Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Probably a few sites were hacked (Score 4, Informative) 203

by malakai (#47874563) Attached to: 5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

Can confirm. the password it had for one on my Gmail account e-mails was a password I use on 'throw away' websites. Think phpBB and the like. I never used this password on my GMail, or any account I cared about.

I checked two other g-mail accounts that I primarily use for work, and neither were on the list.

I'm going to say some of these are just harvested from old phpBB exploits. Sometimes I would use my throw away password for things I considered useless, like twitter and the like. So I guess it's possible it came from a bigger leak, that was deemed unworthy by me for enhanced security.

Also, many of my primary passwords have the website initials built into it. Like "sdblahblahblah" for slashdot. The password in the leak was not from any of my main primary sites ( amex, citibank, google, /., networking/dns sites, AWS, amazon, etc...).

Comment: Three duh's from the article: (Score 1) 60

by malakai (#47581021) Attached to: Multipath TCP Introduces Security Blind Spot

Three duh's from the article:

Trust models users and networks have fostered with Internet providers are also changed—and in some cases broken. Contrary to that, providers will no longer be able to sniff traffic—under court order for example—unless they work hand in hand with other providers handling split traffic sessions.

They lost me at "Trust models users .... have fostered with Internet providers".... Duh.

“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”

Who cares? And if you really care enough, and you are a suveilance state, you can sniff from the soruce, or a common route in between in which all the data flows. Will you have to spend a little extra CPU and Memmory to piece together the full stream? yeah, duh.

Finally, Pearce said, there will be ambiguity for firewalls about what incoming and outgoing traffic looks like. She said that MPTCP enables endpoints to tell servers there are other addresses to which the server may connect, but the firewall may not necessarily interpret that as an outgoing connection.

And not very hard to fix for the firewall vendors. Will you have to patch your FW? Probably. Is that a problem? No, duh.

Comment: Re:US investigators like Southern ping arc (Score 2) 145

by malakai (#46500149) Attached to: US Navy Strategists Have a Long History of Finding the Lost

I'm not positive about this, but I don't think they need to turn on 'another' transponder, they just need to change their transponder code. I'm pretty sure pilots dial in the code based on what the tower tells them to use. I don't think every transponder is guaranteed unique, and traceable.

Comment: Re:Lotsa hate going on here (Score 1) 166

by malakai (#46387373) Attached to: Invention Makes Citibikes Electric

In NYC, a lot of the delivery guys ( well the Chinese guys ) have some sort of clockwork style bike mod on their delivery bikes. It mounts under the seat and attached to the drive train, and they must be storing energy into a spring or some other mechanical way, then they pop a button and you hear 'click click click' and the bike goes up the hill as they guy coasts on the pedals.

I'm always leery of those contraptions. Just waiting for one to fail catastrophically and send metal gears into bystanders.

Comment: O.M.G (Score 4, Funny) 168

by malakai (#46379653) Attached to: Damming News From Washington State

This is the problem with Hydro power. This is why we should go 100% solar and not use electricity at night. We can't safely use Hydro, it's too dangerous, the pressure levels and engineering is too dangerous and a single mistake could kill an entire ecosystem.

Think of the children down river from this dam!

If you have any incandescent bulbs, _YOU'RE_ to blame as well.

-Francis Candlemaker

Government

Edward Snowden and the Death of Nuance 388

Posted by samzenpus
from the cut-and-dry dept.
Trailrunner7 writes "As the noise and drama surrounding the NSA surveillance leaks and its central character, Edward Snowden, have continued to grow in the last few months, many people and organizations involved in the story have taken great pains to line up on either side of the traitor/hero line regarding Snowden's actions. While the story has continued to evolve and become increasingly complex, the opinions and rhetoric on either side has only grown more strident and inflexible, leaving no room for nuanced opinions or the possibility that Snowden perhaps is neither a traitor nor a hero but something else entirely."

Comment: Re:Sounds like a lawsuit waiting to happen (Score 1) 448

by malakai (#46102947) Attached to: Developer Loses Single-Letter Twitter Handle Through Extortion

Sadly a lot are doing this now. Even if you swipe, they will ask for the card, and then punch in the last 4.

  I stopped giving them the card and asked them what they needed, and they would still ask for the last 4. I got concerned when my wife's card was used within 40 mins of us buying something at a Best Buy at _another_ Best But location across town. We think the cashier called someone and gave them the digits. They had her security code as well. My wife had handed her card to the cashier at the cashiers request.

Pretty good memory for the cashier to remember the digits, expiration, and security code. That or it's a local security guy with access to the video cameras over the cashier. Or she had her phone sitting some where nearby and would wave the card over the camera for someone else to read.

Sadly, it's not really my problem. American Express needs to figure out how to handle these merchants and their employees. It's what I pay AMX for.

Comment: Re:Sounds like a lawsuit waiting to happen (Score 2) 448

by malakai (#46101165) Attached to: Developer Loses Single-Letter Twitter Handle Through Extortion

I routinely get service reps reading my last 4 digits of cards they have on file. This happen on Delta all the time. I have about 6 credit cards on file, and sometimes I need them to make sure specific tickets are on specific cards. I often have a conversation like "That's the one ending in 1011 right? No sir. Is it the 1099? No sir. Really? Which is it? It's the 1014 sir. Oh yeah, that one. ok."

Last 4 are not a secret. Best buy and lots of box retailers now actually ask you for it when you check out. You have to broadcast it in the air in front of everyone in line.

The issue here is GoDaddy. If GoDaddy doesn't have a 2 factor auth system option you should not be using them for DNS hosting.

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Working...