Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Pivot honeypot more likely (Score 1) 133

It would be easier to get the tools off of a honeypot that was set up to entice the use of the tools rather than to get them by hacking the Equation Group. If you want the Equation Group's tools all you have to do is convince them that they have found a chink in the armor of a high value target. Let them own a computer (referred to as the pivot in the hacking world) that seems to have access to further hardened targets. The tools will start appearing. A Potemkin honeypot.

Comment We use small fraction of solar flux (Score 1) 323

The sun shines a continuous 175x10^15 watts on the planet, by this number we are undershooting by a few orders of magnitude. If 7.125x10^9 people each used a continuous 24.5 megawatts we could manage to eventually consume all the earths energy resources for people and nothing but people.

Comment Easy-In Easy-Out (Score 1) 128

The Easy-Out is to go straight to your credit card company and assert that the charge was unauthorized. This puts the vendor using the dark pattern on the defensive. If your bank is a major bank and the vendor has too many unauthorized charge reports they could face loosing charge processing privileges that would impact their bottom line and motivate them to change their ways. Don't fall for the Difficult-Out trap, use the 900 pound gorilla in your corner. My credit card companies have always been very responsive to these complaints and I have always eventually (e.g. 120 days) been notified that my account has been credited with very little effort on my part and the process being driven by the credit card company.

Comment Re:Sign 'I don't agree' on all HR paperwork (Score 1) 223

Yep, HR doesn't tend to have the brightest or hardest working. My prior job required signing a non-compete. I told them I wanted to discuss the wording with my attorney and would get back to them ... which I didn't. They didn't ask about it until they laid me off 13 years later. At which point they asked me to sign a non-compete and again I told them I would get back to them. Once my severance check arrived I didn't worry about it. I called my bank and informed them that they were no longer my employer just to make sure there couldn't be an easy reach back.

Comment Re:In other news the sun is hot. (Score 1) 193

I'm not sure how they accomplish this, but I know there are hackers in Europe who have figured out how to determine CVVs of US credit cards. I suspect some sort of brute force against an improperly configured local cache somewhere in the validation system. The credit card processing systems we have were created before the internet and contain architectural elements and complexity that would be unnecessary if designed from scratch today.

Comment Effectively requires root (Score 1) 157

In order to obtain the laboratory effect of single threaded decryption of 4,096 approximately 1Mbit files in sequence you would have to be root and generally have all "messy" asynchronous processing such as interrupts from the network card disabled. This is a lab-only non-realistic attack. If you had that much control over the CPU you might as well just read the key out of the registers as it is used.

Comment Re:Roll back? (Score 1) 46

I'm sure it was quickly used to purchase pre-positioned shell companies which lived only long enough to perform further transactions. If the world's banks all operated on a nice block-chain then one could follow the trail. But in order to follow the trail of nested shell companies one would have to be able to track the activities of every crooked attorney at every courthouse in the world. My solution is banks should only interact with whitelisted entities rather than relying on national and various other blacklists. Before the internet era, this would have been very difficult. But today, it would not be that hard to maintain a whitelist. Some banks might chose to do business with unverifiable companies, but then they should also be the ones who are out of pocket when a large transaction involving one of their dubious clients needs to be reversed.

Slashdot Top Deals

If in any problem you find yourself doing an immense amount of work, the answer can be obtained by simple inspection.