Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Set up correct secondary DNS servers (Score 1) 351

Secondary DNS would not have helped here. The issue with DNS is that it's a centralizing service. As the world moves more towards a decentralized, distributed Internet, the first piece that moves in that direction should be DNS.

It could be done right now using a similar blockchain to the one bitcoin uses. In fact, you could also tie in SSL into the platform, to prevent centralizing services like Verasign from being a weak point. The design is already in my head - just need to build it. Anyone have some free time?

Comment DNS blockchain (Score 1) 77

The issue with DNS is that it's a centralizing service. As the world moves more towards a decentralized, distributed Internet, the first piece that moves in that direction should be DNS services.

It could be done right now using a similar blockchain to the one bitcoin uses. In fact, you could also tie in SSL into the platform, to prevent centralizing services like Verasign from being a weak point. The design is already in my head - just need to build it. Anyone have some free time?

Comment how many bitcoins (Score 1) 77

did the attackers ask for to stop the attack?

Here's an actual letter sent to my company when we we're attacked earlier this year. By the way, they didn't breach us in any way, shape or form. They just hit us with traffic. The letter makes it sound like they had more, but nope, they didn't have shit.

Hello Support,

We are a team of highly skilled independent security consultants. One of your competitors hired us to take your site offline for an entire month (which we have the resources to do but don't like the contact and might be able to work together instead) and I must say that we have seen ALOT of miss-configured sites with security issues but it took our DB expert less then 30 minutes to dump your sql database without setting off your IDS system.

We want to disclose some of the flaws we found with you and have already put a significant amount of time in researching, exploiting and then documenting the vulnerabilities we found. Unfortunately, most site owners don't give a shit and would rather wait for more malicious hackers to come along. We are going to stop that from happening.

We are taking your site offline until we here from you. Our initial consultation will cost 1 BTC. That price will go up half a btc for every 12 hours we have to keep your site offline. I want to personally assure you that we have the power to keep your site down for an indefinite amount of time. We are the ones who took down xbox live all week (testing ONE of our new servers). In addition to letting your site up and giving you a report of what we found and how to fix it we will also let you know the ONLY way to stop a DDos attack the size we are capable of launching. We will also add you to a blacklist so no one else fucks with you.

The BTC can be sent to the following address :

I know that you are going to try to mitigate but in the end that is only going to cost you a lot more money. You make enough from betting and advertising alone that just an hour of downtime wont justify the cost. Our team also understands that you will try to mitigate but nothing will stop the attack except my command. Your hosting provider will not be able to help, the authorities wont be able to help you, your firewall is easily bypassed and any ddos service you try to bring in we can bring down (we have done this for a long time). believe it or not we are not the masked assholes stealing credit card numbers. Most of us have families and can't find legitimate jobs in our fields right now and have families to feed.

Regards,

GETDD0sed

Comment I live and work in silicon valley (Score 1) 36

and see google bubble cars and lexus wagon vehicles from google everyday. i drive between palo alto and santa clara on central everyday and that's where they're testing these things. i'm always tempted to get close to one to see how it reacts. i'm sure the safety measures are dialed up pretty high.

Comment Re:Raspberry Pi & OSMC (Score 1) 226

I second Kodi (used to be called XBMC).

While I did try it on a raspberry pi, I found it was just too slow. Get an old laptop with HDMI out. Wire it up to your file server and you're ready to rock. I've looked at getting a remote, but I opted instead for a backlit wireless keyboard (with a touchpad on it).
https://www.amazon.com/gp/prod...

Also, if you have those Phillips Hue lights, you can easily get Kodi talking with it; mood lighting with certain kinds of movies is truly amazing.

Comment This isn't new (Score 1) 32

I work for a high-use API site, and I've been seeing these kinds of attacks regularly now for 6 months or more.

Basically, it's a barrage of user/pass attempts coming from hundreds, sometimes thousands of different IP addresses. I wrote custom filters to specifically identify these requests and black-hole them in the nginx proxy. Luckily, we require that 2FA is enabled on all accounts, so nothing seriously at risk,

I urge everyone to use 2FA on all sensitive sites where available. These kinds of attacks are going to become more commonplace.

Slashdot Top Deals

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.

Working...