Beave - Slashdot User

Submission + - Hardware Security Key Shootout! (k9.io)

Submitted by Beave on Wednesday March 12, 2025 @06:42PM

Beave writes: The standard hardware security key in the tech space is typically a YubiKey. While I’m sure we all appreciate YubiKeys, there are many other key manufacturers out there. Each manufacturer and key has different capabilities, and are not all equal. This article will explore the various hardware security keys that can be used to store Passkeys and SSH keys. We will focus on usability, operating system compatibility, and costs. This article will likely help, whether you're looking for a personal key for projects or seeking to implement a passwordless solution at work.

Submission + - Thwarting the Black Basta ransomware gang

Submitted by Beave on Wednesday January 25, 2023 @11:20PM

Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as “Black Basta” in an attempted “double extortion” scheme. Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Data exfiltrated from a victims network is used as part one of the gangs “double extortion” scheme. Once a victim's data is fully exfiltrated, the gang then encrypts workstations and servers. This is part two of the “double extortion”. Once these tasks are completed, Black Basta demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn’t make it that far. Instead, the security researchers used the opportunity to better understand Black Basta’s "backend servers", tools, and methods.

It ends up Black Basta will sometimes use a victims network to log into their own servers, which leads to interesting opportunities to observe the gang's operations.

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta’s “backend” servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.

Comment Re: Sorry Sir.... (Score 1) 139

by Beave on Tuesday January 28, 2020 @09:05PM (#59666306) Attached to: US Colleges Are Trying To Install Location Tracking Apps On Students' Phones

What if my phone battery dies. I don't get credit for being in class ?

Comment Re: The sky won't fall, we will (Score 3, Insightful) 139

by Beave on Tuesday January 28, 2020 @09:02PM (#59666296) Attached to: US Colleges Are Trying To Install Location Tracking Apps On Students' Phones

Funny. When Obama had a stock run, which is still more than Trump I might add, it was "the president can't and shouldn't take credit for that". Now it's the only thing Trump has. Unemployment is at a all time low. That is great. However, wages have been stagnant to you need 3 jobs to make ends me. Care to own that as well?

Comment Re: What if (Score 1) 127

by Beave on Wednesday January 22, 2020 @08:13PM (#59645914) Attached to: Tesla Surges Past $100 Billion Market Value, Usurping VW

It's takes about the equivalent of 2 gallons of gas (think energy) to drive a Tesla about 300 miles. This is insanely more "clean" than fuel. Also.. how exactly do you think fuel makes it to gas stations? Do you think gas is just pumped straight out of the ground? No, it has to be refined and shipped. These also factor into the energy costs. The "power from coal" is often cited by anti electric car people without taking into account these things.

New LLVM Debugger Subproject Already Faster Than GDB 174

Posted by timothy on Thursday June 10, 2010 @03:38PM from the pop-will-eat-itself dept.

kthreadd writes "The LLVM project is now working on a debugger called LLDB that's already faster than GDB and could be a possible alternative in the future for C, C++, and Objective-C developers. With the ongoing success of Clang and other LLVM subprojects, are the days of GNU as the mainstream free and open development toolchain passé?" LLVM stands for Low Level Virtual Machine; Wikipedia as usual has a good explanation of the parent project.

Comment Old news... (Score 1) 139

by Beave on Wednesday April 21, 2010 @01:39PM (#31926746) Attached to: Legal Spying Via the Cell Phone System

I'll be interested to read the details, but 2 out of the 3 things have been known for quite some time. The 'caller ID' spoofing trick has been known for _years_. The concept they are touting is known as "back spoofing". I've had friends doing this for a long time. However - there's one problem. No call cell phone associate caller ID with a phone. Yes, back spoofing works great - with _land lines_, but it's always that accurate with cell phones. So, "finding" the cell number that way isn't very reliable. If I have a boost mobile number, bought in cash, under a fake name you'll be out of luck. That is, the caller ID name (CNAM) won't be associated with it in the first place _and_ I gave all fake information to begin with. About the voice mail. Not a big deal. This was reported 6 or more years ago. The idea is that you spoof your targets number with their cell number. The Telco side "sees" this as a call from the cell and drops you into their voicemail system. Some telco's have fixed this, other haven't. It's been a known flaw for years and years. You don't use CID for authentication exactly for this reason. If possible, PIN protect your voicemail will stop these types of attacks (if possible). Anyways, the article is interesting, but several factors must fall into place or this attack won't work.

Slashdot Top Deals