Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Hipchat does this with every file transferred (Score 5, Interesting) 29

Using the Atlassian chat client, HipChat, if a user transmits a file to another user, the file is stored on Amazon S3, just like it sounds as Box is doing, and is accessible by an obfuscated URL. The files are then available via any unauthenticated GET requests that can stumble upon the URL string via brute force.

A clever attacker doesn't even need to use her own resources in the brute force attack. A website can be constructed with millions of links pointing at candidate URLs and eventually Google and other indexers will spider them and the ones that don't turn up 404 errors will be added to the web index.

Comment Re:protecting capabilities (Score 1) 404



It's interesting that you do not deny that Putin's interest in relieving the economic sanctions trumps (pun intended) his interest in crushing Isis. Ok. We are in agreement there.

You seem like a bright fellow, so you'll probably recognize the fallacy you've presented in your own post regarding Podesta's lobbying firm taking money from a Russian bank. Did that money actually win them influence over Hillary Clinton? Apparently not. According to your prolific tirades against Clinton on Slashdot, she's a war mongering hawk trying to start wars with Russia. Donald Trump, in contrast, has the potential to (using your words)--

...join hands with Russia and Turkey to crush Isis.

You are trying to paint Clinton and Podesta as puppets of Russian lobbying money, while claiming the DNC also promotes Putin as a boogeyman. Kind of emphasizes the lack of real influence this money had on Clinton. You repeatedly reference this Saudi oil money going to the Clinton Foundation and paying for Chelsea's wedding, but where are the details on the quid pro quo? What was gained for them or the Russian bank?

I think we're getting tired of your broken record of "yeah, but Clinton collected money from xyz." Why don't you build up a stronger case for why Trump should hold hands with Putin to destroy Isis? We would all like to see your references to the great and wonderful things Vladimir Putin has done that would help explain how his involvement in Syria is only out of a humanitarian interest. I am very curious to hear more about your rationale for Donald Trump developing closer relations with Vladimir Putin.

Comment Re:protecting capabilities (Score 1) 404

..instead of having the US join hands with Russia and Turkey to crush Isis.

The Russian interest at play here is not to crush Isis, but to crush the economic sanctions against Russia for invading Crimea and trying to take over Ukraine. These sanctions are crippling the ability of the Russian Oligarchy to enjoy their wealth and amass more.

Do you think Paul Manafort was advising Trump on how Russia could join hands to help the US destroy ISIS, or do you think he was telling Trump about how all the Russian oligarchs would love him if he were to remove these annoying sanctions?

Trump has a track record of championing making money over punishing wrong-doers. Consider this episode where he wanted a convicted rapist to avoid prison time so his casino could profit off of his boxing match--

Trump and Tyson are old friends who did business together in the late 1980s, when the real estate mogul promoted and hosted several of Tyson's fights at his Atlantic City casinos and even fashioned himself for a time as the boxer's "business adviser." And in a largely forgotten episode, Trump came to the boxer's aid during one the darkest moments of Tyson's careerâ"his 1992 conviction for raping a beauty queen. To save the champ from being locked up, Trump pitched a highly controversial proposal that would have essentially allowed Tyson to buy his way out of prison.

Comment protecting capabilities (Score 1) 404

Your premise in denouncing the report is that the methodology employed is not as sophisticated as you expect Russia to be capable of. You should consider and acknowledge a couple of espionage realities:

The spearphishing employed against Podesta worked and was trackable. The report is not going to talk about the hacking attempts that did not work and were not trackable. As in the case of the Tempest vans you reference. Because the report does not mention Tempest vans does not mean they are not driving around.

Intelligence agencies will only release info that does not compromise their capabilities of collecting intelligence. If they were to release a transcript of a private office conversation between Putin and Paul Manafort containing details of the hacking, then Putin would realize there is a bug in his office and clear it out. The confidence of these US intelligence agencies that Russia was meddling in the recent election is buttressed by information collected that can't be released without divulging the source mechanism for its collection. What you see in the report is safe information to release.

Comment Re:Back to the old model (Score 1) 70

I'd be surprised if Amazon would give a shit if Clarkson did punch someone else

Amazon's lawyers give a huge shit about Clarkson's capacity for future violence in the workplace. Hiring someone who is known to have a propensity for physically abusing co-workers produces a huge legal liability for the employer. If he punches someone on the set of the new show, that person will sue Amazon and in court, there will be a huge claim paid by Amazon for criminal negligence.

That's really why he got fired from BBC. It's not about being PC. When he punched the first person at work, that victim could only win a suit against Clarskon. A second attack would bring the employer into liability for knowingly maintaining a dangerous workplace. If they didn't fire Clarkson at BBC and someone else punched another co-worker, the BBC could be liable because of the inaction against Clarkson sending a message to other employees that punching your co-worker is tolerated by the BBC.

I would not be surprised if Amazon's risk-management department has assigned some kind of bodyguard or conflict resolution expert(s) who are on set for each filming. Amazon is a public company and this is a typical sort of precaution that would be insisted upon by the risk management department.

Comment Re:Back to the old model (Score 0) 70

Seems like Amazon is going back to the old TV model of releasing a new episode every week

When you've got a host who during production of the season might punch a producer and you have to cancel the show, you want to immediately air the shows you've produced ASAP. Too big of a liability to sit on those episodes and hope Clarkson doesn't punch anyone while filming the rest.

Comment Re:A different position (Score 5, Informative) 469

...a candidates spouse taking hundreds of millions of dollars from foreign interests, which Trump was accused of but Bill Clinton actually did.

I suppose that depends on your definition of 'actually.' Checking Politifact, this claim does not hold true.

Per an article in Fortune magazine in October 2015 that traced both the Clintons' tax returns to estimate their net worth:

On the low end, the Clintons reported assets of $11.3 million. On the high end, they might have as much as $52.7 million. The couple listed no liabilities.

How is it that Bill Clinton 'actually' accepted HUNDREDS of millions of dollars from foreign interests, yet he only has assets totaling as much as $53 million?

This is a classic example of the disruption that Trump has brought to the political process.

Unrestrained fiction presented as facts to smear opponents requires an update or replacement to the term "truthiness."

Comment Re:Those that don't study history (Score 1) 113

I find these comments to be utterly stupid. Have you ever worked anywhere before? Can you possibly imagine non-engineers trying to use IRC for a collaboration tool? Even engineers can find the easy to use interface helpful. Look. I love IRC. I even ran an IRC server for a couple of years but insisting it is enough for most people is nonsense or people would have been using it in the office for collaboration for decades and it would be entrenched by now. There is a reason Slack and its competitors have blown up in recent years. It is a necessary niche. Now we are just waiting to see someone perfect the idea.

Comment Re:Because it mostly doesn't matter? (Score 1) 113

Wow. This is exactly the type of attitude that leads to serious data breaches. Not using secure tools for collaboration is increasingly becoming a regulatory risk as well. I need this security for my job and believe it or not most other people do too even if it is just to comply with regulations but also because breaches on smaller companies is becoming more and more common. Just leaking some personal information of one person can be enough to trigger notification laws in some states.

Slashdot Top Deals

Hackers of the world, unite!

Working...