there were only two network segments (Development and Support) that could connect to the site servers (sites couldn't even connect to each other). Access to the Dev and Support networks from the rest of the company was highly restricted, and any unexpected access from Dev or Support netted you a phone call and/or an in-person visit from the support manager to find out what had blown up.

I can think of ways to get malware out to the POS system through all that, but all of them involve physically being in the basement of the corporate headquarters where the Support and Development department offices were located and any unknown face would've had to avoid 2 managers and 3 secretaries before being grabbed by the scruff of the neck by Cory and hustled back upstairs (because if Cory didn't recognize you you were not supposed to be down there).

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 2) 116

by TheCarp (#48633799) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

It still doesn't take too terribly much to get around minor issues like that. I actually did that as part of a class once where the instructor made all the groups setup guest accounts with a known password and encouraged us to hack eachother's machines.

One group had accidently made /home owned by guest. Whoops. That was some fun figure out how to exploit.
I moved their home dirs (write permission on the parent dir), created new ones (ditto), then dropped a .profile (or whatever korn shell uses, they made us all use it for the class) which would move their bashrc back into place, exec it, and create a setuid shell for me as their user in a .directory owned by guest ;)

Hillariously, they only ever logged in as root so it never worked....that is, until the instructor got on there to prepare the class final project "everyone's system got hacked last night, you need to get back in and find out what they did".... well he found a bit of what I did and thought that the team whose server it was had found out about the upcoming project and gave them an extra hard problem that they were unable to solve lol!

We all had a good laugh about it later lol.

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 1) 116

by TheCarp (#48633719) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

I think the ONLY interesting point they have is that there are environments where a lot of people have wheel for one reason or another, or where wheel may be even given out by default. In such an environment, then installing this PackageKit software allows anyone to install software.... as expected.

This really is some of the dumbest clickbait disguiesed as a vulnerability that I have ever seen.

Best solution...don't put every account in wheel, and um, don't install PackageKit...unless this is what you want....perfectly reasonable on some systems like desktops.

Comment: Re:Simple answer... (Score 5, Insightful) 469

by TheCarp (#48633547) Attached to: Colorado Sued By Neighboring States Over Legal Pot

But if 100g or less is legal, why is 101g illegal? What is the purpose of such a law?
What do you actually expect it is protecting us from?

Do you feel some responsibility to violent gangs like....we created them with bad laws, and now we have to nurture them? Why do you not want legal production in the daylight where product can be weighed and inspected. Where people who defraud their customers or violent thugs who would prey on honest businessmen and their wares can be brought to justice instead of left out in the cold to the wolves....over what?

Seriously....what the fuck justifies arrest and incarceration over pot? What justifies AT ALL interfering with the lives of consenting adults over this flower? I really want to know because in 20 years of being a pot smoker the worst negatives I have seen have all been the result of these stupid laws.

Honest people being robbed and held at gunpoint with no recourse, nobody to call. Dishonest dealers who rip off their customers. Families torn apart, jobs lost, all over... some mad obsession with moralistic laws against what is, at worst, a minor vice.

Comment: Re:Quite possibly the stupidest vulnerability ever (Score 1) 116

by dissy (#48629893) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

"Oh no, Linux includes a "wheel" user group by default that grants superuser privileges to users in it! And someone could possibly add themselves to that group and gain root access!"

Or put another way:
"Oh no, Windows includes an "Administrators" group by default that grants superuser privileges to users in it! And an existing administrator could possibly add themselves to that group and gain administrator access!"

Agreed, stupidest vulnerability ever.

Comment: Re: signal blocking (Score 2, Interesting) 110

by TheCarp (#48624847) Attached to: RFID-Blocking Blazer and Jeans Could Stop Wireless Identity Theft

I have a friend who is just flabbergasted at the idea that I sometimes just turn my ringer off and don't take calls.

I like to be able to take calls or to make them when I want to. I like having a mobile gps device and all that.... um, I like having a phone, but sometimes, I don't want to be disturbed, and sometimes Iforget to turn that off for a day or two...oops... but I can still call out and thats what I pay the bill for.....

Comment: Decent backpack actually (Score 1) 129

by TheCarp (#48620847) Attached to: Research Highlights How AI Sees and How It Knows What It's Looking At

I know how they created the images, so I know its not really an image of a backpack really so much as static that has been messed with by someone in photoshop....however, if you showed me that, backpack would be high on my list of guesses.

That one really does look to me like someone washed out an image of a backpack with static.

Comment: Re:What? (Score 1) 440

by TheCarp (#48612237) Attached to: Federal Court Nixes Weeks of Warrantless Video Surveillance

This was the whole point with the NDAA too.... when you allow someone to decide that a person can be denied a trial indefinitely because the president said the magic word "Terrorist" then; in point of fact, nobody had any rights at all except the President anymore.

If you are denied your right to face your accusations in court and state your case, then you have no rights at all. If a man can decide when the law applies and when it doesn't, then the law is, in fact, not the highest power in the land and....its all a pack of lies.

Comment: heh like Skyrim? (Score 2) 447

by TheCarp (#48610619) Attached to: Virtual Reality Experiment Wants To Put White People In Black Bodies

In my skyrim playthrough I chose "Dark Elf" because it sounded cool. Only problem is, the dark elves have little representation throughout Skyrim and most groups are prejudiced against them. Everywhere I went was a bunch of racist Nords and asshole Thalmor

Pretty quickly I came to the opinion that the main factions were a bunch of racist assholes and I had no horse in their race (a metaphor for real elections), and really just hoped for as bloody a battle as possible between them both.

After a while I started to identify with that part of the character, to the point that it did effect the choices I made in the game. It really is a powerful disincentive to know you are dealing with someone who sees you right off the bad as not their equal.

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...