Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment DNS vs BGP (Score 4, Informative) 63

Krebs also reports that vDOS's DNS addresses were hijacked by the firm BackConnect Security to get out from under a sustained DDOS attack

According to the article it was a BGP (ie IP address) hijacking not a DNS hijacking. DNS isn't even mentioned at all in the article aside from a phone number in a domain registration found to match one obtained from the hack.

Comment Re:wifi connect https redirect issues (Score 1) 86

Most operating systems I've seen recently test if they can get to the internet themselves and if they are redirected to a captive portal they then automatically open a browser window to where the portal redirected them to (usually a login page). This avoids the issue of trying to MitM attack whatever site the user was trying to get to. You can still make the login page you get redirected to secure with proper certificates. The following are examples of the different things companies use in detecting if they can connect to the internet:




Comment Re:Microsoft Propoganda (Score 1) 115

If you read the article, you would see it's not a flaw in TCP in general but in RFC 5961, which only Linux has implemented so far and thus why it's the only one that's vulnerable. It also does not require you to be in the middle of the connection. Even with TLS you can still create a denial of service using this attack.

Comment Re:Ethernet (Score 2, Insightful) 212

All they need is enough packets generated by the playback of iPlayer content of various, known and non-standard sizes being transmitted to show that the user is watching it. It would be one thing if they just used a few packets, but if say 1000 packets of specific preset sizes were detected in a specific order and the sizes when translated into ASCII said "I am watching iPlayer, I love the BBC..." it would be pretty clear.

Comment Re:Wait..... (Score 1) 119

For LinkedIn, the problem with the credentials that were leaked by hackers is that they were not stored securely with proper salt. Within a few days of starting on it, security researchers cracked 78% of the passwords resulting in almost 50 million unique passwords. Attackers undoubtedly did the same over the years since the breach. This gave attackers millions of actual passwords to use in future attacks. As for how Netflix and Facebook can tell you are using the same password, they could get the list of cracked passwords that users are using from the breaches, matching them with email addresses of their own users then hash the password using the algorithm they use along with the salt for that user and compare it to the user's current password hash.

Here's a blog post about the cracking effort:
And here's an article about why this is so bad:

Comment Re:Is there OpenSource Ad block software? (Score 1) 263

uBlock Origin is open source. It has worked fairly well for me and is supported in most browsers. What it blocks though, like most programs, is based on the blocklists you load into it so you may have to find some to your liking if the defaults don't block enough for you. I haven't noticed any problems with the defaults lists in terms of advertisements getting through and I think it should be fairly effective when combined with Ghostery.

Slashdot Top Deals

Unix will self-destruct in five seconds... 4... 3... 2... 1...