Forgot your password?
typodupeerror
Government

North Korea Opens .kp Sites On the Internet 175

Posted by timothy
from the best-place-for-them-really dept.
eldavojohn writes "What an auspicious day for the Democratic People's Republic of Korea! To commemorate the 65th anniversary of the founding of the ruling Workers' Party of Korea, North Korea will no longer depend on Chinese national internet service to reach the outside world — they have their own connection and are hosting sites like the state run media. The article mentions that about a thousand websites are coming online, including services like Skype and Twitter. From where I sit in the United States, I can't seem to get any .kp TLD sites to resolve, but the news is promising if in fact it will bring more information to the information-starved masses of North Korea."
The Internet

DC Internet Voting Trial Attacked 2 Different Ways 123

Posted by timothy
from the but-don't-worry dept.
mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!
Sci-Fi

Ridley Scott Returns to PKD 99

Posted by timothy
from the hard-to-get-right dept.
Krau Ming quotes from a report at Sneakpeek.ca "Ridley Scott's Scott Free Productions will produce a 4-hour TV adaptation of author Phlip K. Dick's The Man in the High Castle, based on a script by Howard Brenton. The original 1962 novel was a science fiction 'alternate history' that won a sci fi Hugo book award in 1963. Premise of the book, about daily life under totalitarian Fascist imperialism, occurs in 1962, fourteen years after the end of the Second World War in 1948. The victorious Axis Powers, Japan and Germany, conduct intrigues against each other in North America, specifically in the former US, which surrendered to them, after the Axis conquered Eurasia and destroyed the populaces of Africa." Adds Krau Ming: "Hopefully this will fall in the category of well-done PKD adaptations (though I'll leave it up to the slashdotters to determine which of the previous movies should be categorized as such)."
Advertising

Facebook Billionaire Gives Money To Legalize Marijuana 527

Posted by timothy
from the may-not-represent-the-views-of dept.
Aldenissin writes "Dustin Moskovitz confirmed that he has recently given (an additional) $50,000 in support of Proposition 19, which is seeking to legalize marijuana in California this November. He had previously donated $20,000 to supporters of the act, which would allow people 21 years old or older to possess, cultivate or transport cannabis for personal use and would permit local governments to regulate and tax commercial production and sale of the substance. Asked for a comment as to why he's backing the legalization of marijuana, Moskovitz just sent this statement: 'More than any other initiative out there, Prop 19 will stabilize our national security and bolster our state economy. It will alleviate unnecessary overcrowding of non-violent offenders in our state jails, which in turn will help California residents.' An irony here is that about a month ago, Facebook refused to take FireDogLake's 'Just Say Now' pro-cannabis law reform ads."

Comment: OpenWRT/DD-WRT devices all appear to be vulnerable (Score 5, Insightful) 272

by xmff (#27306705) Attached to: Botnet Worm Targets DSL Modems and Routers
How so? At least on OpenWrt, SSH and Webif aren't even exposed to the wan side without manually changing the iptables rules first.

I guess it's the same on DD-Wrt.

The devices that were targetted appear to have some serious flaws, here's a cite from an analysis of the malware:

"Several revisions of the NB5 modem shipped with a flaw which meant that the web configuration interface was visible from the WAN side, accepting connections and allowing users to administer the modem using the default username and password of 'admin' from outside the LAN. Furthermore, some of these modems suffered from another flaw, meaning that by default, authentication was not enabled for the web interface - meaning no username or password was required."

It really boils down to the usual find-weak-logins style of attacks, only the target platform has changed.

Comment: Re:Usability? (Score 1) 217

by xmff (#27030715) Attached to: Contest For a Better Open-WRT Wireless Router GUI
Or use a preconfigured, self-compiled OpenWrt image and do *zero* configuration after flashing.

Different projects, different audience, different goals.

Also how to automate stuff? What files do you refer to? Last time I checked, the internal DD-Wrt config was an endless sequence of "nvram set foo=bar" commands and there is *no* explaination on their meaning. Also it uses a readonly file system, so no way to easily add custom scripts or configs.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...