Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Is running mission-critical servers without a firewall a "thing"?

Submitted by Anonymous Coward
An anonymous reader writes "I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns."

+ - The county sheriff who keylogged his wife-> 3

Submitted by SternisheFan
SternisheFan (2529412) writes "From Ars Technica:

On April 22, 2013, Miles J. Stark of Clay County, West Virginia made a bad decision. Stark was going through a divorce at the time and had grown concerned about his wife's relationship with an "unnamed individual." So he entered his wife's workplace after normal business hours, located her PC, and installed a tiny keylogger between her keyboard cable and her computer. The keylogger would record his wife's e-mails and her instant messaging chats as she typed them out letter by letter, along with the usernames and passwords she used for various online services. Stark left the office without getting caught.

Installing hardware keyloggers can be risky even in low-security circumstances, but Stark had made his offense far worse by installing the device on a computer belonging to the West Virginia Supreme Court. Stark's wife worked for the Clay County Magistrate Court and often had occasion to enter the financial details of defendants convicted in court—including the credit cards they used to pay their fines. Stark's bid to spy on his wife's e-mails was also vacuuming up private court information, which the government was bound to take extremely seriously if it found out.

Making the whole situation just that much worse was the fact that Stark was a cop. Not just any cop, either; Stark was the county sheriff. He had served as a Clay County deputy sheriff for 16 years and in November 2012 won an election to become the chief law enforcement officer in all of Clay County. At the time of the keylogger job, Stark had been in office only three months, and if the device were ever found, Stark stood to lose his career.

It took less than three weeks. On May 6, a Supreme Court technician was out at the magistrate office doing a scheduled replacement of many of the machines; he noticed the keylogger and reported it. When the West Virginia State Police questioned Stark about the matter, the sheriff "pretended not to know what a keystroke logger was," according to a later government court filing, "a response unworthy of a law enforcement officer."

Stark held out for several months before resigning, but eventually quit his job and pleaded guilty to a federal charge of wiretapping. Federal prosecutors, outraged that a county sheriff was essentially wiretapping the judiciary, wanted a tough sentence. Anything more modest "would erroneously equate this offense with the wiretap of a private citizen by a private citizen." But Stark argued that, stupid as his scheme was, the goal had only been his wife's information—not the court's. He asked for probation.

On December 19, Stark was sentenced to two years of probation and a $1,000 fine. "You have lost your position as sheriff, lost your career in law enforcement... That alone is enough," said Judge John Copenhaver, according to the Charleston Gazette. Stark's ex-wife requested leniency and hugged Stark after the ruling.

Original Charleston Gazette story here: http://www.wvgazette.com/News/201312190019"

Link to Original Source

+ - SPAM: Increase Conversion by traffic

Submitted by jmarley
jmarley (3431871) writes "If you already have significant traffic coming to your site, there are two options that will increase revenue. You [spam URL stripped] conversion and get more profit out of existing visitors or 2. Increase ad spend and get more visitors to the site.

Here’s what most online businesses typically do when they want to increase revenue & profit

They throw more money at traffic generation.Let me show you why this is putting the cart before the horse.

Let’s say you have the following key [spam URL stripped] visitors per month
1% conversion to sales @ $100 each (100 sales x $100 = $10,000 in revenue)
$5,000 marketing expense per month (.50 per visitor)
$10,000 – $5,000 = $5,000 profit
ROI = 100%When you simply throw more money at traffic generation without optimizing [spam URL stripped] visitors per month (traffic increase due to spending more on marketing)
1% conversion to sales @ $100 each (140 sales x $100 = $14,000 in revenue)
$7,000 marketing expense per month (we assume the same .50 per visitor)
$14,000 – $7,000 = $7,000 profit
ROI = 100% (so you increased your profit by $2,000 per month but ROI is the same)When you optimize conversions BEFORE you spend more on traffic generation:(let’s use the same numbers from above and assume conversion rate lift from 1% to 2%)10,000 visitors per month
2% conversion to sales @ $100 each (200 sales x $100 = $20,000 in revenue)
$5,000 marketing expense per month (.50 per visitor)
$20,000 – $5,000 = $15,000 profit
ROI = 300%You just increased profit by $10,000 per month and tripled your ROI without spending a dime on additional marketing or advertising (and that is only on an increase of conversions from 1% to 2%).Here’s what the numbers look like when you spend more on traffic generation AFTER you’ve optimized for [spam URL stripped] visitors per month (traffic increase due to spending more on marketing)
2% conversion to sales @ $100 each (280 sales x $100 = $28,000 in revenue)
$7,000 marketing expense per month (we assume the same .50 per visitor)
$28,000 – $7,000 = $21,000 profit
ROI = 300%Throwing money at more traffic BEFORE optimization: $7,000 profitThrowing the SAME AMOUNT of money at more traffic AFTER optimization: $21,000 profitIn this case study, you are losing $14,000 every month by doing things in the wrong order."

Link to Original Source

+ - EPA makes most wood stoves illegal

Submitted by Jody Bruchon
Jody Bruchon (3404363) writes "The Environment Protection Agency has lowered the amount of fine-particle matter per cubic meter that new wood stoves are allowed to release into the atmosphere by 20%. Most wood stoves in use today are of the type that is now illegal to manufacture or sell, and old stoves traded in for credit towards new ones must be scrapped out. This shouldn't be much of a surprise since more and more local governments are banning wood-burning stoves and fireplaces entirely, citing smog and air pollution concerns."

+ - Silicon Valley could be heading for a new stock collapse.->

Submitted by billcarson
billcarson (2438218) writes "Even though for most of us the recession is far from over, analysts are worried the technology sector might be heading for its next bubble. Technology stocks are at records highs at the moment. Companies that have no sound business plan have no difficulty in raising capital to fund their crazy dreams. Even Yahoo is again buying companies without real profit (Tumblr). Andreessen Horowitz, a major venture capitalist in Silicon Valley is already pulling up the ladder. Might this be an indicator for more woe to come?"
Link to Original Source

+ - It's All UpTo You->

Submitted by Anonymous Coward
An anonymous reader writes "See what becoming part of the community of Mary Kay Independent Beauty Consultants can offer you. Flexibility with your time. The latest technology. Friendship and support from an inspiring community of successful businesswomen. Open-ended earning potential. And of course, innovative of looking good , cosmetics and skin care products.And the 50% you will make . What are you waiting for? Learn more about the Business opportunity."
Link to Original Source

+ - Feds confiscate investigative reporter's confidential files during raid->

Submitted by schwit1
schwit1 (797399) writes "Using a warrant to search for guns, Homeland security officers and Maryland police confiscated a journalist’s confidential files.

The reporter had written a series of articles critical of the TSA. It appears that the raid was specifically designed to get her files, which contain identifying information about her sources in the TSA.

        “In particular, the files included notes that were used to expose how the Federal Air Marshal Service had lied to Congress about the number of airline flights there were actually protecting against another terrorist attack,” Hudson [the reporter] wrote in a summary about the raid provided to The Daily Caller.

        Recalling the experience during an interview this week, Hudson said: “When they called and told me about it, I just about had a heart attack.” She said she asked Bosch [the investigator heading the raid] why they took the files. He responded that they needed to run them by TSA to make sure it was “legitimate” for her to have them. “‘Legitimate’ for me to have my own notes?” she said incredulously on Wednesday.

        Asked how many sources she thinks may have been exposed, Hudson said: “A lot. More than one. There were a lot of names in those files. This guy basically came in here and took my anonymous sources and turned them over — took my whistleblowers — and turned it over to the agency they were blowing the whistle on,” Hudson said. “And these guys still work there.”"

Link to Original Source

+ - PHP.Net Confirms Compromise->

Submitted by whtghst1
whtghst1 (2619187) writes "PHP.net confirmed today their servers where compromised.

From PHP.net...

As it's possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.

To summarise, the situation right now is that:

JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
Neither the source tarball downloads nor the Git repository were modified or compromised.
Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it."

Link to Original Source

+ - Rural Population Not Needed For Farming But For Cannon Fodder->

Submitted by Anonymous Coward
An anonymous reader writes "US Secretary of Agriculture Tom Vilsack wants to increase rural farmers in the US, but not to grow more food. "In 2012, for the first time ever — rural America lost population in real numbers — not as a percentage but in real numbers. Although rural America only has 16 percent of the population, it gives 40 percent of the personnel to the military." See more at: http://transitionvoice.com/2013/08/rural-population-not-needed-for-farming-but-for-cannon-fodder/"
Link to Original Source

+ - Network Scientists Discover the 'Dark Corners' of the Internet ->

Submitted by KentuckyFC
KentuckyFC (1144503) writes "Network theorists have always simulated the spread of information through the internet using the same models epidemiologists use to study the spread of disease. Now Chinese scientists say this isn't quite right--it’s easy to infect everybody you meet with a disease but it’s much harder to inform all your contacts of a particular piece of information. So they've redone the conventional network simulations assuming that people only ever transmit messages to a certain fraction of their friends. And their results throw up a surprise. In these models, there are always individuals or clusters of individuals who are unreachable. These people never receive the information and make up a kind of underclass who eke out an information-poor existence in a few dark corners of the network. That has implications for organisations aiming to spread ideas who will have to think more carefully about how to reach people in these dark corners. That includes marketers and advertisers hoping to sell products and services but also agencies hoping to spread different kinds of messages such safety-related information. It also raises the interesting prospect of individuals seeking out the dark corners of the internet, perhaps to preserve their privacy or perhaps for more nefarious reasons."
Link to Original Source

+ - How to FIx Healthcare.GOV: Go Open-Source!-> 1

Submitted by McGruber
McGruber (1417641) writes "Over at Bloomberg Businessweek (http://www.businessweek.com/articles/2013-10-16/open-source-everything-the-moral-of-the-healthcare-dot-gov-debacle), Paul Ford explains that the debacle known as ealthcare.gov makes clear that it is time for the government to change the way it ships code: namely, by embracing the open source approach to software development that has revolutionized the technology industry."
Link to Original Source

+ - Oracle attacks Open Source; says community developed code is inferior->

Submitted by sfcrazy
sfcrazy (1542989) writes "Oracle has a love hate relationship with Open Source technologies. Oracle claims that TCO (total cost of ownership) goes up with the use of Open Source technologies, basically to build a case of selling its own over prices products to the government. Oracle also attacks the community based development model calling it more insecure than company developed products. You can read the non-sensical paper here."
Link to Original Source

+ - Could Snowden Have Been Stopped in 2009? 4

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com (2995471) writes "The NYT reports that when Edward Snowden was working as a CIA technician in Geneva in 2009, his supervisor wrote a derogatory report in his personnel file, noting a distinct change in the young man’s behavior and work habits, as well as a troubling suspicion that Snowden was trying to break into classified computer files to which he was not authorized to have access. But the red flags went unheeded and Snowden left the CIA to become a contractor for the NSA so that four years later he could leak thousands of classified documents. In hindsight, officials say, the report by Snowden's supervisor and the agency’s suspicions might have been the first serious warnings of the disclosures to come, and the biggest missed opportunity to review Snowden’s top-secret clearance or at least put his future work at the NSA under much greater scrutiny. Had Booz Allen or the NSA seen Snowden's CIA file before hiring him, it almost certainly would have affected his employment says Dashiell Bennett. “The weakness of the system was if derogatory information came in, he could still keep his security clearance and move to another job, and the information wasn’t passed on,” says a Republican lawmaker who has been briefed on Snowden’s activities. It's difficult to tell what would have happened had NSA supervisors been made aware of the warning the CIA issued Snowden in what is called a “derog” in federal personnel policy parlance. “It slipped through the cracks,” says one veteran law enforcement official. The Snowden affair "seems to have been a result of malicious intent on Snowden’s part and staggering incompetence on the part of the CIA and NSA," writes Seth Mandel. "If the NSA wants the president to use his pulpit to defend the broad powers of the NSA, they’re going to have to give him more that’s worth defending.""

C for yourself.

Working...