Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Seller versus platform (Score 1, Insightful) 253

I'm not sure how this:

The lawsuit says the seller of the hoverboard listed online, "W-Deals," is a sham organization that is registered to an apartment in New York City that has not responded to requests from lawyers in the case.

combines with this:

It says Tennessee product liability law holds a seller responsible if the manufacturer cannot be found.

to make liability for Amazon. They still wouldn't be the seller, just because the original seller can't be found. It sounds like they should still be trying to go after "W-Deals".

Comment DNS vs BGP (Score 4, Informative) 63

Krebs also reports that vDOS's DNS addresses were hijacked by the firm BackConnect Security to get out from under a sustained DDOS attack

According to the article it was a BGP (ie IP address) hijacking not a DNS hijacking. DNS isn't even mentioned at all in the article aside from a phone number in a domain registration found to match one obtained from the hack.

Comment Re:wifi connect https redirect issues (Score 1) 86

Most operating systems I've seen recently test if they can get to the internet themselves and if they are redirected to a captive portal they then automatically open a browser window to where the portal redirected them to (usually a login page). This avoids the issue of trying to MitM attack whatever site the user was trying to get to. You can still make the login page you get redirected to secure with proper certificates. The following are examples of the different things companies use in detecting if they can connect to the internet:




Comment Re:Microsoft Propoganda (Score 1) 115

If you read the article, you would see it's not a flaw in TCP in general but in RFC 5961, which only Linux has implemented so far and thus why it's the only one that's vulnerable. It also does not require you to be in the middle of the connection. Even with TLS you can still create a denial of service using this attack.

Comment Re:Ethernet (Score 2, Insightful) 212

All they need is enough packets generated by the playback of iPlayer content of various, known and non-standard sizes being transmitted to show that the user is watching it. It would be one thing if they just used a few packets, but if say 1000 packets of specific preset sizes were detected in a specific order and the sizes when translated into ASCII said "I am watching iPlayer, I love the BBC..." it would be pretty clear.

Comment Re:Wait..... (Score 1) 119

For LinkedIn, the problem with the credentials that were leaked by hackers is that they were not stored securely with proper salt. Within a few days of starting on it, security researchers cracked 78% of the passwords resulting in almost 50 million unique passwords. Attackers undoubtedly did the same over the years since the breach. This gave attackers millions of actual passwords to use in future attacks. As for how Netflix and Facebook can tell you are using the same password, they could get the list of cracked passwords that users are using from the breaches, matching them with email addresses of their own users then hash the password using the algorithm they use along with the salt for that user and compare it to the user's current password hash.

Here's a blog post about the cracking effort:
And here's an article about why this is so bad:

Comment Re:Is there OpenSource Ad block software? (Score 1) 263

uBlock Origin is open source. It has worked fairly well for me and is supported in most browsers. What it blocks though, like most programs, is based on the blocklists you load into it so you may have to find some to your liking if the defaults don't block enough for you. I haven't noticed any problems with the defaults lists in terms of advertisements getting through and I think it should be fairly effective when combined with Ghostery.

Slashdot Top Deals

Nothing motivates a man more than to see his boss put in an honest day's work.