Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Give 'em what they want (Score 1) 294

by rajats (#46778545) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board
It seems that the process is not that bad (even though your description does look a lot worse). Subscribe to the Microsoft Security Bulletins and they have a full description of each patch that they put out on Patch Tuesday (e.g., https://technet.microsoft.com/...). The same goes with RHSA. Subscribe to the updates that you are interested in; these will most likely be your OS, web servers, app servers, other software installed. Similarly, most vendors run security patch announcements. There will likely be a lot of noise but in a couple of months you will know how to extract the information the change advisory board needs. Here's the positive aspect of CAB: if you screw something up, you have someone else to blame! ;-)
Networking

Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks 179

Posted by Unknown Lamer
from the check-your-sources dept.
msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.

Comment: Windows Security issues for this exercise (Score 1) 164

by rajats (#33916022) Attached to: How Cornell Plans To Purge Campus Computers of Personal Data
If they use some kind of domain administrator passwords for this software to run guess what, the domain administrator credentials could be cached in every single computer. If a local administrator was on the machine and wanted to compromise, he/she could run hash stealing software when this "process" runs and compromise the domain. The least possible privileges for a process that does this data searching will be difficult to determine. A trade-off will have to be done between accessibility of files and a lesser privileged account to be used for an exercise like this on Windows.

Comment: Shifting the risk (Score 2, Insightful) 225

by rajats (#31789060) Attached to: Why Lenders Overlook Warning Signs of ID Theft
The credit card companies and banks are wanting to shift the residual risk to the customers. That's why they want you to pay for "SafeProtect" etc. for which you have to pay in advance so they monitor any ID thefts. My question is shouldn't they already be doing that? If yes, then why do they want you to pay for it? Cost reduction in my humble opinion.

Comment: Fairness? (Score 1) 152

by rajats (#22453380) Attached to: Hacker Could Keep Money from Insider Trading
Well...he got the money from a by-product of a fringe benefit of the hack (Hack->useful information (insider info)->steal). Would a similar argument be applicable if he was able to siphon money from individuals' accounts had he gained some passwords (Hack ->useful information(passez) -> steal). I wouldn't think so.
Agreed, that he was not an insider so he can't be convicted for insider trading...but there should have been at least one more lawsuit going against him!
Businesses

MySQL Hits $50 Million Revenue, Plans IPO 124

Posted by samzenpus
from the they-grow-up-so-fast dept.
An anonymous coward writes "MySQL, purveyor of the open-source database of the same name, is on the road to becoming a publicly traded company, bolstered by $50 million in revenue in 2006. "It's still in the pipeline," Chief Executive Marten Mickos said of the plan to hold an initial public offering of his company's stock. He declined to discuss when the company planned to go public, but said, "We're making good progress, doing all the things we need to get done.""

"Time is money and money can't buy you love and I love your outfit" - T.H.U.N.D.E.R. #1

Working...