Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment I live and work in silicon valley (Score 1) 36

and see google bubble cars and lexus wagon vehicles from google everyday. i drive between palo alto and santa clara on central everyday and that's where they're testing these things. i'm always tempted to get close to one to see how it reacts. i'm sure the safety measures are dialed up pretty high.

Comment Re:Raspberry Pi & OSMC (Score 1) 226

I second Kodi (used to be called XBMC).

While I did try it on a raspberry pi, I found it was just too slow. Get an old laptop with HDMI out. Wire it up to your file server and you're ready to rock. I've looked at getting a remote, but I opted instead for a backlit wireless keyboard (with a touchpad on it).

Also, if you have those Phillips Hue lights, you can easily get Kodi talking with it; mood lighting with certain kinds of movies is truly amazing.

Comment This isn't new (Score 1) 32

I work for a high-use API site, and I've been seeing these kinds of attacks regularly now for 6 months or more.

Basically, it's a barrage of user/pass attempts coming from hundreds, sometimes thousands of different IP addresses. I wrote custom filters to specifically identify these requests and black-hole them in the nginx proxy. Luckily, we require that 2FA is enabled on all accounts, so nothing seriously at risk,

I urge everyone to use 2FA on all sensitive sites where available. These kinds of attacks are going to become more commonplace.

Comment Re:SMS was never true 2-factor (Score 2) 86

> SMS was never true 2-factor

Sure it is. Two factor is something you know and something you have. Your ATM card is two factor: to use, supply a PIN (what you know) and the card itself (what you have).

SMS (what you have) combined with a password (what you know) is a perfectly valid two factor authentication system.

Comment Here's how it works (Score 1) 65

There are hundreds of millions of username/password combinations, stolen from lots of different websites that have been breached over the years. A person(s) or group(s) with this collection decides to target teamviewer users, especially after learning that teamviewer doesn't require their users to enable 2FA. Of course, 99.99% of all the accounts in the huge list will fail (user doesn't exist, wrong password, etc.). But, it doesn't cost any money to continually bang on teamviewer servers looking for username/password combos that work - this part is automated and being done from thousands of computers all at the same time (essentially a botnet). They take the list of successful user/pass combos and give it to a group of people determined to transfer paypal, buy gift cards, anything that will let them infiltrate money by taking control of that user account.
Who is at fault? Teamviewer doesn't deserve to walk from this completely free of blame. They should have required 2FA for accounts that allow for remote session activity. In addition, they should have noticed huge spikes of bad user/pass combos being tried on their servers.
Unfortunately, the majority of the blame lay with poor security decisions made by users. Any critical account (like remote access or anything related to money) should be protected by a unique strong password and 2FA (when available).
This is just the beginning folks. We're going to see more and more of these types of attacks.

Slashdot Top Deals

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer