Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Give 'em what they want (Score 1) 294 294

It seems that the process is not that bad (even though your description does look a lot worse). Subscribe to the Microsoft Security Bulletins and they have a full description of each patch that they put out on Patch Tuesday (e.g., https://technet.microsoft.com/...). The same goes with RHSA. Subscribe to the updates that you are interested in; these will most likely be your OS, web servers, app servers, other software installed. Similarly, most vendors run security patch announcements. There will likely be a lot of noise but in a couple of months you will know how to extract the information the change advisory board needs. Here's the positive aspect of CAB: if you screw something up, you have someone else to blame! ;-)
Networking

Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks 179 179

msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.

Comment Windows Security issues for this exercise (Score 1) 164 164

If they use some kind of domain administrator passwords for this software to run guess what, the domain administrator credentials could be cached in every single computer. If a local administrator was on the machine and wanted to compromise, he/she could run hash stealing software when this "process" runs and compromise the domain. The least possible privileges for a process that does this data searching will be difficult to determine. A trade-off will have to be done between accessibility of files and a lesser privileged account to be used for an exercise like this on Windows.

Comment Shifting the risk (Score 2, Insightful) 225 225

The credit card companies and banks are wanting to shift the residual risk to the customers. That's why they want you to pay for "SafeProtect" etc. for which you have to pay in advance so they monitor any ID thefts. My question is shouldn't they already be doing that? If yes, then why do they want you to pay for it? Cost reduction in my humble opinion.

Comment Fairness? (Score 1) 152 152

Well...he got the money from a by-product of a fringe benefit of the hack (Hack->useful information (insider info)->steal). Would a similar argument be applicable if he was able to siphon money from individuals' accounts had he gained some passwords (Hack ->useful information(passez) -> steal). I wouldn't think so.
Agreed, that he was not an insider so he can't be convicted for insider trading...but there should have been at least one more lawsuit going against him!
Businesses

MySQL Hits $50 Million Revenue, Plans IPO 124 124

An anonymous coward writes "MySQL, purveyor of the open-source database of the same name, is on the road to becoming a publicly traded company, bolstered by $50 million in revenue in 2006. "It's still in the pipeline," Chief Executive Marten Mickos said of the plan to hold an initial public offering of his company's stock. He declined to discuss when the company planned to go public, but said, "We're making good progress, doing all the things we need to get done.""

A large number of installed systems work by fiat. That is, they work by being declared to work. -- Anatol Holt

Working...