blizz017 - Slashdot User

Comment Re:Tricky. (Score 1) 356

by blizz017 on Saturday February 18, 2012 @09:25PM (#39089591) Attached to: UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense

On the one hand, Mangham definitely didn't have prior authorization. His actions were illegal, regardless of his intentions.

On the other hand, Facebook's long-term security has been dramatically weakened. Now, anybody who finds a vuln in Facebook isn't going to report it for fear of doing jail time.

Sounds like a fuck-up for everyone involved.

Or you know you follow Facebook's procedure for their bug-bounty program: https://www.facebook.com/whitehat/bounty/ Paying special attention to the following section:

Exclusions The following bugs aren't eligible for a bounty (and we don't recommend testing for these): Security bugs in third-party applications (e.g., http://apps.facebook.com/%5Bapp_name%5D) Security bugs in third-party websites that integrate with Facebook Security bugs in Facebook's corporate infrastructure Denial of Service Vulnerabilities Spam or Social Engineering techniques

If you want to test any of those, you do what practically any book on "ethical hacking" ever states and you get prior authorization.

Comment Re:Military vs. Civilian Justice (Score 5, Informative) 172

by blizz017 on Tuesday December 20, 2011 @09:27AM (#38433346) Attached to: Tech Forensics Take Center Stage in Manning Pre-Trial

1. He's not at trial yet; this is an Article 32 hearing.. basically a grand jury hearing/pre-trial. 2. At Trial, he would have a jury of his peers; far more so than you'd find in a civilian courtroom. He's and enlisted soldier, so if his defense team opted, they can have a jury full of enlisted soldiers. 3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

Comment Re:Seriously? (Score 1) 309

by blizz017 on Wednesday October 19, 2011 @10:40AM (#37762252) Attached to: Android Ice Cream Sandwich SDK Released

which really only works if the only thing the person did was unlock the phone.. if the phone was actually used, you'd have indistinguishable smear marks all over the screen.

Comment Re:Service Guarantees Citizenship (Score 1) 231

by blizz017 on Friday October 14, 2011 @08:03PM (#37720316) Attached to: Security Researcher Threatened With Vulnerability Repair Bill

So if I disclose all your bank password, would that make me immune ? I agree in part, but it is a problem. If as a delivery dude, I find your key under the front door mat, can I make a 1000 copies and drop them off all over the city with your address to teach you to be safer ? I am genuinely asking, I don't have the answer. If I simply return your key, and you keep putting it under the mat, then what do I do.

That's not what he meant; If you disclose the vulnerability that exposes his passwords, you're immune. If you exploit the vulnerability and disclose the passwords than you're not immune from the action of disclosing data improperly. You don't have to disclose the passwords to prove the vulnerability. In your little example, the vulnerability would be the key under the front door mat. The exploit would be using that key and/or making copies of the key. Proper disclosure would dictate that you notify him that his key is under the front door mat and give him time to respond and remedy the situation after a period of time (say 30 days) if he ignores the vulnerability or the vulnerability is remedied, than disclose the vulnerability. Improper disclosure would be letting the public at large know the day you found the key; you don't need to make copies of the key to prove or disclose the vulnerability.. it adds nothing and just makes you a dick. In the reality of this case; the guy didn't disclose any customer data to the public at large (at least from what I gather), and he stated that he will delete any data resulting from the breach and would even allow the company to verify as such. Following the whole "Disclosure Guarantees Immunity" philosophy this guy should be in the clear. Data access is going to occur at times in vulnerability research, what you do with that data is what should determine whether you get immunity or not.

Comment Re:Long term, it is a good thing... (Score 2) 135

by blizz017 on Monday August 22, 2011 @12:40PM (#37168524) Attached to: Motorola's Identity Crisis

Last thing I read on it was from April in this article: http://www.businessinsider.com/next-xbox-may-be-profitable-on-day-one-2011-4 Seems like the business segment containing Xbox is down 5.5 billion over its lifetime, but has been turning a profit for each of the last 11 quarters.. they may be down overall, but they're going to break even here pretty quickly; even more so if they decide not to go the hardware loss route with the next xbox.

Comment Re:Simple solution (Score 1) 104

by blizz017 on Friday July 29, 2011 @02:45PM (#36925196) Attached to: GAO Report: DoD Incompetent At Cybersecurity

As already stated.. this is precisely how it works now. You've practically described it to a T. In fact, we further segregate networks based on the level of classified information they carry; all of which are airgapped.

Comment Re:Why? (Score 1) 572

by blizz017 on Wednesday July 27, 2011 @01:27PM (#36898304) Attached to: Space Station To Be Deorbited After 2020

The Space Station is in a Low Earth Orbit (LEO) and will fall to the Earth without its regular altitude boosts

The ISS is in LEO because NASA was INCAPABLE of building a space shuttle that could achieve higher orbit! Because it had to have WINGS so it could land with secret military payloads at designated airfields in the continental USA.

So the AMERICANS crippled the INTERNATIONAL Space Station. It should have been in higher orbit to start with then it would last longer, but NO the Americans had to have it their way. Hopefuly the Chinese won't make the same dumb mistakes.

Nobody said the other partners had to take NASA's money... they were free to build a space station on their own. Don't bitch when the biggest financial and technical partner mandates its way; especially when the next closest partner barely surpassed 1/10th of the AMERICAN cost on the project.

Comment Re:Why? (Score 1) 572

by blizz017 on Wednesday July 27, 2011 @01:21PM (#36898174) Attached to: Space Station To Be Deorbited After 2020

Interesting that this is not a NASA announcement...

Despite the fact that most American news media refer to it as 'The NASA Space Station" It is, in fact, not exclusively a NASA space station. Its correct title is "ISS" which stands for "International Space Station".

NASA is just one partner of many on this project.

What american news media refer to it as 'The NASA Space Station'? I'm curiously interested, as I have never seen it referred as such.

Comment Re:WikiLeaks 2014 - DOD Spied on employees (Score 1) 210

by blizz017 on Friday July 22, 2011 @01:10PM (#36847990) Attached to: A Linux Distro From the US Department of Defense

And it wouldn't be news at all... given that LPSL its primarily meant to access DoD systems not for general browsing/playing around (In fact the primary point of it is for accessing webmail which requires CAC authentication, and configuring CAC authentication on home systems has generally been a PITA for IT Support), and given nearly every DoD system has the following disclaimer:

THIS IS A DEPARTMENT OF DEFENSE COMPUTER SYSTEM. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized U.S. Government use. DoD computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of the system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this DoD computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes.

I think it's fairly safe to say that people already know their stuff is being monitored...

Comment Re:NATO Hacking (Score 1) 304

by blizz017 on Thursday July 21, 2011 @11:55AM (#36835354) Attached to: Anonymous Hack One Gigabyte of Data From NATO

They are for the most part (Packet switching over shared lines for certain networks being the obvious case of non-isolation physically). Hitting internet connected servers nets you some unclass/fouo maybe confidential level stuff. If you're lucky and hit the right place at the right time, you might get some info that was accidentally uploaded that's classified higher and hasn't yet been cleansed. Keep in mind we have whole groups of people dedicated solely to finding classified info uploaded to NIPR/Public Internet facing systems and to investigate the cause and clean the affected systems. This is why I always take the 'We've hacked NATO's public facing servers and netted some juicy info!!!' type stories with a very big grain of salt. Remember none of the Bradley Manning/Wiki-leaks stuff came from a internet connected network.

Comment Re:Exchange connectivity? (Score 1) 283

by blizz017 on Thursday July 07, 2011 @11:25AM (#36683452) Attached to: Thunderbird Unseats Evolution In Ubuntu 11.10

Unfortunately some of us are still stuck with Exchange 2003, so we're still SOL for the most part.

Comment Re:The Real Real problem (Score 1) 1306

by blizz017 on Friday March 25, 2011 @03:56PM (#35615814) Attached to: US Contemplating 'Vehicle Miles Traveled' Tax

What gives you the impression that Energy Efficient Vehicles are lighter than Gas Guzzlers? A Chevy Volt is 3781 lbs A Nissan Leaf is 3354 lbs A Ford Mustang is 3655 lbs A Chevy Corvette is 3350 lbs Granted you'll have differences between different variations of the same model; but just use those as generalized examples. Now if you're comparing a Leaf to a Suburban that's a whole other ballgame and is like comparing apples to oranges.

Comment Re:Nokia had the same problem (Score 1) 181

by blizz017 on Thursday March 10, 2011 @02:14PM (#35445176) Attached to: Has GNOME Rejected Canonical Help? Shuttleworth Responds

Except for that whole period of time from the mid/late 80's to late 90's where Apple was on the verge of being bought about by Sun for $5 a share and doing absolutely nothing to make a mark on the consumer market in any fashion.

Comment Re:The shuttle doesn't (currently) black out (Score 1) 88

by blizz017 on Friday January 07, 2011 @02:26PM (#34794078) Attached to: Hypersonic Radio Black-Out Problem Solved

And this article wasn't talking about the space shuttle. In fact the word "shuttle" doesn't exist in either the summary or the article.

Really? Damn.. i guess I just imagined reading this line:

Ordinarily, this plasma absorbs and reflects radio waves at communications frequencies, leading to a few tense minutes during the re-entry of manned vehicles such as the shuttle.

Comment Re:Epic Fail? Hardly. (Score 1) 534

by blizz017 on Thursday December 30, 2010 @11:20AM (#34710836) Attached to: Playstation 3 Code Signing Cracked For Good

I'm surprised you actually expect such an announcement to come from them. Why in the hell would they ever open themselves to a potential lawsuit by announcing it publicly. That's not to say it hasn't been done, particularly since depending on what the PS3 cluster is being used for, the NSA and/or DISA has almost assuredly broken the PS3 down to find out its flaws security wise.

Slashdot Top Deals