tanawts - Slashdot User

+ - The state of information security today-> 0

Submitted by tanawts on Sunday April 07, 2013 @10:43PM

tanawts writes "Capturing a recent topic posed during a panel at CERIAS Symposium, Gene Spafford breaks down the problems of the industries current response to computer security today.

The article touches on recent government involvement, pwn2own style competitions, and the vicious cycle of IT professionals being pulled into incident after incident without being allotted the time and priority to correct the systemic problems that cause these security fiascos.

"There's another barn on fire! Quick, get a bucket brigade going — we need to put the fire out before everything burns. Again. It is getting so tiring watching all our stuff burn while we're trying to run a farm here. Too bad we can only afford the barns constructed of fatwood. But no time to think of that — a barn's burning again! 3rd time this week!""
Link to Original Source

+ - Crisis averted in BIOS source code leak-> 0

Submitted by mask.of.sanity on Sunday April 07, 2013 @08:41PM

mask.of.sanity writes "The world's largest BIOS vendor has attempted to calm rising panic over the leak of the cryptographic signing keys and source code for its UEFI BIOS
A Taiwanese vendor had left a file transfer protocol server open for anyone to browse and download internal emails and the source code for the vendor's UEFI BIOS and cryptographic signing keys.
The company, American MegaTrends, said the security keys on the ftp server were not used for production systems."
Link to Original Source

Comment: Re: Improve infrastructure, don't inact laws to p (Score 1) 80

by tanawts on Saturday April 06, 2013 @03:18PM (#43380223) Attached to: Why Laws Won't Save Banks From DDoS Attacks

To put it another way. The wolf does not adhere to the laws of the little pigs. If your tired of him blowing your house down, you need to stop thinking about patching holes in your straw house. Reenforcing reeds isn't a scalable solution. You need to start building the houses with bricks.

Comment: Re: Improve infrastructure, don't inact laws to pr (Score 1) 80

by tanawts on Saturday April 06, 2013 @03:08PM (#43380175) Attached to: Why Laws Won't Save Banks From DDoS Attacks

I'm not sure that we have a choice. "Because its hard" is probably not going to be a sufficient excuse with respect to the critical mass we are heading toward. If everything that the world has invested in standing on top of the Internet is so important, than all that important stuff is going to need to experience the growing pain of adapting to new redesigned transit protocols. The alternative seems to be a sheer cliff.

Comment: Improve infrastructure, don't inact laws to prolif (Score 2) 80

by tanawts on Saturday April 06, 2013 @01:22AM (#43376411) Attached to: Why Laws Won't Save Banks From DDoS Attacks

Given that a lot of these problems stem from inherent design flaws with our current Internet protocols, perhaps we ought to start improving upon the 20 and 30 year old protocols we've been relying on. Fundamental scale and design flaws will continue to empower bad people to do bad things so long as it continues to be nearly effortless. BGP, DNS, IPv4... You can only build on a foundation for so long before its age and brittleness beings to cause serious problems.

+ - Craigslist is down!-> 0

Submitted by junk on Saturday March 30, 2013 @06:19PM

junk writes "The sky is falling! Craigslist is offline!"
Link to Original Source

Comment: Re:Texas wasn't attacked on 9/11 (Score 2) 277

by junk on Thursday March 07, 2013 @02:41PM (#43107149) Attached to: Texas Bills Would Bar Warrantless Snooping On Phone Location

Are you kidding? While I think this has little to do with the discussion, your statement is completely idiotic. The United States was attacked on 9/11. Texas is a small (albeit larger than most) part of the whole. We all got hit.

Comment: Re:Should be Obvious (Score 1) 277

by junk on Thursday March 07, 2013 @02:39PM (#43107135) Attached to: Texas Bills Would Bar Warrantless Snooping On Phone Location

+1

Comment: Sabu vs APT1 (Score 1) 116

by tanawts on Sunday February 24, 2013 @11:39AM (#42995385) Attached to: Hector Xavier Monsegur, Aka Sabu, Dodges Sentencing Again

Really...? You have real threats out there like APT1, and the most useful thing you can think to do is threaten 124 years of prison to try and shake out folks who are doxing, and ddosing??? US Gov: You're doing it wrong.

Comment: Re:Only Paypal or Amazon (Score 1) 58

by junk on Monday December 24, 2012 @05:47PM (#42383997) Attached to: Internet Archive Needs Donations, Has Matching Donor

Correction: I'm mailing a check. Pain in the ass but at least I'm reducing the number of untrusted hands involved in my transaction.

Comment: Re:Only Paypal or Amazon (Score 1) 58

by junk on Monday December 24, 2012 @05:43PM (#42383989) Attached to: Internet Archive Needs Donations, Has Matching Donor

I went to donate and saw that. I'm actually very unhappy about it but I won't be able to donate because they only accept payment via systems I don't trust. If there a direct payment option, I'd have opened my wallet immediately but I refuse to do business with PayPal and just don't trust Amazon. Call me paranoid but it is what it is.

Comment: thanks for the info (Score 2) 58

by junk on Monday December 24, 2012 @04:05PM (#42383391) Attached to: Internet Archive Needs Donations, Has Matching Donor

Many things on /. are worthy of debate and lead to much trolling. This isn't. This is a Good Thing. I'm throwing in a couple bucks and anyone old enough to remember what a phone call and how pagers work should too.

Comment: Re:Defective Microsoft (Score 5, Insightful) 65

by junk on Wednesday November 14, 2012 @11:04AM (#41980219) Attached to: Skype Disables Password Resets After Huge Security Hole Discovered

I almost feel sorry for them discovering this just after they discontinued Microsoft Messenger and moved people on to Skype. To be fair I expect this hole existed when they brought Skype.

I’m not so sure about that, y’know. It would likely have been discovered by now.

I expect it’s a side effect of the migration of MSN users to Skype as it likely requires changes to both Skype and its backend.

It's not new. I have an email address that people assume doesn't exist and rt they sign up for things all the time. About two years ago, I received a password reset mail from Skype. When I went to reset it (as I do with every random account people sign up for with my email), they gave me the option to reset about a half dozen accounts. I now maintain a list of burner Skype accounts that had previously used my address.

Fun fact: you are limited to 4 successful resets, per email address, per day.

Comment: With great power, comes great responsibility (Score 1) 823

by tanawts on Thursday October 25, 2012 @12:28PM (#41766423) Attached to: Ask Slashdot: Rectifying Nerd Arrogance?

Always remember that.

Comment: What was your favorite/most elaborate prank? (Score 2) 612

by tanawts on Monday October 01, 2012 @02:18PM (#41516053) Attached to: Ask Steve Wozniak Anything

You have a long history of being a trickster. I am curious which you are most proud of/which was your favorite.