Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Sourceforge Hijacks the Nmap Sourceforge Account (seclists.org) 2

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"


Did the Spamhaus DDoS Really Slow Down Global Internet Access? 70

CowboyRobot writes "Despite the headlines, the big denial of service attack may not have slowed the Internet after all. The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week. Also, multiple service providers and Internet watchers have now publicly stated that while the DDoS attacks against Spamhaus could theoretically have led to slowdowns, they've seen no evidence that this occurred for general Internet users. And while some users may have noticed a slowdown, the undersea cable cuts discovered by Egyptian sailors had more of an impact than the DDoS."

Google Releases Street View Images From Fukushima Ghost Town 63

mdsolar writes in with news that Goolge has released Street View pictures from inside the zone that was evacuated after the Fukushima disaster. "Google Inc. (GOOG) today released images taken by its Street View service from the town of Namie, Japan, inside the zone that was evacuated after the Fukushima nuclear disaster in March 2011. Google, operator of the world's biggest Web search engine, entered Namie this month at the invitation of the town's mayor, Tamotsu Baba, and produced the 360-degree imagery for the Google Maps and Google Earth services, it said in an e-mailed statement. All of Namie's 21,000 residents were forced to flee after the March 2011 earthquake and tsunami crippled the Fukushima Dai-Ichi nuclear plant, about 8 kilometers (5 miles) from the town, causing the world's worst nuclear accident after Chernobyl. Baba asked Mountain View, California-based Google to map the town to create a permanent record of its state two years after the evacuation, he said in a Google blog post."
The Internet

Ship Anchor, Not Sabotaging Divers, Possibly Responsible For Outage 43

Nerval's Lobster writes "This week, Egypt caught three men in the process of severing an undersea fiber-optic cable. But Telecom Egypt executive manager Mohammed el-Nawawi told the private TV network CBC that the reason for the region's slowdowns was not the alleged saboteurs — it was damage previously caused by a ship. On March 22, cable provider Seacom reported a cut in its Mediterranean cable connecting Southern and Eastern Africa, the Middle East and Asia to Europe; it later suggested that the most likely cause of the incident was a ship anchor, and that traffic was being routed around the cut, through other providers. But repairs to the cable took longer than expected, with the Seacom CEO announcing March 23 that the physical capability to connect additional capacity to services in Europe was "neither adequate nor stable enough," and that it was competing with other providers. The repairs continued through March 27, after faults were found on the restoration system; that same day, Seacom denied that the outage could have been the work of the Egyptian divers, but said that the true cause won't be known for weeks. 'We think it is unlikely that the damage to our system was caused by sabotage,' the CEO wrote in a statement. 'The reasons for this are the specific location, distance from shore, much greater depth, the presence of a large anchored vessel on the fault site which appears to be the cause of the damage and other characteristics of the event.'"

Comment Tried it last night ... (Score 1) 149

Short summary: it's a typical way too easy, hand-holding, felt 50% cinematic sequences (fortunately no "mash X button" sequences like Far Cry 3), non-interactive world (scattered books that can't be looked at, NPCs that can't be interacted with => bland, boring environment) adventure built around a FPS that feels like a 10-15 years old XBox game (I'd place it near or below Fable 1 in complexity/gameplay, or to be a little harsh, close to Doom). It apparently impressed reviewers with its big flying city and extreme detail in the wrong places (those you just run through in the beginning).

Comment Re:Roll your own. (Score 1) 141

He's got a point that many implementations make it hard to navigate the tree,

I don't even grant him that point. Hard compared to what? A flat list of posts that one should try to reconstruct the (naturally tree-shaped) discussion structure from? That's like saying we should be using square wheels because some round wheels make it hard to steer the car.

Comment Re:Roll your own. (Score 2) 141

Is it because the developers are too lazy to add a minimal amount of recursion in their engine or . . . what?!

In this particular case it is because Jeff Atwood hates threading. I think it's a huge mistake and he never manages to argue this choice in a compelling way, but I guess it's an emotional thing after all.

Comment To get a better impression of the people behind it (Score 1) 279

Just look here (nice megalomaniac style threats) and here (how mature, with the writing style of a 14 years old script kiddie). Do you trust these people to deal with spam in a professional manner? I know I don't, because I've had to deal with the results of their "work" before. They simply don't care if they cause damage, they probably even enjoy it, otherwise they would try to screw up less often.

Comment Re:wrong on all accounts (Score 2) 279

Monitoring their blacklist for your IPs is not "hard"

Neither is distinguishing between "having open relays", "sending perfectly legitimte e-mail to addresses that have a new (domain) owner" and "sending spam", but they don't do it - you will always be slandered (called "spammer") and your business will be disrupted by their blacklisting, even if no spam e-mail was ever sent by your hosts. Last time I checked, they will even blacklist you for having a vacation responder at the address they send their probes to and on one occurrence they kept blacklisting us with the following reason (i.e. their probes that prolonged the blacklisting were these lines):

postfix/smtp[....]: XXXX: to=, relay=XXXX:25, delay=[...] status=bounced (host XXX said: 571 Your IP is BLACKLISTED at UCEPROTECT-LEVEL 1 - See: http://www.uceprotect.net/rblcheck.php?ipr=XXX (in reply to RCPT TO command))

So basically they extended the blacklisting because we were blacklisted, at least that was the reason in the logs (which we were supposed to use to find a problem on our side).

In fact the problem was that we had a registered user many years ago with a domain that had changed owner in the mean time and was used as a spam honeypot now - how do we "debug" that, let alone prevent it? And why do we need to "punished" with a blacklisting when we obviously did nothing wrong (or should we demand of our users to tell us when their e-mail provider sells a domain or goes belly-up?).

What is usually ignored by people in this thread is the simple fact that no spam e-mail is required to get you blacklisted, they don't seem to classify e-mail at all, that needs to be understood.

Comment wrong on all accounts (Score 2) 279

* you do not get any notifications if you are blacklisted, except whatever obscure message is in your logs
* you do not have to have spam originating from your system, it can be perfectly normal e-mail to an address used by someone you knew in the past, that is now used by someone else as a spam honeypot.
UCEprotect sucks. It's no wonder the people behind it are hiding their identities.

Comment Re:Stop sending spam then. (Score 5, Informative) 279

If you don't want to be blacklisted, then stop sending spam. Simple.

You're an ignorant fool. Unfortunately, too many sysadmins are just as ignorant, so they trust these badly-run, possibly with malicious intent, services. We've never sent 1 spam e-mail in 12 years doing business online and have been blacklisted several times by UCEprotect due to them recycling old domains (which were used by users to register on our site) for use as spam honeypots. They wasted countless hours of our time for nothing.

Comment We've had this too ... (Score 1) 279

We've had several such extortion attempts and on the last occasion, we found that they are using domains that were previously held by e-mail providers as "spam honeypots". We've had such e-mail addresses in our forum users database since 2003 and now every time we sent them a forum notification, we got blacklisted by the extortionists (who by the way refuse to tell you which e-mail address caused the blacklisting). So in my opinion, they are trying very hard to get people blacklisted for legitimate uses of e-mail addresses in order to blackmail then.

Comment Re:comment (Score 1) 259

A commercial (or open source) forum suite has had way more eyes looking at it than your home-brewed solution.

That's both good (theoretically better code) and bad (large-scale attacks when some exploit is out in the wild). In practice, a decent programmer can write a safe, simple forum for themselves easily, while they will get hit regularly by exploits in phpBB etc. if they just trust such solutions instead.

Slashdot Top Deals

Real Programmers think better when playing Adventure or Rogue.