Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Wherever data is collected, it is abused (Score 2) 185

There are a few graves I would like to piss on but I cannot find out where these people are buried.

While doing some genealogy research, I discovered the Billion Graves Project where I found a crystal clear 1600x1200 JPG of my grandparents' headstone. They have volunteers who go around taking pictures of all the headstones in a cemetery, then they're indexed online. In many cases, the exact location of the gravesite within the cemetery will be displayed on a map. Worth a look.

Comment Re:yahoo made me change my password (Score 1) 124

Yahoo locked down their system so that you couldn't log into accounts from new IPs. You had to change your password from an IP you've used before before you could log in again.

That sounds like a great way to permanently lock the majority of your users out of their accounts. Many ISPs have short DHCP leases; millions of people get a new IP every week or every day. And heaven help you if you're stuck on a phone with CGNAT, you might appear to come from a different IP every few minutes. I've had enough annoyances out of Gmail thinking my logins were suspicious that I finally set up a datapipe to a server with a static IP, and I route my Gmail connections through there.

Comment Is it really spam? Or viruses? (Score 1) 47

The graph of subject lines caught my eye while looking at the Talos report. In my own experience, the recent floods of mail with subjects like "Budget report," "Tax invoice," "Scanned document," etc. all arrive with some Windows ransomware variant attached. Not sure I'd really call these spam in the traditional sense. They're unsolicited, of course, but they aren't commercial in nature.

That aside, I do see an upward trend in UCE. The biggest offenders for me lately are of the boner pill variety, PurpleRhino and Vydox specifically. I'm seeing dozens of these a day to one particular address.

Comment Re:Yahoo has users? (Score 4, Interesting) 169

I'm very inclined to believe that yes, anyone whose mail is hosted by Yahoo is part of the breach. That includes the bells (ATT, SBC, PacBell, BellSouth, etc). Anecdotally I'm confident that the address books and recent contacts of Yahoo Mail users have been compromised for years through some type of exploit. There are spam campaigns that specifically target these accounts in this way, forging the "From" address as someone you have recently communicated with.

Comment Re:A good thing. (Score 3, Insightful) 87

Cloud places have their use, but there is always the security question, and there is always the grave concern about data sitting on a remote site where you have zero physical control over it.

There's also the outage question. Microsoft's Azure has had two significant outages in the last 10 days. Companies using Google's Apps For Work suffered a 7+ hour outage of Gmail this week during (US) business hours. When your enterprise is built on one of these services, what do you do when it goes down? You wait. That's all you can do, sit there and wait and hope the services come back up soon. Sure, you'll get a credit against your SLA after the fact, but that doesn't offset the fact that your ability to conduct business was down for hours on end and there was absolutely nothing you could do about it.

At least when you're running services on premise, you have some control over the situation. You can investigate and resolve the problem yourself. Getting your company's service restored is the #1 priority, not priority #1852 among 5,000 other companies all suffering through the cloud outage.

Comment Re:Good, Bad And Ugly (Score 1) 194

Except you know... your DNS needs to contact remote DNS servers for lookups which are then redirected to the government DNS on the great firewall of ...

If I tell my DNS server it's authoritative for wikileaks.org and thepiratebay.se, it doesn't contact any remote servers to resolve those domains, it answers with whatever IPs I configured. Let it forward the rest of the queries happily along. If this "Great DNS Firewall" idea takes off, I suppose free thinkers in the UK will all be trading bootleg zone files, of all things.

Comment Re:Uhm.... article link? (Score 1) 395

The consistency is that every article that goes outside of Slashdot has that little green link next to the title

Unfortunately that's not true on mobile. That interface doesn't have the green parenthesized links at all, so if there isn't a link in the story text itself, there's no way to access the article(s). It looks like they updated this one and added the link.

Comment Re:I would love to meet the product developers... (Score 2) 95

I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?

To me, the root of the problem is the devices. The way the Stingray works is by tricking all cell phones within range to connect to the Stingray instead of the legitimate cell tower. The very nature of this design means innocent peoples' phones, people who are not the subject of any warrant, are going to have their communications illegally intercepted. You might have a warrant to tap Bob's phone, but when you park your nondescript van in Bob's neighborhood and turn on your Stingray, his neighbors' phones are going to connect to it too. Anyone who happens to be driving down the street or walking their dog around the block, their phones will also connect to your Stingray. You don't have a warrant for any of those peoples' communications.

The only justification for a Stingray type device is to go on fishing expeditions. If you have a warrant you don't need the Stingray, you just call the telco and have them tap Bob's line(s).

Comment Re:Not sure (Score 4, Informative) 107

Last time I checked, AOL Instant Messenger needed a AOL account, at least one on the free tier.

I still have both, but I haven't paid for AOL in 20 years. There are a lot of AIM users who never had an AOL account. Registration at aim.com was free for a long time (maybe it still is?) and I talk to a lot of people via AIM who were never AOL users. Despite the ridicule, AIM/Oscar via the Pidgin client with the OTR plugin remains a relatively secure method of communication.

As for Skype, fuck that entirely, it's been compromised forever. If I want to holler at the NSA, I'll just yell into any phone and hope for the worst.

Slashdot Top Deals

What sin has not been committed in the name of efficiency?

Working...