Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Kernel.org may not bother with clean wipe (Score 2) 183

Disturbingly they seem to have considered not wiping and reinstalling.

System is being verified from backups, signatures, etc. As of right
now things look correct, however we MAY take the system down soon to do
a full reinstall and for more invasive checking.

(emphasis added) John 'Warthog9' Hawley
Chief Kernel.org Administrator http://pastebin.com/BKcmMd47

It appears that the chief kernel.org system administrator is so naive about security that he doesn't even realize the absolute necessity of a full wipe and reinstall after compromise of such an important site. It also appears that there was no routine booting from read only media to check system files and startup scripts for changes. And no daily rootkit scan. If it was me, I would trash the motherboard for fear of BIOS or other firmware contamination. Exploits living on the firmware of network cards and other places have been demonstrated.

Comment Re:vodka (Score 1) 95

>voice rec dont work if you are drunk up on vodka

Voice recognition of lies doesn't work at all. So it seems these bankers have fallen prey to a kind of ATM ripoff before they even deployed these ATMs.

Submission + - ISPs Consider World IPv6 Day Giant DOS Attack (potaroo.net)

mindbuilder writes: Geoff Huston, chief scientist of APNIC, is saying that part of the reason for World IPv6 day is that internet content providers are worried that carriage providers are going to take advantage of the transition to widespread NAT to somehow control access to their customers and make content providers pay extra to carriage providers.

Carriage providers on the other hand see World IPv6 day as almost like a huge denial of service attack against their networks. Among other things they’re worried that they will be swamped by expensive tech support calls as customers can’t get to their favorite web sites. Some carriage providers are planning to block IPv6 traffic on World IPv6 day to protect their networks.

Meanwhile, the fact that many ISPs pay extra for equipment to put millions of internet users behind NAT and TAKE AWAY IPv4 addresses, even though they could get IPv4 addresses practically for free, makes it look to me unlikely that a lot of ISPs will pay extra to do the opposite and give out IPv6 addresses any time soon.

Encryption

Submission + - OpenSSL Timing Attack Steals Private Keys (threatpost.com)

Trailrunner7 writes: Remote timing attacks have been a problem for cryptosystems for more than 20 years. A new paper shows that such attacks are still practical and can be used to steal the private key of a TLS server running OpenSSL. The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL's implementation of the elliptic curve digital signature algorithm (ECDSA), and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server.
In an interview, Brumley says that the attack is just a symptom of other problems. "Perhaps the scariest part is that the piece of code introducing the vulnerability has been in the library since roughly 2005. This shows that identifying timing attack vulnerabilities is a daunting task. This isn't the first timing attack vulnerability discovered in OpenSSL, and I can guarantee it won't be the last."

Submission + - Proof IPv6 Will Never Take Over (ripe.net) 1

mindbuilder writes: Internet Service Providers can today get IPv4 addresses for all their customers practically for free (except recently in the APNIC region). Yet the ISPs still put hundreds of thousands of users behind NAT. They do this to spite the extra equipment costs of NAT. If they're willing to pay extra to NOT give customers IP addresses, Why would they want to pay extra to upgrade their systems and give away IPv6 addresses, any time soon?

Submission + - Will IPv6 never be adopted? (ripe.net)

mindbuilder writes: It is said there are ISPs with hundreds of thousands of users behind NAT. I used to assume this was because they had to pay a small but non-negligible fee for IPv4 addresses. But someone pointed out to me that you get all the addresses you want for a low yearly fee. The difference between the fee for small ISPs and the biggest ISPs is only about 3000 Euros. That seems negligible for a large ISP, even one in a poor country with fierce competition, especially when you factor in the cost of NAT equipment and management.

So the question is: If they can get IP addresses now for nearly free, why don’t they? If they don’t want the IP addresses, are they even going to care when IPv4 addresses run out? Is the incentive to give customers IPv6 addresses ever going to overcome whatever disincentive there is now to give customers IPv4 addresses? Will we have to wait multiple decades before they decide to enable IPv6?

Submission + - Asia Has Officially Run Out of IPv4 Addresses (apnic.net)

mindbuilder writes: The Asia Pacific and Australia region has officially run out of Internet protocol version 4 addresses today. Actually they have a few left but they've begun their "final eight policy", so addresses will only be dolled out in tiny quantities over the next several years. Even regions with addresses still available will be effected by this because making contact to computers in the APNIC region will get harder as more APNIC users have to start sharing addresses from behind NAT. If you or your family are in the market for a wireless router or other network gear, be sure to look for IPv6 compatibility.

Submission + - Asia runs out of internet addresses next month (potaroo.net)

mindbuilder writes: At the rate the Asia pacific region has been consuming IPv4 internet address this year, it is expected that they will run out before the end of April, and perhaps closer to the beginning of April. Even if your region will still have addresses available, the sharing of addresses using NAT that will be necessary in the APNIC region will cause communications problems for users in every other region trying to contact APNIC users. Therefore it would be best if users in every region start moving to IPv6 as soon as possible.

Comment Re:Wow... (Score 1) 569

>500 years from now, just think how out of touch the elderly will be!

People will learn to keep themselves updated better.

What is this strange thing that makes people want to deny the likelihood of curing aging within the next few decades? I saw a survey of doctors that reported that the doctors thought that the average life expectancy a hundred years from now would be only about a hundred years. That means those doctors thought aging wouldn't be cured for more than 200 years! What on earth possesses people to think that progress will be so slow?

Slashdot Top Deals

Your good nature will bring you unbounded happiness.

Working...