Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - It will soon be exactly one and a half billion seconds since 1970

Submitted by alanw
alanw writes: $ TZ=UTC date -d @1500000000
Fri 14 Jul 02:40:00 UTC 2017

The UNIX epoch started at zero hundred hours on the 1st of January 1970. It will soon be one and a half billion seconds since then, although the above time doesn't take into account those leap seconds which have occurred.

Right now the seconds count is
$ TZ=UTC date +%s
1499877900

Submission + - Comodo OCR fail: researchers hack TLS certificate

Submitted by alanw
alanw writes: The original e-mail should have been archived on Google Groups, but
all that is there is this reply:

https://groups.google.com/foru...

There's a news report in German here:
http://www.heise.de/newsticker...

tl;dr:
Two researchers: Florian Heinz and Martin Kluge discovered that the
WHOIS server for some top level domains will only provide the contact
e-mail address as an image.

Comodo was using OCR to extract the e-mail address so it could send a
verification e-mail to the domain. Their OCR was faulty, and the
researchers tricked it into sending the e-mail to a different domain.

Comodo has made very negative comments about these domain registrars.

Comment Might be related to the British Gas leak (Score 2) 9

by alanw (#50843475) Attached to: Vodafone Attack Hits Nearly 2000 Customer Accounts

http://www.bbc.co.uk/news/tech...

About the same number of accounts, a couple of thousand against the millions that Vodafone and British Gas must have. BG say it wasn't their systems that were breached. Sounds as if there's another database that's leaked, and some people who have re-used passwords across multiple accounts are having their credentials tried out across multiple sites.

Comment Over-hyped. (Score 4, Informative) 118

by alanw (#48629137) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

From the oss-sec mailing list:

http://www.openwall.com/lists/...
This is not a vulnerability, this is expected behaviour.

http://www.openwall.com/lists/...

This paragraph suggests so many things which are simply wrong, confused,
or irrelevant that i don't know what to make of the rest of the article.

  * modern debian GNU/Linux systems do not have a wheel group at all. No
particular versions or flavors of "Linux system"

  * on systems where members of group wheel really do have unrestricted
access to the su command, having wheel in the first place *is* the
vulnerability -- it is a misconfiguration to expect an account to be
non-privileged if it is a member of wheel.

  * the last sentence appears to be about setuid/setgid binaries, but
makes no mention that the overwhelming majority of binaries are not
setuid/setgid.

Later on, the post suggests that wheel group membership is related to
sudo privileges.

It also seems to assume that polkit always permits access for members of
group wheel. I can find no such configuration on a modern debian system.

I don't think there's anything significant in this ambiguous,
underspecified, and confused report.

http://www.openwall.com/lists/...

Yeah I looked into this (the article/etc was completely confusing and
took some time to parse):

1) the article states they contacted red hat, we were unable to find
any inbound email or bugzilla entry pertaining to this issue, as always
if you have an issue you wish to report please contact secalert@...hat.com

2) this is expected behaviour, admin users can install software (do I
have to say this? really? yes. I was told I should say this).

3) don't run web apps as admin users (do I have to say this? really?
yes. I was told I should say this).

4) if you feel the need to run a web app as an admin user restrict what
they can do via SELinux, and don't let them install software (do I have
to say this? really? yes. I was told I should say this).

So TL;DR: it's not a security vulnerability, and it will NOT be getting
a CVE.

I can only assume this article/vuln is perhaps referring to something
like Cpanel and other control panels that people sometimes install
insecurely/improperly and then never update. Or something. Who knows.

Comment Re:Mod parent up. (Score 1) 191

by alanw (#48089975) Attached to: Belkin Router Owners Suffering Massive Outages

Yeah! Who the fuck thought that was a good idea?

The same clueless marketroid that thought that inserting adverts into http traffic was a good idea?

http://www.theregister.co.uk/2...
> The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router
> The router would grab a random HTTP connection every eight hours and redirect it to Belkin’s (push) advertised web page.

Comment When I was a lad (Score 1) 230

by alanw (#46881317) Attached to: One-a-Day-Compiles: Good Enough For Government Work In 1983

School, circa 1974. Sending off your sheets and hoping that the keypunch operators didn't get 0's and O's confused. O's were slashed, or perhaps it was the other way round. Getting your job back on music ruled paper the next week

University. There were teletypes that you could use to get access to the ICL mainframe, but for exams you had to use punched cards, and only got 3 goes to compile and run your program. There were always queues for the big punch machines, so if you just needed one card doing, you could use a hand punch.

There's a good page with a photo of one here: http://www.staff.ncl.ac.uk/rog...

By my first job in 1979, we had VT52's and then VT100's, as well as a LA120 for the console.

Slashdot Top Deals

The next person to mention spaghetti stacks to me is going to have his head knocked off. -- Bill Conrad

Close