Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Link to files and simple summary (Score 1) 272

And here's the original message provided by The Shadow Brokers
The original URL hosting the file was taken down but it was mirrored here:
Shadow Broker Message

The text is below in case that mirror stops working too.

bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8
i2p-bote = [removed to satisfy slashdot form validator]

Equation Group Cyber Weapons Auction - Invitation

!!! Attention government sponsors of cyber warfare and those who profit from it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

Picture Urls
- ------------

File Urls
- ----------

Free Files (Proof)
- ------------------
sha256sum = [removed to satisfy slashdot form validator]
gpg --decrypt --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg
Password = theequationgroup

Auction Files
- -------------
sha256sum = [removed to satisfy slashdot form validator]
Password = ????

Auction Instructions
- --------------------
We auction best files to highest bidder. Auction files better than stuxnet. Auction files better than free files we already give you. The party which sends most bitcoins to address: before bidding stops is winner, we tell how to decrypt. Very important!!! When you send bitcoin you add additional output to transaction. You add OP_Return output. In Op_Return output you put your (bidder) contact info. We suggest use bitmessage or I2P-bote email address. No other information will be disclosed by us publicly. Do not believe unsigned messages. We will contact winner with decryption instructions. Winner can do with files as they please, we not release files to public.

- ---
Q: Why I want auction files, why send bitcoin? A: If you like free files (proof), you send bitcoin. If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin.

Q: What is in auction files? A: Is secret. Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins.

Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win! But maybe not total loss. Instead to losers we give consolation prize. If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone.

Q: When does auction end? A: Unknown. When we feel is time to end. Keep bidding until we announce winner.

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.

Closing Remarks

!!! Attention Wealthy Elites !!!

We have final message for "Wealthy Elites". We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?" Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8
i2p-bote = [removed to satisfy slashdot form validator]

Comment Link to files and simple summary (Score 1) 272

The Shadow Brokers github repo was taken down but not before it was mirrored :)


Everything (that was made available in the sample tarball) is inside the Firewall folder.
Most of the human readable stuff is in Firewall/OPS and Firewall/SCRIPTS.

From the very little scanning I did, it seems most of the stuff is meant to attack Cisco PIX and Cisco ASA firewalls/routers.

There are quite a few scripts for preparing/setting up an ops terminal from which an antagonist can launch attacks.

One of the attack techniques involves instructing a pix/asa to fetch an implant over http (or ftp) from a web server running on an ops terminal.
So some of scripts install an http server (apache or tiny httpd) on the ops terminal.
The antagonist supplies the implant (the software bug) on the ops terminal.
Then they use vulnerabilities in the pix to instruct it to fetch the implant, upgrade the target's OS or load a module into the running system and then that gives them full access.

The binaries and implants are provided in the repo as well.

Comment Good for them (Score 4, Insightful) 336

I am a software engineer and it's never made sense to me why people would be willing to put up with these types of conditions. Sure it's fun and way cooler that most other programming jobs but I wouldn't want to give up weekends and put up with asshole managers which inevitably make the job NOT fun.

The employers like EA, Trion, and countless more are exploiting the people's willingness to get treated like slaves in exchange for working in the gaming industry. Engineers need to stop undermining each other by taking these shitty positions and it sounds like this might finally be starting to happen. And they shouldn't fear that the video game industry will go away because it won't. Execs will simply need to reset their profit expectations in light of paying the engineers more.

Comment apples and oranges (Score 5, Interesting) 73

We are heavy users of MySQL (Percona) and MongoDB at my work. Recently I have been researching DynamoDB because of a specific use-case. A side project I run uses Google App Engine with Datastore (aka bigtable) for persistence.

Comparing DynamoDB with MongoDB is like comparing apples and oranges. The only thing the two share in common really is the fact that neither supports SQL (and for that reason are called NoSQL databases). Their intended purpose is completely different which is why I found it strange that the author of the original Slashdot story would pit them against each other the way he did.

If DynamoDB is to be compared against another datastore, the most similar alternative would probably be Google App Engine's Datastore/big table.

Similarities between DynamoDB and GAE Datastore
  • both use "schema-less" table structures for storing items (i.e. two items in a single table can have different columns)
  • both support relatively simple primary keys (GAE only allows a single column PK, Dynamo allows a pseudo-two-column PK)
  • both encourage only efficient queries (GAE forces it, Dynamo allows full table scans but they are highly discouraged)
  • both support list properties (a column with multiple string values for example)
  • both are hosted "in the cloud" and scale horizontally almost infinitely
  • both are billed based on reads/writes + total stored data (Dynamo has an extra dimension to cost which is throughput)
  • both have very limited support for referential integrity between items (GAE supports "embedded" entities and recently added basic relationships but nothing like many to many)
  • GAE supports transactions across entities within the same group (i.e. on the same server) and recently added support for XA transactions (tx's across entities in different groups/on different servers). Dynamo does not have transactions but it supports some atomic operations on an individual item like compare and get.

Differences between DynamoDB and GAE Datastore
One major difference between GAE Datastore and DynamoDB is that GAE supports single and multi property indexes while Dynamo does not support indexes at all aside from a table's primary key. GAE datastore supports efficient queries that use the indexes (if you try to run a query that does not use an index it will fail) along with some basic predicates like equality, inequality, greater than and less than expressions, etc. In DynamoDB, if you want an index, you have to build it yourself in a supplementary table.

GAE Datastore Self-Merge Joins
GAE datastore also supports what they call "self-merge joins" which are super powerful. I don't know if any other schema-less datastore has this.

DynamoDB Purpose
The main reason one would use DynamoDB is when they need scalable throughput; in other words, when your needs for write and/or read speeds fluctuate drastically and when you know you will occasionally spike to extremely high throughput requirements. For times when you expect to have huge throughput for writing, you can pay to scale for that small period of time and then you can reduce your costs by throttling down to a more sane limit. You can run MapReduce jobs over DynamoDB tables using Amazon Elastic Map Reduce. And you can also copy a DynamoDB table into an Amazon Redshift "warehouse"; once the data is copied into Redshift you can run efficient SQL queries over it and Redshift can efficiently do that over petabytes worth of data.

MongoDB, on the other hand, is a "schema-less," document oriented database that is good for organizing clumps of information as a single "item" in the datastore. So for example, you can have a single book document which contains nested information about its authors, keywords, reader reviews, and statistics about word usage in the book....all in a single mondodb "record." This is essentially impossible in DynamoDB (unless you do what the previous article's author did by storing an object graph as JSON within a single column but this is kind of misuse). Mongo also provides indexes on properties in those documents (even nested properties) similar to traditional RDMS indexes on table columns. It has very good support for clustering and it's very easy to setup. MongoDB is very fast therefore it is good for applications that intend to be very write-intensive. I believe this is one of the main reasons that people compare it to Dynamo. However, it is easier to scale Dynamo since you don't need to standup any additional servers yourself. MongoDB does not support transactions; operations on a single document are atomic but the database does not provide any native mechanisms for performing an atomic modification to two or more documents (you would basically have to implement 2 phase commit yourself). MongoDB has a powerful query language based on javascript/json but personally, I find it extremely painful to use compared to SQL.

For the TLDR-crowd:

  • GAE datastore is a great mix of schema-less design, denormalized datasets + self-merge-join + some RDBMS functionality like indexes and SQL style queries with predicates
  • DynamoDB is for systems that need the ability to scale reading/writing throughput to very high levels, on demand. It is pretty low-level in terms of features and datatypes and creating indexes are up to the user. Great integration with other AWS tools.
  • MongoDB is great way for easily storing and retrieving object graphs (represented as JSON) with great read/write performance and some RDBMS functionality like indexes and queries with predicates

I am not familiar with CouchDB but I think it would belong in the MongoDB family.

Comment Re:Or the reverse (Score 1) 899

I agree that the TSA is worthless. And it was created by a Republican who supposedly believed in smaller government.
But owning more guns isn't going to make the TSA going away.

It sounds like you want to justify guns for fear of our government turning into North Korea.
Sorry, but I think voting is a better deterrent for that than guns.
Most other civilized countries in the world do not allow regular people to own guns and they are not turning into totalitarian regimes. It would never happen in America. If you think it can, you've watched too many movies. And even if it did, then pistols and rifles in the hands of a bunch of untrained gun fanatics aren't going to prevent it. Our freedom is not sustained by guns, it is sustained by other values.

Video games and movies don't make people violent. Getting bullied at school, broken families, poverty, lack of family values, and mental disorders cause people to be violent.

Your theory that people will kill even if they don't have "advanced weaponry" is pretty ridiculous.
If you have an AR15 , and I have a knife, which of us has a higher chance of taking out 20 people in a movie theatre?

Honestly, who cares if there are other ways to kill people. Sure I can drive over a person crossing the street. I can put poison in their food. I can strangle them from behind. The objective is to reduce deaths caused by bullets ripping through a person's flesh and bones. If you reduce the number of deaths by one by banning guns, then you have improved society.

Comment Re:Or the reverse (Score 1) 899

Your "solution" does nothing to prevent another newtown. A passive approach where you punish someone after breaking the law only makes sense for non violent crimes. Violence, and most especially gun violence, needs to be preempted and prevented.

There are two ways of doing this.
1. Identify people who are violent or potentially violent
2. Reduce the chances that a violent person will successfully kill others if he/she fails to be identified by 1.

Obviously 1 is much harder than 2. Getting rid of guns is the easiest solution to 2.

Comment Re:please think of the children (Score 1) 899

well if you are going to get technical about it.... the bullet ripping through the victims flesh, bone and organs followed by the ensuing loss of blood kills them.
the idea that the assailant may simply try a different weapon if he doesn't have access to a gun doesn't really hold much water. a gun leaves a victim with essentially no possibility to resist death. if the attacker were using a hammer or knife or banana, the victim would have a much better chance of survival.
in short, yes, guns kill people. the fact that you fail to accept this does not mean it's not true.

Submission + - New York Pistol Permit Owner List Leaked (pastebin.com)

An anonymous reader writes: On Friday, The Journal News caved under pressure of gun advocates and shutdown the interactive maps which contained the names and addresses of licensed gun owners in upstate New York. The maps are still visible on the site however they are simply static images. The Journal News published the interactive maps on December 23 which caused significant backlash.

In a similar move, Gawker published the names of licensed gun owners in New York City without addresses.

New York state Senator Greg Ball (republican) called the removal of the data a "huge win."

On Saturday, an anonymous user leaked the raw data used to build The Journal News maps.

Comment Re:Gun control != taking guns away (Score 1) 2987

<quote>A toddler died because his mother was an idiot and let him stand on a ledge at a zoo. Where is your outrage over those deaths?</quote>
Your arguments would make more sense if a parent's decision to lock their baby in the car resulted in the death of 27 people.

<quote>Why don't we try to help the nutters before they kill our children?</quote>
Because in practice it is is much harder to control a person's will, mental state and 20-year upbringing than it is to control the guns and ammunition that he has access to.

<quote>Since alcohol doesn't benefit society, should we bring back prohibition for the safety of the children?</quote>
No, a gun with a 9 bullet clip has the potential to cause much more damage than a drunk driver.

If gun fanatics are so intent on having guns, then we should simply restrict ammunition sales and only permit gun clips that hold 1 bullet.

Comment My experience w/ Invision Power, Jive & vBulle (Score 1) 259

I use Invision Power for my website: http://www.styleguise.net and it works very well. My website is comprised of two components: a marketplace that I wrote from scratch using GWT + App Engine and a forum component which use the commercial off the shelf Invision Power suite. I have single sign on between my two applications as well.

IPBoard (the forum application from Invision power) is highly customizable. You can write a login module for it to integrate with any identity management system. It is written in PHP so you will need to develop your extensions in PHP also.
They also offers a traditional content management system called IPContent. It works pretty well once you figure out how things are laid out. The index/splash page for my site is simply a page served by the IPContent component.

I am a member on several forums that use vbulletin. One of them recently migrated to Huddler which I do not recommend at all. The other is still using a very old version of vbulletin. The their migrated to Invision Power. Invision Power seems to release more often and have better features than vbulletin.

Another option to choose if you have more money to spend is Jive. My company uses it for our customer facing forum system and also internally for content management.

If you have additional questions feel free to ask.

Comment Square peg....round hole (Score 5, Insightful) 122

The article states that a young man posted a photo on Facebook which offended several people.
Several of those offended people decided to protest peacefully in front of a police station demanding his arrest.
Other people decided to protest violently by burning cars, smashing in window stores and just generally acting like idiots.
Instituting a nationwide internet censorship policy won't address the problem: impulsive, destructive people whose first course of action is violence.

Comment what else do you expect..... (Score 1) 267

when the government system that is in place to protect the people fails, the only recourse left is to revolt. this is simply a "digital revolt" which is different from what people are normally accustomed to. traditional "physical protest" (i.e. forming a chain of people in front of the entrance to a store, marching down a road etc) almost always disrupts standard business practices or day-to-day activities. It sounds like you expect a protest/revolt to not inconvenience anyone.

additionally, the organizations that pulled support from wikileaks were the first to demonstrate lack of due process. they referenced SLA agreements about "wikileaks using their services for illegal activities" long before illegality had even been proven.

regardless, the mob's activities pale in comparison to the civil liberties that are currently being trampled upon by the government. in that respect, they may be somewhat justifiable.

Slashdot Top Deals

Frankly, Scarlett, I don't have a fix. -- Rhett Buggler