Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Bullcrap (Score 2, Insightful) 145

I spend a week a year listening to crap like this for hour after hour. In 2010 everyone said (and still this year the big Security firms are still clueless) that the PLC attack against the Siemens controllers "Was an extremely sophisticated attack" blah blah blah "nation state" blah blah blah.

This is based on the following:
1. Obviously the 2 signed pieces of code would have required real human assets.
2. The PLC controllers are incredible sophisticated and expensive.
3. The method of infiltration was extremely well planned.

Until earlier this year I was spouting the same crap... then an individual busted Comodo wide open. Then later Diginotar (as if Comodo wasn't evidence enough.) SO Check, #1 no longer requires human assets.
Then I saw a talk that blew #2 and #3 out of the water. A relatively low funded talk ( about 6k) was done, where an individual (not a team, not even two people) was able to identify a direct backdoor that provided shell access into all PLCs of the model applicable in the Stuxnet attack, and could perform the attack without the need of the configuration stations...

THERE WAS NO NEED FOR A USB PAYLOAD TO BOOTSTRAP THE COMPILER! You could actually login, and patch the damn executables on the plc itself using the backdoor.

My conclusion about 30 seconds after these things were demonstrated (on the actual PLCs) was that it probably did take a team of engineers to create the rube goldberg that was stuxnet, but it didn't involve anyone at Siemens (since when confronted with the researchers findings, they acknowledged them, saying they were already aware.)

Since the RSA attack is like three steps down from that, I would say that RSA is trying to perform damage control with their shareholders since in terms of sophistication a user clicking a malicious URL in an email is sooooOoo 1999.

Comment Rudyard Kipling said it best (Score 4, Insightful) 167

It is always a temptation to an armed and agile nation
    To call upon a neighbour and to say: --
"We invaded you last night--we are quite prepared to fight,
    Unless you pay us cash to go away."

And that is called asking for Dane-geld,
    And the people who ask it explain
That you've only to pay 'em the Dane-geld
    And then you'll get rid of the Dane!

It is always a temptation for a rich and lazy nation,
    To puff and look important and to say: --
"Though we know we should defeat you, we have not the time to meet you.
    We will therefore pay you cash to go away."

And that is called paying the Dane-geld;
    But we've proved it again and again,
That if once you have paid him the Dane-geld
    You never get rid of the Dane.

It is wrong to put temptation in the path of any nation,
    For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
    You will find it better policy to say: --

"We never pay any-one Dane-geld,
    No matter how trifling the cost;
For the end of that game is oppression and shame,
    And the nation that pays it is lost!"

Comment Favorite Feynman Piece (Score 1) 169

And I call it a piece of art because the man was a damn artist when it came to explaining physics.

The universe in a glass of wine.

Searching for it returns nothing.

I know you can look it up by the section of the class, but come on natural language search is the new pink.

I'll stick to the bad recordings passed around by CIT students for the past quarter century.

Comment Re:What I have been telling people. (Score 1) 229

So much sarcasm, must resist feeding trolls. Ahh well, yes Virtual Boy, it's what I get for phone posting. /. groupthink just hasn't caught up with the reality of the automatic misrepresentations that said virtual presence devices present. Blame the mods for modding it up, don't attack someone's credibility solely for underrated bumps to your virtual ego.

Comment Holy shit sparky, what'd you do? (Score 2) 99

Ok, well I have to take some blame because I was involved in this, but while working for a major retailer I was one of two engineers fixing the power going to a pair of 6509's. They had redundant power supplies, and both the backups were bad. I had sent them both back, and received the RMA units the same day. After scheduling the change, and getting all the paperwork filled out we were ready to begin. Because we anticipated issues with at least one of the units, anything in this Datacenter seemed to be cursed, we called in a proactive ticket with Cisco. As we lined up the 30 amp plug and had it seated in the plug housing (attached to a local UPS) the engineer I was working with began inserting the 20 pound power supply into the chassis.

Just as he was sliding it I noticed THE CABLE HOUSING WAS SLIDING OUT OF THE POWER SUPPLY!!! I was starting to shout for him to stop and the two exposed solder points contacted the outside of the power supply. Needless to say, milliseconds later, Sparky (who hadn't checked the screw that held the housing in place on the power supply) was cowering in the corner, the operator on duty ran in the DC and had to yell over our now popped ears what the fuck just happened. Occording to her it was a very large bang, to me it was like a lightning bolt in front of my eyes.

I was already reaching for the leather strap to yank him off it, when I saw he was on the ground and the UPS had locally blown it's fuse. Thankfully he wasn't hurt, and it only took me about 36 hours of explaining to TAC what happened to get the unit back up to 100%. Before that night I never thought I'd call and say, "The unit arc'ed out and I watched it ground through the chassis... we're gonna need some parts." From now on I write the instructions such that it's painfully fucking obvious "DON'T FLIP THE POWER TO THE ON POSITION ON THE FEED UNTIL THE UNIT IS SECURE!!!"

Sparky doesn't do IT anymore.

Comment Re:Ellsberg actually redacted diplomatic cables (Score 1) 669

Either you're lying or nobody is listening. I've mentioned this on the ISSA forums, on linkedin lists and on Slashdot multiple times. Wikileaks has an agenda. Cryptome, read it, learn it, love it. And for the hate of Cthulu if I see a stereotypical "Cryptome is a lying pack of liars" I'll scream.

This is exactly the sort of thing they want to happen, it's not an accident. To put on the WL hat: It's a horrific display of global politics, built on lies. To look at it from the outside in, it's a terrible setback to a slow development of what might someday have been a democratic upheaval. Now bloodshed may be the only option. See: the Ivory Coast.

Slashdot Top Deals

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce