blueos - Slashdot User

Comment Re:Explain it to non-technical users (Score 1) 94

by blueos on Monday October 04, 2021 @06:25PM (#61861355) Attached to: Millions Experience Browser Problems After Long-Anticipated Expiration of 'Let's Encrypt' Certificate

In 2035, ISRG Root X1 will expire... game over for your (old) devices.
Only dreamers think that manufacturers will provide an update before the certificates expires for the computers or other devices bought this year.

Tic tac tic tac tic tac

Broken by design [TM]

Submission + - You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters (bleepingcomputer.com)

Submitted by Anonymous Coward on Saturday July 07, 2018 @05:13PM

An anonymous reader writes: Details and public exploit code have been published online for a severe vulnerability affecting Hewlett Packard Enterprise Integrated Lights-Out 4 (HPE iLO 4) servers. The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware. But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter "A" characters, as below:

curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Because of its simplicity and remote exploitation factor, the vulnerability —tracked as CVE-2017-12542— has received a severity score of 9.8 out of 10. HP silently released patches last year, but details only emerged this spring after researchers started presenting their work at security conferences.

Comment Quote of the year (Score 1) 179

by blueos on Tuesday May 08, 2018 @04:20PM (#56576168) Attached to: Ubuntu Considering an HTML5-Based OS Installer

"a ton of GREAT apps on Ubuntu are Electron apps" -- Mark Shuttleworth For sure, a new installer is the "top priority" issue of Ubuntu OS. https://bugs.launchpad.net/ubu... returns ONLY 137332 open bugs (434 critical)

Comment Re:what cost (Score -1, Flamebait) 363

by pallmall1 on Saturday November 16, 2013 @11:18AM (#45442751) Attached to: Arizona Approves Grid-Connection Fees For Solar Rooftops

Surely they should be penalizing those who don't have solar panels.

BULLSHIT. People have had enough of Obamasitic lies. It is time to shove that global warming HOCKEYSTICK up YOUR ASS. You lying scum expect people to suffer for your LIES.

FUCK YOU!!

Comment Re:Moral dilemma for the IT community (Score 2) 411

by pallmall1 on Sunday October 06, 2013 @10:10AM (#45050595) Attached to: US Intelligence Chief Defends Attempts To Break Tor

I think that you are right about the justifications being a bunch of crap. And here's the dilemma:

... so that we can disrupt their plans and prevent them from bringing harm to innocent Americans.

Just who is deciding who is innocent? They decide who is innocent, and do so without the constitutionally guaranteed protections for the innocent.
I agree with the poster above and oppose the surveillance state.

Am I still innocent now? Was I ever? ...

Comment Re:Down the line... (Score 2) 248

by pallmall1 on Thursday July 25, 2013 @12:55AM (#44377873) Attached to: Court Upholds Ruling On Dish Network's 'Hopper'

Do Comcast and VIACOM know this?

Comment OH NO! Not again! (Score 0, Redundant) 102

by pallmall1 on Wednesday April 24, 2013 @01:20PM (#43538353) Attached to: Modelling Reveals Likely Spread of New H7N9 Avian Flu

The sky is falling! The sky is falling!

Comment Re:Say what? Streisand effect on security perhaps? (Score 1) 100

by pallmall1 on Friday March 29, 2013 @06:41PM (#43315137) Attached to: Security Fix Leads To PostgreSQL Lock Down

Since they use git ... I would say that would be what happened.

That's interesting, because the git.postgresql.org page you linked shows recent work desicribed as "Fix page title for JSON Functions and Operators." Couple that with the fact that the Slashdot summary has a link to a Parity News page that contains a link to the Postgresql announcement, and the Parity News link is loaded with javascript in the url.

I wonder if Parity News is trying to demonstrate the Postgresql flaw?

Comment Re:That's not a good approach (Score 1) 100

by pallmall1 on Friday March 29, 2013 @06:28PM (#43315059) Attached to: Security Fix Leads To PostgreSQL Lock Down

But, but, but, I am a freetard...

No, you are just stupid.

Comment Re:Fuck you gnome, and slashdot (Score 0) 267

by pallmall1 on Thursday March 28, 2013 @10:47PM (#43308909) Attached to: GNOME 3.8 Released Featuring New "Classic" Mode

XFCE sucks on the desktop. No file manager worth a crap, and nobody's ever figured out a menu editor for it. It started as second rate, and still remains so.

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Posted by Unknown Lamer on Thursday March 28, 2013 @05:11PM from the bending-the-rules dept.

Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"

Comment Re:Intractably horrible. (Score 1) 354

by pallmall1 on Wednesday March 06, 2013 @06:47PM (#43098371) Attached to: In Defense of Six Strikes

You are blaming this on Obama?

Oh, heavens no! No! Obama is great, and is NEVER responsible for anything bad! To criticize Obama will soon mean risking a drone strike the criticizer.

Comment Re:Intractably horrible. (Score 1) 354

by pallmall1 on Wednesday March 06, 2013 @02:32PM (#43095469) Attached to: In Defense of Six Strikes

That's just using a DIFFERENT flawed system, not fixing the root cause.

From the point of view of the big media cartels and their Obamasite supporters, Six Strikes is not a bug, it's a *feature*.

Welcome to Obama's vision of the future. Six Strikes is just a glimpse.

Comment Re: Frameworks (Score 1) 89

by pallmall1 on Thursday January 24, 2013 @02:28AM (#42678043) Attached to: The Road To KDE Frameworks 5 and Plasma 2

Oh shit, here we go again with KDE. Well, they can just ...

...K-K-KEEP IT!

Comment Re:Remember Mitnick? (Score 1, Troll) 656

by pallmall1 on Sunday January 13, 2013 @01:53PM (#42575549) Attached to: US Attorney Chided Swartz On Day of Suicide

I rode a bus for free in England once. A conductor came on and I had to buy a ticket.

They did not want to put me in jail for 30+ years.

Slashdot Top Deals