Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Set up correct secondary DNS servers (Score 1) 3

Set up correct secondary DNS servers.

If the secondaries had not been hosted at the same company, but instead at various companies around the world, the attack would have had no effect on anything but traffic.

This is, by the way, how multiply connected networks are supposed to work.

This could be easily accomplished at no additional cost by having a peering-pool arrangement between all the host registrars, so that we ended up with a multiply connected redundant network.

Kind of how we designed the thing to work in the 1960's and 1970's, and DNS itself in the 1980's.

But a lot harder for law enforcement to issue DNS-based takedowns on, of course. Since it would route around the damage and keep functioning. As designed.

Comment Re:Halfway There (Score 1) 375

It's not "gun controllers bringing it up", it's manufacturers working on them. What do you have against manufacturers developing new products?

I have absolutely nothing against manufacturers developing new gun safety products and offering them on the market. The concern with these "smart" guns is that they'll be mandated by law. This has already happened in New Jersey. The 2002 Childproof Handgun Law says that three years after "smart" guns are available for sale in the US, all guns for sale in New Jersey must be "smart". The law doesn't require that the guns be in any way reliable or have obtained any significant market share, just that they've been available for sale. So if these actually make it to market people in NJ who want reliable guns are screwed. And if any other states, or Congress, passes a similar law, then all of us are screwed.

Actually, I'd have no problem with smart guns if they were really reliable. And there's a really simple reliability screening test we can use: offer them to military and law enforcement personnel. Cops in particular should see a lot of value in smart guns because cops occasionally get shot with their own guns. However, they also need their guns to be extremely reliable, and big departments and the FBI have the institutional resources and motivation to seriously test them. So, once the technology reaches a level where police are not only willing to use smart guns but actively want them then it's fine to mandate them for civilians.

Of course, thanks to the NJ law, civilians are going to fight like hell to keep these things off the shelves, which means that the years of refinement needed to make them reliable is never going to happen. Not in the US, anyway.

Comment Re:It gives me pleasure to introuce you to the fut (Score 0, Troll) 72

The apologists will, as always, talk only about the benefits and how it will help against the "bad guys"

Why should someone apologize for telling the truth? If it was your job to deal with an armed, violent person, and you were handed a tool that allows you to do that with less of a chance of you being killed while doing your job, are you really saying you wouldn't use that tool? Let me guess, you think it's unfair for the police to wear body armor, right? Yeah. Right.

Took less than 2 hours for the AC to be shown to be correct.

Comment Re:So it appears . . . (Score 1) 184

Cold-weather clothing doesn't require advanced technology, and can be improvised if necessary. If there's a failure in the Antarctic base, there's time to repair it. Pressure suits and airtight shelters do require advance technology, are hard to improvise, and the results of any problem can be deadly very quickly.

Comment Re:Your proof that the DNC leaks were from Russia? (Score 1) 238

I haven't examined things myself. I'm not a security guy. I understand there's some public evidence, and beyond that the CIA doubtless knows more. I don't trust them, but Obama is willing to create a diplomatic incident over the hacking, which suggests he has good reason to think it was a Russian action. I'm not saying it had to be a state actor (from what I've read, it wasn't that difficult), but that there is reason to believe that it was.

Comment Re:Phone (Score 1) 238

It's not the information. It's the interference. Assange and likely Russia released information alleging corruption on the part of the DNC, said corruption apparently including having political preference. That's foreign interference in a US election. Being biased, I find that more annoying than US interference in foreign elections.

The 2000 election was extremely close, and had numerous minor irregularities that could have made Gore President had they gone the other way. The 2016 election looks like it's not going to be close. Trump's been saying that the polls are rigged and the election will be, and that he may not accept the election results if he loses (and he will). If he and his followers just say a lot of things, that's OK, but it is worth noting that Gore accepted Bush as President. If he encourages violence, and I can't rule that out, it's a lot worse.

Comment Re:The attackers (Score 1) 112

This wouldn't involve the ISP, it'd be entirely within the router. The router could access any DNS server, but hosts on the internal side could only access the router's caching DNS server unless the user authorized an exception for them. It wouldn't entirely prevent attacks like this one, but it'd prevent direct attacks and forcing the attacks through multiple levels of caching would blunt the attack to a degree and make it easier to throttle the sources of the malicious requests.

Comment Re:How are all these consumer devices on the WAN? (Score 1) 112

I'm not sure that's quite right. With most home routers you have to go to some effort to place your IoT devices live on the internet. Besides that, most IoT companies already offer cloud access via their own app which doesn't require the IoT device to be open on the internet itself. I'd say this is the standard method of operation of IoT these days (a third-party service), especially for the unwashed masses. For example I've played with a WeMo switch that was cloud enabled but certainly wasn't out on the internet itself. Many of these companies don't do a good job with security, but that's not really what we're talking about here. So there has to be more to this story.

Comment The attackers (Score 3, Informative) 112

Ultimately, it's the groups that initiated the DDoS who are to blame. But others have to take some responsibility for failing to do what they could to mitigate the opportunities to initiate attacks:

1. ISPs could implement measures based on RFCs 3704 and 2827 that would make spoofed traffic difficult to impossible to generate.

2. Router makers could implement RFC 3704 and 2827 rules in their firewalls by default, could implement default rules that blocked access to external DNS to everything except the router (with the option for the user to allow some or all access), could provide a separate network for IoT devices that defaults to no Internet access and the user has to specifically authorize access per device, and could make randomized default passwords the standard for factory-default configurations.

3. IoT manufacturers could make randomized default passwords standard and design their devices to not require Internet access to configure.

4. Consumers could acknowledge that they're responsible for their own networks and routinely make use of the available tools to check on the health of their networks and the status of the devices on it.

Comment Re:How are all these consumer devices on the WAN? (Score 1) 112

I came here to post the same question. I know that 15 or 20 years ago when IPv4 addresses were plentiful that nearly everything was publically-addressable (though often firewalled at the gateway), but I thought nearly everyone from institutions to households had moved to private IPv4 networks. Most IoT devices that I know of that are cloud-enabled connect into a cloud control server from within a private network. Still a security risk, especially if malware gets inside the private network it can attack these devices from the inside.

IPv6 is a bit different of course; were these exploited devices accessed via IPv6?

So inquiring minds want to know, how were these IoT devices compromised? Were they sitting out on the open internet? Hacked from other devices or computers inside the private lan?

Comment Re:It was a premises warrant. (Score 1) 363

He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe —- by word or deed

Meaning the fingerprint gathering for the use of opening the phone is tantamount to compelled testimony in the general case, while the fingerprint gathering for the use of identification and matching is not.

Keys don't change. Fingerprints don't change. A biometric identifier is therefore not affirmative.

Combinations can change. Pin codes can change. Utilizing either requires active participation in a process. And is therefore affirmative.

Fingerprint usage is therefore tantamount to using a key, and if you are stupid enough to use a biometric identifier as an access method, you've picked a non-affirmative access method.

Slashdot Top Deals

How come everyone's going so slow if it's called rush hour?