Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Still No Word On Infectoin Vector (Score 2) 78

I think the 404 doesn't necessarily mean something is wrong with the WP 404 handler. It could have been generated by the malware itself with <?php header("HTTP/1.1 404 Not Found"); ?> Seeing a 404 in the logs will probably make a lot of victims believe that line was not related to the intrusion.

Comment Re:Absence?! (Score 1) 595

While you should not use NAT in 99,999% of all situations, there are still very good reasons to use NAT anyway.

For instance, hotspots usually redirect traffic to a login page, NAT is great for this. NAT can be used for transparent proxying to a regular squid proxy or a http/mail virusscanner. I've also used it to temporarily redirect traffic to work around server issues.

Therefore any serious operating system should have NAT capabilities.

Comment Re:Keeping track.. (Score 2) 137

You'll need a means of knowing that 10.20.20.x is client x and 10.20.20.y is client y. Of course OpenVPN allows you to do this but maintaining that table by hand could be a bit of a pain.

You mean like the common name of the ssl certificate used to connect in the first place? Combine this with a client-connect script to update dns and/or the ifconfig-pool-persist option and you've got a great solution.

Comment Re:Lol wut (Score 1) 128

And there is a few lines of code to convert the byte array to a mp3 file:
import binascii,re,sys
                s = re.sub('0x','',re.sub('[,\n]','',open(sys.argv[1], 'r').read()))
                print "Usage: "+sys.argv[0]+" trkNdata.h"

I think I found their lost band member:

Comment Re:As soon as the smart car counts as the driver (Score 1) 662

You mean that great thing that requires you to walk through the rain for ten minutes, then is 2 minutes early so you miss it and have to wait 30 minutes for the next one? That wondrous device that requires a driver that goes on strike several times a year, leaving you without options? That doesn't ride when you really need to get to your crashed server at 3am? And that never goes from A to B in straight line but takes 1:06 from my home to my work, while I can drive in 20 minutes myself.

No thanks.

Comment Re:So what ever became of public key escrows? (Score 1) 135

Actually we have solved that problem. It's called S/MIME and getting your keys from a Certificate Authority such as VeriSign.

VeriSign... Under the direct control of the NSA. Or any other CA in the ca-bundle.crt, such as DigiNotar - iranian govt had direct or indirect access to those certificates. Or what about türktrüst, a CA under control of another totalitarian regime.

S/MIME is only secure when the dozens of CAs can be fully trusted. And they've shown they can't.

Comment Re:Why Only 64-bit (Score 1) 172

I'm not so sure about that. The kernel module uploaded to the full discosure list happened to be a amd64 module targetting debian kernel 2.6.32-5. But when it's not php, most malware I've seen was distributed as source code, compiled at the target machine to match the targets specifications.

Slashdot Top Deals

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings