Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Victim blaming, Opsec, and old email addresses (Score 1) 93

By itself this doesn't mean he was directly compromised. We need to be really careful about inferring things from presence on these stealer lists and breach tracking sites. This is the second time in the last couple weeks that I have seen a "stealer" list being used to discredit someone.

You can easily end up on these without having ever had a directly compromised device of your own. If you have an email password combination that was breached in any of the many public breaches listed out there (see https://haveibeenpwned.com/), all it takes is that credential to have ended up in the list being used by another nefarious actor to attempt attacks on new targets.

These are public lists, and if an attacker is using that list to attack another target, and the attacker's machines are also compromised (if you lie down with dogs, you get up with fleas).... that's it, you are now potentially in that list associated with other services than the originating service. It doesn't mean anything other than you had an account with a previously known password from a breach.

So yeah... it might infer this guy's opsec is terrible, It might indicate he was hacked, but it just as easily---and probably more likely--- might indicate nothing other than he was a victim of a 3rd party breach (like almost all of us who have been around a while will have been) and then someone else using that list was hacked... E.g. a password on a throw-away website/forum 20 years ago that was breached, forever plays forward in future attacks based on those lists. It appears as a new compromise, when it isn't.

From TFA..

"
As Lee notes, the presence of an individualâ(TM)s credentials in such logs isnâ(TM)t automatically an indication that the individual himself was compromised or used a weak password. In many cases, such data is exposed through database compromises that hit the service provider. The steady stream of published credentials for Schutt, however, is a clear indication that the credentials he has used over a decade or more have been publicly known at various points.
"

Submission + - Slashdot Alum Samzenpus's Fractured Veil Hits Kickstarter

CmdrTaco writes: Long time Slashdot readers remember Samzenpus,who posted over 17,000 stories here, sadly crushing my record in the process! What you might NOT know is that he was frequently the Dungeon Master for D&D campaigns played by the original Slashdot crew, and for the last few years he has been applying these skills with fellow Slashdot editorial alum Chris DiBona to a Survival game called Fractured Veil. It's set in a post apocalyptic Hawaii with a huge world based on real map data to explore, as well as careful balance between PVP & PVE. I figured a lot of our old friends would love to help them meet their kickstarter goal and then help us build bases and murder monsters! The game is turning into something pretty great and I'm excited to see it in the wild!

Comment Web Pages Use Same Imaging Model (Score 1) 227

Web pages use SVG to render vector graphics. It uses the exact same imaging model as PDF and is implemented in all modern browsers. The web in general has taken a lot of lessons from Adobe because Warnock and Geshke, in the PostScript Red Book, got so much right about how to build an image model that many GUI developers are still learning today. If you start with a PDF, it should be possible to machine-translate it to SVG and present it as a web page.

PDF exists because it is trivial to generate it from the document renderer meant for printing. Although I have once in a while run into an improperly scaled PDF meant to be printed 8-up, I'm just not

Slashdot Top Deals

The way to make a small fortune in the commodities market is to start with a large fortune.

Working...