Follow Slashdot stories on Twitter


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Raspberry Pi & OSMC (Score 1) 226

I second Kodi (used to be called XBMC).

While I did try it on a raspberry pi, I found it was just too slow. Get an old laptop with HDMI out. Wire it up to your file server and you're ready to rock. I've looked at getting a remote, but I opted instead for a backlit wireless keyboard (with a touchpad on it).

Also, if you have those Phillips Hue lights, you can easily get Kodi talking with it; mood lighting with certain kinds of movies is truly amazing.

Comment This isn't new (Score 1) 32

I work for a high-use API site, and I've been seeing these kinds of attacks regularly now for 6 months or more.

Basically, it's a barrage of user/pass attempts coming from hundreds, sometimes thousands of different IP addresses. I wrote custom filters to specifically identify these requests and black-hole them in the nginx proxy. Luckily, we require that 2FA is enabled on all accounts, so nothing seriously at risk,

I urge everyone to use 2FA on all sensitive sites where available. These kinds of attacks are going to become more commonplace.

Comment Re:SMS was never true 2-factor (Score 2) 86

> SMS was never true 2-factor

Sure it is. Two factor is something you know and something you have. Your ATM card is two factor: to use, supply a PIN (what you know) and the card itself (what you have).

SMS (what you have) combined with a password (what you know) is a perfectly valid two factor authentication system.

Comment Here's how it works (Score 1) 65

There are hundreds of millions of username/password combinations, stolen from lots of different websites that have been breached over the years. A person(s) or group(s) with this collection decides to target teamviewer users, especially after learning that teamviewer doesn't require their users to enable 2FA. Of course, 99.99% of all the accounts in the huge list will fail (user doesn't exist, wrong password, etc.). But, it doesn't cost any money to continually bang on teamviewer servers looking for username/password combos that work - this part is automated and being done from thousands of computers all at the same time (essentially a botnet). They take the list of successful user/pass combos and give it to a group of people determined to transfer paypal, buy gift cards, anything that will let them infiltrate money by taking control of that user account.
Who is at fault? Teamviewer doesn't deserve to walk from this completely free of blame. They should have required 2FA for accounts that allow for remote session activity. In addition, they should have noticed huge spikes of bad user/pass combos being tried on their servers.
Unfortunately, the majority of the blame lay with poor security decisions made by users. Any critical account (like remote access or anything related to money) should be protected by a unique strong password and 2FA (when available).
This is just the beginning folks. We're going to see more and more of these types of attacks.

Comment CW, the Dark Triad (Score 2) 133

We can all brain storm and dream up cool tech, but it's the folks that actually create it that should be credited. It's clear that CW had nothing to do with the development of the initial release, but it's likely that he knew the folks that did.
If he had come out publicly with an honest statement to that effect, he would have been received much differently. Instead, he chose to be dishonest and misleading, and there is no forgiveness for that.

If CW could cryptographically prove himself, then he wouldn't be attacked and/or chased away. I mean, without proof, what did he expect was going to happen?

Slashdot Top Deals

Kiss your keyboard goodbye!