Where's that "So you think you have a way to block spam?" fill-out-form joke?

A website, or a game server, is EXACTLY the kind of machine that receives a significant portion of its requests from people it's never seen before.

On top of that, a DDoS doesn't care if you "block" it. It's still consumed 1Tb of traffic. Even if every single packet never reaches the server, the DDoS will knock you offline by swamping your connection.

You can "firewall" it right at the first point that your connection comes in. It still consumes your connection.

You have to ask your upstream to block it - who have EXACTLY the same problem. They block it, but it still consumes Terabytes of otherwise-usable bandwidth to do so.

I'm afraid your suggestion would tick almost every one of the the "Will not work because" boxes.

Collateral Damage.

Though the attack might be targeted at a games server, OVH and their datacentres almost certainly run a number of much more important services for much better paying customers.

DDoS is indiscriminate and affects everybody, not just the target of it.

Er... the newest there is Firefox 19.0 from three years ago.

Good luck!

"So what will be the impact of this? Will we see cheaper, lower-power encryption devices? Or maybe quicker cracking times in brute force attacks?"

Neither.

It's a method to discover primes using elimination of non-primes up to the square root of the number you're after.

If you can get that far, you can get to the prime itself quite easily. It's not going to help discover new large primes without eliminating BILLIONS of numbers in between.

And from there it has nothing to do with cracking encryption whatsoever.

The impact of this is that a child's method of eliminating factorisable numbers slowly takes up slightly less storage space (i.e. slightly less variables held in RAM) than before. It's not a breakthrough in maths, but a slight efficiency saving in the computer science to perform the algorithm in practical terms.

"helps government agencies track down terrorists and uncover financial fraud,"

Other ethnic backgrounds not hired Palantir:
- North Korean
- Russians
- Iranians
- Cubans
- Chechens
- Former/current ISIS members

"Asians" may be a tad too broad. Chinese nationals? Hell, yes. I know of quite a few places that do something similar. The problem is that the idiots doing the screening cannot differentiate between a 2nd generation US citizen from Vietnamese or Hong Kong families, and someone who only a little while ago carried a nice red book and quoted the chairman.

What are the other 17 non-Asians? White, black, hispanic, pakistani, japanese, egyptian, etc?

I beat my record!

Run the Win98 one.

Shut it down.

It BSOD's with 0E exception in VXD VDD.

That's got to be a world-record in terms of "number of instructions executed before a fatal error".

Not a chance in hell that IE would run that.

Edge minimum, I should think.

You'd even struggle to download a modern Firefox that worked on '98.

Though it doesn't seem to apply to home networks, how can you be an IT professional of any kind and NOT know what's coming into or going out of your network?

If nothing else, precisely because of things like this where your CCTV NVR or your thermostat could be hacked and doing whatever it likes. In fact, DDoS of someone else is the LEAST of your worries if someone is able to coax your devices into running arbitrary code on your local network.

Sorry, but this kind of thing needs management and there isn't a home router on this planet that does things like send you an email when a "new" device connects, or alerts you to unusual activity from your local network devices.

Computationally that is, I don't think it would have flown in the early 90s and the adoption rate would have been the same it was with SSL (and TLS). It wasn't not so long ago that I actually had to provide resource impact reports on servers where everything would be encrypted. Nowadays (unless you deal with extreme large volumes), encrypting (using an symmetric key that is) doesn't have a significant impact. Web servers, load-balancers, etc can support it without breaking a sweat.

If I was that Ziegler fellow I'd be consulting a lawyer. Spouting that shit publicly, verges (ha!) on defamation.

I'm not saying what Ziegler was right, although in this day and age, one should show very little loyalty to any corporation because they basically claim "people are our most precious resource" but treat employees like shit.

I've seen staff where I worked, take a few weeks off or take a leave of absence. What they do, is try another job and see if it suits them. They quit the original job, or they quit the new job. I'm not going to judge people too much when they do this, hell, the company is always evaluating if they should terminate you.

At this moment I have two contracts. Place A does not know of place B, but place B knows of me working at place A and they don't care. The type of work is very different and they're not in the same sector. Sure place A could claim some crap, but if they do, I just have to walk and move on to the next gig. They can claim some BS excuse anyways, doesn't matter.

So the US are openly picking battles with Russia AND North Korea now?

Guys, seriously, has the terrorist thing worn thin or something? Or have you realised that piling into other people's countries and "fixing" them achieves fuck-all that people in that country consider "fixing"?

If you want another hundred billion for the military just say so, stop picking fights with people who either do - or may soon - have the capability to fight back once and for all.

And if the Russians are manipulating your election and affecting your candidates, maybe you should look at your election and candidates instead of the Russians. Because, for sure, you'd do exactly the same if you could over in their country.

How about fixing your election system and having news channels that report on real things, like who's taking backhanders, what crappy laws have been slipped into completely unrelated bills, and such-like?

Oh, sorry, that would involve having impartial news channels not already owned by the people in charge, right?

They should.

It's literally best practice and the way any sensible organistion should do it. An authentication server is just that - it authenticates. Whether that's RADIUS or whatever else, it should do one job and do it well and have the minimum amount of access necessary to do that job.

With someone like Yahoo's money and resources there is no excuse.

And with an auth server farm, how do you get hacked? It has to be deliberate insider intrusion (i.e. someone who works on those machines). Done properly, even sniffing the entire network around it wouldn't do much and certainly wouldn't be able to affect older logons.

If the auth servers were just doing auth, and nothing else, and isolated, and had a single "auth" port exposed that ran a limited-scope protocol that only returns the bare minimum of data, the scope for attack is almost zero. And you literally lock them away and don't let anyone but your most trusted engineers touch them.

So it's quite obvious that all these places that do get hacked AREN'T running proper auth servers at all.

Even Steam, when it had credit card data stolen, the data was encrypted (so nothing ever came of the data leak) but... how did they get that? Why is that not stored on a completely isolated system? Why were they able to get historical records rather than only those flying over the live network (which is, I admit, harder to secure)? It means it wasn't isolated and secured.

Even CA's have had their root certificates compromised and you'd expect that to be the most secure thing in the world. Literally, make them on an offline computer, generate and sign some other root certs that you actually use, and then switch that thing off and never turn it on again unless you need it.

But, in real life, despite all the posturing about security, none of this ever happens.

The curse of general-purpose operating systems, general-purpose computers and even - as could happen in real life if people took your suggestion - using VM hypervisors as the gateway between your data and the VMs running the outside services (nothing wrong with VMs themselves, so long as the entire server farm was completely isolated from all the others - personally, for an auth farm, I'd use physical servers only to reduce the attack area even more).

200m user details stored in one place that can get hacked?

I wouldn't hold your breath here.

At most, you'd expect some kind of isolated authentication service, separate from the rest of their servers but I doubt it.

If someone has just sucked it out of a SQL table, the chances of it being properly hashed and salted are minimal. And the chances they used MD5 - which even hashed and salted is cracked beyond belief nowadays - rather than something sensible? Minimal.

There are notification requirements, yes.

But nowhere does it say 24 hours.

Because this is new evidence that may show someone lied to the court, or provide new avenues for charges?

If this guy was asked "Did you delete emails?" and said no, this case is wide-open again because he could be found to be lying based on this discovery. If his competency was used as a factor in ensuring the regulations were met, that might be brought into question by experts if the court interprets this evidence in certain ways.

Double-jeopardy doesn't apply if new evidence is brought in most countries.

But then, most countries don't have nonsense laws like that anyway, or prescribe them in such a way that they only stop harassment of a defendant rather than letting murderers get off because the lawyers were stupid but it doesn't quite qualify as a mistrial.