Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:If you can touch it, you can own it (Score 1) 89

Which is of course not true if "own it" means "access data encrypted with a strong key and a non-trivial-to-brute-force password".

Not true. The kernel and initramfs itself need to be stored in cleartext (or else, how would the machine boot?). So, the exploiter would proceed as follows:
1. Use the vulnerability to get a root shell
2. Doctor a couple of scripts to log encryption password, or to inject a script into the root once encryption password has been entered.
3. Use cpio and bzip to build a new initramfs from the image in memory
4. Write that image to the appropriate part of the (cleartext) boot partition.
5. Log off, go away, and wait for a legitimate admin to log in, triggering the booby trap.

Comment Re:Known this for some time: with proof. (Score 1) 115

Blocking that /12 will unfortunately block hundreds of thousands of "perfectly legitimate" sites... essentially anyone deigning to use AWS. Kontera just happens to be one of the users.

Well, it's not as if this was any surprise. The WOT issue has been in the news for several days already, and apparently Amazon has not "deigned" to to do anything about it yet. Indeed both still reverse resolve to kontera.com... or did Amazon actually kick Kontera, but just forgot to update their name server?

When choosing a cloud provider, smart users also consider the provider's reactivity, and his willingness to protect his legitimate customers' reputation and Amazon indeed seems to be lacking in this area...

Comment Re:Known this for some time: with proof. (Score 1) 115

Just out of curiosity, I checked the web server logs for this user agent on 3 servers that I administer, and indeed I found a number of accesses using this user agent on all 3 of them (but in our case unfortunately none that are obviously not public knowledge). The most frequent IP (91 accesses) using this user agent was 52.71.155.178 and this is indeed nat-service.aws.kontera.com. This was followed ex aequo by 54.209.60.63 (also nat.aws.kontera.com) and 99.63.100.174 (99-63-100-174.lightspeed.bcvloh.sbcglobal.net)

All accesses were suspicious, as they are obvious bots (it only accesses isolated URLs, but never any pictures nor other dependent content such as CSS), yet they masquerade as a interactive user agent (Mozilla on Macintosh).

I promptly lodged a complaint at abuse@amazonaws.com.

I recommend other webmasters do the same (i.e. check your logs, and if you find any similar occurrences, complain loudly to Amazon)

Whois tells that the IP range is 52.64.0.0/12, in case anybody wants to firewall this.

Comment Re:Issue with batteries or with phone design? (Score 1) 110

Batteries have a higher energy density than explosives.

So does pizza.

... and the funny this is that according to Wikipedia it's actually true about pizza, but not about explosives...

Lithium batteries are just behind explosives (TNT, Gunpowder), but far behind foodstuffs (Carbohydrates, Protein, Fat). Look it up!

Comment Re: tl;dr (Score 1) 209

Except that the email likely contains a cut-and-paste that may solve your problem

... or a cut and paste that answers a situation that is similar to yours, but not identical, and so doesn't help you at all, and might even mislead.

or at least a helpful web link

... if such existed, you'd probably already have found it by googling. So chances are, that the web link might be just as misleading. ... or they might not actually respond to your mail in the first place.

Comment Re:I'm sure this will be just great. (Score 1) 337

The witnesses are credible. They give specific, verifiable details that others have confirmed.

If these stories were true, these same specific, verifiable details would also allow Appelbaum to find out which of his witnesses were singing. Completely defeating the goal of anonymity and professional backlash from the hands of Appelbaum.

So, that makes me think that their stated reason for wanting to stay anonymous is bullshit. And that maybe other "details" are bullshit too.

Slashdot Top Deals

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Working...