Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Comment Re:Root being UID zero was a mistake. (Score 1) 139

by BorelHendrake (#59308732) Attached to: Flaw In Sudo Enables Non-Privileged Users To Run Commands As Root
I remember working on a system and there was some problem which cropped up. We got the software engineer over to look at the problem. He goes back to his desk, checks the code for a while, comes back, load on a new version of code and things are working fine. We asked him what the problem was and his reply was something along the lines of "0 was returned from the subroutine and it turns out that the 0 index was a valid value in an enumeration. Never use 0 as a vaid value. "....

Comment Re:Prove it (Score 1) 148

by BorelHendrake (#58789522) Attached to: He Says He Invented Bitcoin and Is Suing Those Who Doubt Him
Clearly you have never heard of the alternative minimum tax (AMT)...

I personally know of several people who were taxed in the hundreds of thousands of dollars on just the value of the stocks alone. They had not sold any stocks, they had not realized a dime of income/profit. Almost ruined quite a few peoples lives...

Submission + - Researchers Find a Way to Disable Intel ME Component Courtesy of the NSA (bleepingcomputer.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs that many have called a secret backdoor, even if Intel advertised it as a "remote PC management" solution. People have been trying for years to find a way to disable the Intel ME component, but have failed all this time. This is because disabling Intel ME crashes computers, as Intel ME is responsible for the initialization, power management, and launch of the main Intel processor. Positive Technologies experts revealed they discovered a hidden bit inside the firmware code, which when flipped (set to "1") it will disable ME after ME has done its job and booted up the main processor. The bit is labelled "reserve_hap" and a nearby comment describes it as "High Assurance Platform (HAP) enable." High Assurance Platform (HAP) is an NSA program that describes a series of rules for running secure computing platforms. Researchers believe Intel has added the ME disabling bit at the behest of the NSA, who needed a method of disabling ME as a security measure for computers running in highly sensitive environments. Obligatory /. comment listing all of Intel's backdoor reports.

Submission + - Tomb, a successor to TrueCrypt for Linux geeks (well, dm-crypt, basically...) (dyne.org)

Submitted by jaromil
jaromil writes: Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.

Submission + - 18 Years On, Ultima Online Is Still Going (rockpapershotgun.com)

Submitted by Anonymous Coward
An anonymous reader writes: Ultima Online was released in September, 1997. It was the game that popularized graphical MMOs, and somehow, it's still running. Rock, Paper, Shotgun took a dive into the game to see how much it's changed, and who still plays it. As the community has shrunk, it's become increasingly tight-knit, and giving up the game now means giving up a social circle for many players. Even though newer MMOs have eclipsed the game's functionality, UO has a dedication to the full adventuring experience that later games haven't replicated. From the article: "While initially I couldn’t understand the appeal of Ultima, when I decided to shake off the limitations of an early level character and simply explore for myself, I found a game world with a lot to offer. Player created civilisations, unique monsters, and the sheer mystery of the world combine to keep this ancient MMO compelling. For all the ways in which the genre has improved, Ultima Online remains one of just a few MMOs that let you live an alternative life. That feeling of ownership ... combined with the diversity on offer, keeps players coming back day after day."

Submission + - Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines

Submitted by Anonymous Coward
An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found.

What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk.

Submission + - I Will Crack Your Password With Statistics (praetorian.com)

Submitted by pjauregui
pjauregui writes: The posts starts by asking the reader, 'Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure.' The author then describes his method for cracking passwords at scale, efficiently, stating that many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. His post is a discussion that demonstrates effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.

Submission + - US Navy researchers get drones to swarm on target (networkworld.com)

Submitted by coondoggie
coondoggie writes: The Office of Naval Research today said it had successfully demonstrated a system that lets small-unmanned aircraft swarm and act together over a particular target. The system, called Low-Cost UAV Swarming Technology (LOCUST) features a tube-based launcher that can send multiple drones into the air in rapid succession. The systems then use information sharing between the drones, allowing autonomous collaborative behavior in either defensive or offensive missions, the Navy said.

Comment Re:Dump SSL / Certificate-based Security (Score 1) 195

by BorelHendrake (#45290075) Attached to: Silent Circle, Lavabit Unite For 'Dark Mail' Encrypted Email Project

Perhaps I am missing something here...

PGP is a public key system. If you are going to be doing a mail system based on this, it seems to me that the receiving email client would check to see if the public key associated with the email address is on file. If not, request the public key from the email address. If the key is on file it could even check and verify that it is the same. If it is different, throw a warning.

I don't see that there is a need for central key distribution.

Slashdot Top Deals

A rock store eventually closed down; they were taking too much for granite.

Close