Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:scholarship? (Score 5, Insightful) 318

Seriously, paypal done fucked up once more.

They did a great job teaching this kid "I could sell it to paypal for zero dollars, or I can auction it on this underground forum starting at $5000"

The only thing the kid even asked paypal for was a written statement of the accomplishment to put on his resume, and they won't even send that!
Even Microsoft lists him as a security researcher for the updates they have pushed fixing bugs this kid has found and reported to them!

The worst part is, paypal has also just taught these facts to everyone else who happens to know of an exploit in their system, or ever finds one in the future.

Smart move paypal *golf clap* smart move

Comment Re:It's a trap? (Score 4, Insightful) 83

Hopefully it's not a password you have used anywhere else.

These people definitely have a copy of the old database, and thus salted password hashes.
Anyone logging in right now is also providing their clear-text password and confirmation if it is the correct password, as well as their IP.

Between the two facts that the government would have spent the time cracking the hashes without much concern over the cost, plus the banner ads that would complicate a sting type operation, it's looking less like a government honeypot.

Still, we know very little about these new admins.
We know the original admins are aware of this and do not approve, and we have been told (by the new admins) that they were given a backup of the database and website for safe keeping in case the original admins needed it to resurrect the site, which has not been disputed by the original admins.

Comment Re:Priority Failure. (Score 2) 338

But what if it's 20,000 customer's on an IP?

You're a lot closer than you realize.

IANA has recently reserved the IP block for use with carrier grade NAT.
An entire /10! to - just over 4 million IPs.

This block exists purely to interconnect two RFC1918 IP blocks which have a chance of conflicting.
If the ISP decided to use internally, then they wouldn't be able to connect any customers who's NAT router also used the IP space. Similar problems arise with the 256 blocks of 253 IPs within

There is a new class of network middleware gear designed to sit between the real Internet and the customers which links them all together using that block.
Each cable modem / DSL modem's WAN IP is within this private block, as is the new router gear designed for massive state tables. It also does some interesting tricks to keep DNS working.

The routers are designed to take a single /24 block of routable Internet addresses to share with all those natted WAN ports, which of course will turn right around and NAT your single private 100.64 IP with all your own devices on traditional RFC1918 IPs.

255 public Internet IP addresses shared with 4,194,302 private IP addresses, or 16,448 private IPs per single Internet IP.

For a guess of 20k, you are amazingly close! Far closer than 4-16

Comment Re:its funny (Score 1) 97

Almost every bill of this kinda that is excuse they give for needing it is to help prevent child porn. I mean Really? Is that the best they can come up with to push this kinda crap through?

It doesn't need to be the best they could claim, it just needs to be good enough to work. And unfortunately, it is.

No politician wants the possibility of others claiming you aren't against child porn, or worse to claim your vote assisted child porn.
You could very likely get a law passed allowing you to rape little children while video taping it, so long as you can spin anyone voting against you as not trying to prevent child porn.

Nothing shuts down the brains of most people like the terms "child porn" and "terrorist".

Comment Re:Hangin's too good for him (Score 1) 95

I certainly do know what I am talking about. As for being insulting, short of a complete and utter mistake on the part of spamhaus for incorrectly listing you (I'm not going to pretend any automated system is perfect), most would agree I said nothing that wasn't deserved.

Proper filtering would have prevented that unfortunate problem. It's not like I blamed you personally for the infection or made some stupid comment about windows or something.
Just having an infection reaching out to a C&C server isn't enough to get listed, the botnet has to be seen getting commands and/or controls from you in order to get listed.

I'm sorry you couldn't get yourself delisted quickly, but attacking spamhaus just makes you sound like the douche.
Neither the DDoS against them nor the infection on your network were their fault!

Regarding being listed, their spam and C&C lists are kept quite separate, and use different technologies as well - mail servers rarely if ever speak BGP to see if an IP is on the C&C-BL.

My mail server uses the CBL DNS list as one weighted metric to block incoming email from IPs listed for sending spam.
My edge routers use the C&C BGP list to null route IPs listed as hosting C&C servers.

To get listed for C&C activity, a trojan would need to be able to connect with you to something hosting a C&C server.

This either happens by having an infected webserver that trojans are connecting on to get commands from, or from being a supernode of a botnet P2P network.
These both result from lack of proper filtering, just allowing inbound connections instead of outbound to port 25

Other than the DDoS preventing you from telling them you got rid of the infected machine, everything still worked as intended.

You need to understand that attacking spamhaus only makes it sound like you either don't understand the reason they list IPs, or that you have some grudge against them because the rest of us choose to protect our networks against exactly this type of thing.

Comment Re:Hangin's too good for him (Score 3, Informative) 95

An infected machine in my network got our company on the XBL the morning the DDOS started.

Please stop being lazy and inconsiderate, add the two firewall rules to your router to stop attacking the internet.

Allow outbound dest port 25 from your mail servers IP.
DENY outbound dest port 25 (from everything else)

You wouldn't have that problem, that infection wouldn't be attacking all of our systems, and you wouldn't be making such stupid comments about a blacklist that rightfully listed you.

Comment Re:FPGA? (Score 2) 37

No problem!

Here is the PDF pieces of CARDIAC:

Additionally, you can purchase an original kit for $15 from:

I still have mine on a bookshelf at home. It was an amazing little kit to me when I was 15, and still no less impressive today.


Comment Re:Windows 7 (Score 2) 628

It's beyond ridiculous.
Back in Jan I tried installing an Office 2003 basic, and kept getting errors during online activation.
Couldn't ping Microsofts server, and a traceroute showed a router upstream was returning ICMP "network administratively down" messages.

Ok, so telephone activation it is. The first guy claimed ignorance and told me his computer was down so he couldn't look up a code, and to try again in a bit in case the server is over loaded.
Sure, OK. An hour later, same results.
This time the phone rep told me there was a retroactive change in policy for office 2003 that happened the first of this year, you are now only allowed one installation per key and zero reinstalls. Including for HD failures, as was the case here (our previous base system image didn't include office, as not every PC needed it)

So the fact it was installed to a HD that died once was one install too many. They refused to reactivate it and told me to purchase a newer Office 365 subscription (HA!)

Our ERP client won't even work with access 2007, let alone anything newer or a web based product you can't pass DDE messages into.

Honestly, if it wasn't for the fact this is at my place of work, I would have pirated it in an instant with zero remorse.

However in the past 5 years, we've gone from a 100% microsoft shop run by my predecessor, to what is currently about 75% windows / 25% linux, and with the exception of Outlook, I've gotten us down almost to 50/50% on MS office / LibreOffice.
Thankfully I have 250 Outlook 2007 licenses from the open license program, so they don't require activation.

When the entire front office and all the managers need to run reports out of ERP, at least until the vendor updates the crap to use a real reporting engine, we're a bit stuck.
The sad part is, it was only about 2-3 months ago they released a point-version that (barely) installs and runs on anything newer than XP! Access to .net screen conversion is still 9 months down the road!

Comment Re:Windows is not disappearing anytime soon (Score 2) 628

I'm in the same boat as you, and currently figuring out how to get our XP dependent ERP stack up to Win 7. Fortunately I have a similar setup, still not as nice as an apt package manager would be, but for Windows I'd never expected this level of automation.

However with the whole BYoD crap I, and I'm sure you too, get pestered about all the time, I thought I'd share what made my life easier dealing with iPhones and iPads.
To be honest, I haven't seen this level of configuration since blackberry.

(PS, if you or anyone knows of anything like this for Android, I would love to hear about it. That is the last system that is a thorn in my side to support)

Contrast that to when we get a new iPad in. No PXE booting, no easy configuration through the network. No management tools that are worth a tin shit. I have to physically enter all that information in. Can't even swap in a replicated hard drive since it can't be taken apart. Loading from a USB stick? Hahah... No we have to go through the "cloud" for everything.

Check out the Apple iPhone Configuration Utility - About or Windows download page
and any one of the many MDM (mobile device manager) servers for the backend.

You create various "profiles", which are signed and/or encrypted XML files with a .mobileconfig extension.
Think Active Directories Group Policy for iOS.

I've made quite a few of these configs and have them posted on a sub-website on the Intranet, as well as keep handy to forward as email attachments.
On iOS if you click one in a browser or as an attachment, it will display what parts of the system it will change, and if it can be removed, requires a password, or can't be removed (except via factory reset - think company owned devices)
You just click accept, and if you only use required values the entire setup is done. Alternately you can mark some things as user provided (like domain username, and AD password) and you're prompted for those in one screen after confirming to install it.

I have one with our Exchange servers settings (which I admit is so simple to setup this one isn't really needed), two different ones for each VPN endpoint server, one that contains our wireless "guest" network settings as well as how to handle channel hopping and roaming between APs keeping sessions alive over wpa2-enterprise, all of our Sharepoint shared resources that can be linked in, as well as our public contact book.

These are available (in my case, user removable) for any employee to use to better utilize our resources without me having to setup anything.

Further, and at this point I'm probably starting to sound like an ad or something, still..

If we actually had company owned iOS devices, you can go as far as restricting any/all settings apps and extensions, pre-install your own apps, only allow apps on a whitelist to install, or even to not be able to install apps at all.
It can redirect all iCloud services to internal services, or simply disallow them.
iOS can link into active directory (via LDAP), and CalDav / CardDav, and have your x500 certificates installed

You can even do things currently only cellular carriers are privlidged to do, such as put apps or web shortcuts on springboard and not allow them to be removed or even repositioned.
It even lets you reconfigure the cellular radio settings, changing the APN, GRPS, and a proxy that all data communications passes through.

You can reconfigure and push out settings updates over the air as well. About the only thing I don't think you can do is push app installs over the cell network, you have to wait until they are back on the wifi for that.

While I personally have been fortunately enough to never had to touch the blackberry enterprise server, Apple seriously went out of their way to rival BES in what you can do using these policies.

Unfortunately some of the larger MDM servers that handle all three (iOS, BB, Android) are quite overpriced and heavily licensed. Typical enterprise gouging. But at least here you aren't required to even use a MDM server.
You don't need to install anything on the network either, nor have to deal with BES sinking its claws into your exchange server and AD.

The config tool is just a little client app you can run anywhere to generate these mobile config files, which you can then publish where ever is convenient. Though with the signing keys it generates on first use, you'll either need to copy that around or keep the app on your workstation.

Comment Re:Windows 7 (Score 1) 628

Incidentally, I confirmed last weekend that Office 2000 works on Windows 8. I'm good.

That you very much for that. I actually had scheduled testing Office 2000 on Windows 7 this week at work, which is at least now one less thing to worry about working around.
(Old crusty ERP systems, massive dependencies on all sorts of MS products, and frightening hard coded bits n bobs - makes for a slow migration off XP :/ )

The best part of Office 2000 is you don't need to activate it, which means you CAN still use it.
Unlike Office 2003 and 2007, for which Microsoft has shut down the online activation server for, and refuses to reactivate 2003 via phone anymore.
As if our 150 Office 2003 licenses screamed out in terror all at once and then were null routed.

Comment Re:Interesting coincidence? or purchase tracking? (Score 1) 350

I suppose I was unclear too.

You are correct there is no such thing as a permit to jam, and that they can't actively jam.
But to the issue of if they want to block it, there are other means to do so and those means are fine.

I mean to point out that the desire to block the radio signal isn't the problem and can even be done the right way. It was specifically the active transmitting that was the problem.

Which really is the best way.

With how people treat property, I can see some people desiring to prevent particular RF upon it. And as long as they don't affect or interfere with anyone else at all (intentionally or otherwise) I don't really see any moral issue with letting them do so.

Of course active jammers simply blast out RF at high wattage, typically bleeding over into other frequencies. There's just few realistic ways to use one and NOT affect someone else.
Those few exceptions are the only reason the devices shouldn't be out right illegal to buy.

As with all good things in life, it's how you use it that counts.

Slashdot Top Deals