Forgot your password?
typodupeerror

Comment: Re:Downsides (Score 1) 301

by thoriumbr (#47410863) Attached to: Wireless Contraception

EMP pulse? What dystopian Matrix-like world do you live in?

No, it's not paranoia. It would be accidental, not some nasty action from any government. EMP can arise from some special situations.

Several years (decades) ago, a design error on a computer power source created an EMP every time you turned it on. If you left any storage media around, it would corrupt data.

Where I live, there are some devices used to demagnetize smart tags on supermarkets, they create a small EMP too, and could cause problems to the chip.

Comment: Downsides (Score 1) 301

by thoriumbr (#47409427) Attached to: Wireless Contraception
I have read the same news from another source, and was discussing it with my coworkers. I can see at least four downsides:
1 - We still have to transpose a barrier on implanted chips. People don't like this idea.
2 - It can and will be interfered with, and make women pregnant when they don't want to. Even they trying to make the chip hard to interfere with, everybody working with tech knows that is not always possible. And a small chip on the hands of thousands of people will be a valuable target.
3 - It can malfunction. Like the above, things go wrong, and a recently implanted chip going crazy and releasing all its hormones on the body of a midterm pregnant woman will be nasty. It is made to not be removed even in the event of a pregnancy, so it's possible to happen.
4 - It can be damaged by an EMP pulse. If it's implanted on the arm, the body will get in contact with a lot of sources of electromagnetic radiation, like microwave ovens, cell phones and other transmitters, car ignition systems, and so on. Those sources can interfere with the chip.

Comment: Re:What OS does this targeted banking fraud run on (Score 1) 35

by thoriumbr (#47324845) Attached to: Banking Fraud Campaign Steals 500k Euros In a Week
Ok, let's elaborate...

Usually, the C&C server is a rented virtual server, hosted on a "cloud provider" with little regard to identity verification. Those servers are always paid for with money from an untraceable source (like Webmoney or Western Union). This makes very difficult to track identities from the server to the money, and from the money to the owners of it.
VPS providers running Linux are plenty out there. And a remote Linux server is easier to manage than a remote Windows server [citation needed]. Deploying the C&C server infrastructure on Linux, using stolen SSH passwords with bots is way easier than do the same using rdesktop to deploy the infrastructure on hacked Windows servers.
So, probably the server is a virtual Linux server sitting on a datacenter, and the owners of the datacenter may not be aware of the fact that they host a C&C Server.

On the client side, they are surely running Windows. Compromising a Windows user is easier than a Linux user. Linux users generally does not run SSH, Apache, MySQL et al. Linux servers do. On the other side, there's a massive amount of pirated versions of Windows XP vulnerable to a wide range of local and remote exploits. Sending a threatening email with a link is a very easy way to get a user hit a site hosting an exploit pack and get infected. From there, the computer is owned and the user is owned as well.

It can be a directed phishing. If someone had access to the bank's client list, they can send a very convincing email with real data, and get a lot of customers infected. If they send a generic email to a lot of unrelated people, someone will notice and probably inform the bank of the attack.

Comment: Re:software (Score 5, Informative) 169

by thoriumbr (#46683029) Attached to: Fifty Years Ago IBM 'Bet the Company' On the 360 Series Mainframe
Looks like you know nothing about mainframes and "aged technology". I work with mainframes. zVM, DASD, DirMAINT, RACF and other buzzwords are in my resume, along with Linux, Java, PHP, XML, jQuery, MariaDB, HTM5, Eclipse and others.
Mainframes are not aged technology. They are perceived as such by small companies and people. Big companies with big bucks know a lot about mainframes. They know mainframes are the most reliable hardware platform on the market today, and I guess it will continue as so for a couple of years, because mainframes were made from the start to be reliable. Other platforms got they reliability implanted on them. Mainframes were designed reliable and resilient.
Mainframes today runs Linux too, not only the "aged mainframe operational systems." And here we have mainframes running hundreds of Linuxes with jBoss. They are about to be orchestrated by OpenStack, so managing all this "aged technology" will be done in brand new Android and iOS tablets.

Job prospects in my area, at least for the next decade, are very good. Half the openings in my area are still open, paying for a intermediate zVM administrator almost twice what a senior Java programmer or MCSE will receive. And there's no people applying!
But if the mainframe job market have a problem, is lack of people. Mainframes are not user friendly, and youngsters are not likely to devote two or three years learning something from the grannies, on a very harsh learning environment, with a step learning curve, when all their peers are talking about creating a new app and selling to Google for a gazillion dollars.
Peer pressure is a greater force than job prospects. I faced this pressure when I talked to my peers that I was learning mainframe and everybody laughed at me. Now I earn 3 times what they do, and I am training some of them to work with me.

Comment: Re:well... (Score 2) 169

by thoriumbr (#45889217) Attached to: Twister: The Fully Decentralized P2P Microblogging Platform

Not only that, it says "can be compiled for Linux, Mac, and Android". What about Windows?

The front-end is HTML5/Javascript. The daemon is written in C++, using a few open source libraries. It would only require a good C++ developer to port it to Windows.

And the entire protocol is opensource, the core technologies are opensource, so anyone with a good knowledge in C++ and any other language can port it to anything...

+ - Google: Android Malware Infections Literally One-In-A-Million->

Submitted by chicksdaddy
chicksdaddy (814965) writes "Google has been increasingly vocal in calling "bulls**t" on attempts by security software firms to paint its Android mobile operating system as 'the next Windows" and a malware-ridden mess. Now the company says it has the numbers to prove it.

Speaking at the Virus Bulletin Conference in Berlin last week, Android team member Adrian Ludwig told an audience of antivirus experts and industry-folk that reports about Android malware (many of them propagated by AV firms) were overblown and obscured the real story: Android’s success at blocking actual infections. Citing Google data (https://docs.google.com/presentation/d/1YDYUrD22Xq12nKkhBfwoJBfw2Q-OReMr0BrDfHyfyPw/pub?start=false&loop=false&delayms=3000), Ludwig told the assembled that new security features, such as the Bouncer app testing service and Verify Apps technology make actual infections of Android devices a one-in-a-million occurrence, the Security Ledger reports.

Data collected by the Verify Apps service, which logs events involving a hazardous applications, found that only 1,200 of 1.5 billion application install attempts were incidents in which “potentially harmful applications” ended up being installed on an Android device, Ludwig said.

This is just the latest effort by Ludwig to throw cold water on feverish reports about skyrocketing Android malware. (http://www.eweek.com/security/mobile-malware-threat-growth-hits-record-in-q2-mcafee) In June, Ludwig told an audience at an FTC-sponsored event in Washington D.C. that reports of widespread infections due to the recently discovered "BadNews" malware were simply not true.“We’ve observed the app(lication) and we’ve reviewed all the logs we have access to,” he said. “We haven’t seen a single instance of abusive SMS applications being downloaded as a result of BadNews,” Ludwig said at the time. (https://securityledger.com/2013/06/google-badnews-malware-not-so-bad-after-all/)"

Link to Original Source

Comment: Re:Max 5min on calls (Score 2) 110

by thoriumbr (#44719643) Attached to: Mexican Village Creates Its Own Mobile Phone Service
They have a small, experimental tower, and users can saturate it quickly. Limiting each call to 5 minutes means that even on a saturated situation, everybody can use the system. You get dropped and enter the queue, and you can be sure that you can get access again later. If there's no such rule, some users could talk 4 hours straight and deny access to every other user. Here in Brazil we have dropped calls every few minutes and almost everybody accepts this as normal, so I guess the Mexican folks can handle that fine.

Comment: Re:Sorry (Score 4, Interesting) 161

by thoriumbr (#44215681) Attached to: Security Researchers Submit Brief For Andrew "Weev" Auernheimer
Let's pretend you have a million bucks on some bank (do you have, don't you?). The bank says it will protect your money with their lives, and everything is secure. Someday you hear that one researcher (or troll, or terrorist) went to the parking next to the bank, started a sniffer, and discovered that your bank uses unencrypted WIFI networks, so he added a private IP address to its network card and could access all bank servers and read data from any account.
Who would you blame? The bank or the guy?

I still think that Weev is not a saint, but AT&T is to be blamed here. AT&T had to get a hefty fine for gross negligence, putting hundreds of thousands of customers in danger. Weev must be fined too, but serving 41 months of jail time is too much, IMHO.

Comment: Re:LOL (Score 4, Interesting) 161

by thoriumbr (#44215557) Attached to: Security Researchers Submit Brief For Andrew "Weev" Auernheimer
No, Weev is not an independent security researcher, he is a troll. BUT he used the same tools the researchers uses. It's like passing a law outlawing the use of lockpicks. Surely all thieves would be affected, but it would affect locksmiths too.
If Weev loses the appeal, the traffic on full-disclosure mailing list will drop a lot. If I discover a bug on Paypal website that allows anyone to access a third party's account, and I inform Paypal, I would be guilty.
Even Weev being a troll and thinking on making profits over the AT&T mistake, the problem is shifting the blame for exposing the innocent victims from AT&T to Weev. The way this is going, looks like AT&T did everything right, responsible, blameless, and a evil hacker with super-human powers hacked their NSA-grade secured servers and stole the data, when what really happened was that AT&T didn't even bothered to protect the data in any way.

+ - How 'private' is TOR, really? ('hidden network', indeed!)->

Submitted by garyebickford
garyebickford (222422) writes "I have a suspicion that TOR is nowhere near as private as is generally assumed. We can assume that some fraction of all the nodes out there are run by what I'll term 'spies' — entities who want to know things about whoever's using TOR. The question is, what fraction is sufficient to be able to reconstruct missing pieces, and figure out with a high degree of reliabillity what the 'real' source and destination are, assuming those 'spy' nodes can all talk to each other? There is some good math for doing such reconstructions of networks where most of the nodes are unknown. I suspect that the necessary fraction is somewhere near 10%. It's quite possible that your friendly neighborhood 3-letter spook shop knows a lot more about what's going through the TOR network than any of us, the great unwashed, realizes. So, how much of the TOR network needs to be 'cooperating' to significantly compromise privacy?"
Link to Original Source

news: gotcha

Working...