Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Mirai and Bashlight Join Forces Against DNS Provider Dyn ( 56

A second wave of attacks has hit dynamic domain name service provider Dyn, affecting a larger number of providers. As researchers and government officials race to figure out what is causing the outages, new details are emerging. Dan Drew, chief security officer at Level 3 Communications, says the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack." Ars Technica reports: The botnet, made up of devices like home WiFi routers and internet protocol video cameras, is sending massive numbers of requests to Dyn's DNS service. Those requests look legitimate, so it's difficult for Dyn's systems to screen them out from normal domain name lookup requests. Earlier this month, the code for the Mirai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Mirai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Mirai and Bashlight have recently been responsible for attacks of massive scale, including the attacks on Krebs, which at one point reached a traffic volume of 620 gigabits per second. Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare, said that the attack being used against Dyn is an increasingly common one. The attacks append random strings of text to the front of domain names, making them appear like new, legitimate requests for the addresses of systems with a domain. Caching the results to speed up responses is impossible. Prince told Ars: "They're tough attacks to stop because they often get channeled through recursive providers. They're not cacheable because of the random prefix. We started seeing random prefix attacks like these three years ago, and they remain a very common attack. If IoT devices are being used, that would explain the size and scale [and how the attack] would affect: someone the size of Dyn."

Comment Re:Two simple suggestions. (Score 1) 1839

Personally I read at -1, Raw and Uncut because I'm a masochist and often find some funny stuff down in the gutter.

I usually read at +3 or +4, but I give extra +5 score to flamebaits. I started doing it years ago after reading about the idea from somebody else. Those posts are funny/interesting often enough that I haven't reverted it.

Comment Re:Malware (Score 1) 181

Maybe then we'll get proper application whitelisting / sandboxing by default in a desktop OS. And, hell, why do applications get the run of every file I use under my account? Should they not have to request such things first? Even on Unix-likes, if you get on as my user, you can trash all my data - why?

The answer is functionality. Let's consider the example of Android, an OS with a fairly recent security model, built on top of Linux which provides for chroot. Why not put apps into their own chroot jail by default? Seems like a good idea, right? How do you explain to Grandma why she can't upload photos from her camera's image gallery to Facebook? Oh, you'll solve that problem by putting the photos in a public directory? Okay, that eliminates the functionality concern, but now you're right back where you started with exposure to ransomware....

Not necessarily. This can be solved by having a standard privileged file open/save dialog that grants the access automatically to apps based on user input. Of course that limits the UI designs in some ways.. I wrote some ideas 11 years ago how something like this could be done. Partially obsolete nowadays though but still could be doable (except for the web browser parts - web security seems to be a lost cause already). Perhaps once these kind of worse malwares start happening people would finally implement a more secure desktop. There's no reason why I shouldn't be able to easily run whatever program I want without it breaking my computer.

Submission + - Slashdot beta sucks 9

An anonymous reader writes: Maybe some of the slashdot team should start listening to its users, most of which hate the new user interface. Thanks for ruining something that wasn't broken.

Comment Re:Is kernel still 64bit? (Score 1) 262

The kernel needs to be an amd64 one for x32 to work, at least as things stand now. The most common situation would _probably_ be an amd64 system with some specialist x32 software doing performance intensive stuff. (Or possibly a hobbyist system running an all-x32 userspace for the hack value.)

Yeah, working with big data is unlikely to benefit, and data _is_ generally getting bigger.

Comment Re:Wont use Linux without it! (Score 2) 262

I could get into specifics but I shan't, because what you're blathering about has zero relevance for x32. It's not a replacement-to-be for the usual amd64 ABI, nobody is going to break amd64 to make x32 run. It's mostly a specialist tool for specific workloads (aside from being a hacker's playground, as are many things). Whether thinking it's useful as such is misguided or not, you're more so.

Comment Re:Nice concept (Score 1) 262

You misunderstand the desired impact. "Loads a little faster" doesn't really enter into it. It's rather that system memory is _slow_, and you have to cram a lot of stuff into CPU cache for things to work quickly. That's were the smaller pointers help, with some workloads. Especially if you're doing a lot of pointery data structure heavy computing where you often compile your own stuff to run anyway.

Still not saying it's necessarily worth the maintenance hassle, but let's understand the issues first.

Comment Two clouds with replication! (Score 1) 150

Sorry for advertising my own product, but pretty much on topic here. :) Buy two (cheap) servers from completely different networks / data center providers, and keep them replicated with You can set up MX records to both of them, and use DNS to switch between the replicas for IMAP/POP3 as needed. Either one of the data centers can die and your mail won't stop working. Or keep one of the replicas in local network and your mail keeps working even if your internet connection dies.

(Then you'll only need to hope that there are no software bugs bringing down everything.)

Comment Re:Collateralized vs Non-Collateralized Loans (Score 1) 461

Dunno how it works in Germany, but I think the people should be able to decide for themselves what kind of education they want, whenever they want (+- a few years). And maybe more importantly: If you decide wrong at some point, you should be able to switch if you're good enough. I think the way it works in Finland is good enough. I dropped out of high school (wanted to code all nights), finished it 7 years later when I had more motivation, had no problem getting into university trying out something new interesting I re-learned at high school (biotech!), then deciding it wasn't really worth the trouble and switching back to computer science and getting a BSc out of it. The high school and college stories I hear from the US are pretty depressing usually.

Comment Re:If you HAVE to have a Retina/Pixel display... (Score 1) 392

My laptop comparisons nowadays:

Apple laptop:

Non-Apple laptop:

Until some laptop has MagSafe or similar I won't even consider it. I remember too well when I used to trip over the power cords and drag my laptop on the floor. Or break the power plug because it got twisted when moving the laptop in a bad direction. Or stepping on the power plug and breaking it. (Yeah, I don't treat my laptops all that well.)

Comment Kopimism doesn't erase infringement (Score 5, Interesting) 82

It has been pointed out that due to the Pirate Bay page being under Kopimism, there is no infringement. This turns out not to be quite true.

Ville Oksanen, cofounder of EFFI (the Finnish version of EFF) and a lawyer specializing in technology and media law, comments as follows: "In Finland you cannot give up your moral rights and Matti Nikki's parody-judgement was based specifically on violaiton of moral rights. I think that TPB just issues a sarcastic reaction but technically TTVK ry is indeed likely to break law here."

Moral rights can come into play when material is used in opposition to the moral standards of the original authors. Parody is not at all protected under the strict reading of the law, though in practice there is some (yet weak) protection under a supreme court ruling.

So yeah, there is every reason, even with a recent similar case with a guilty verdict, to think that the Finnish version of copyright law was indeed broken by the good antipiracy folks. At the very least they're operating on extremely gray area, which is not very flattering for their ilk either.

Ville's Google Plus post:

Comment Fradulent phising (Score 1) 82

Given kopimism, it doesn't seem to be copyright piracy - though what with Kotilainen dodging like hell in the interview, the antipiracy folks might not actually realize that ;)

What it is, however, is defrauding the visitor into entering search terms under the pretense that it's the actual Pirate Bay. Could be worse, at least it's not phishing for personal information, but they do get a list of IPs with entered search terms (often for something you'd rather the antipiracy folks wouldn't know).

Comment Re:VGA not HDMI out? (Score 1) 158

It has both, and yes you can run 1080p over VGA, albeit poorly.

You can actually run it quite well, though the quality of both the signal source and the display's A/D conversion have to be good. When I ran two identical 1920x1200 Samsung 244T LCDs from a Radeon x800xl, one over DVI, one over VGA, I couldn't tell the difference at all.

Wouldn't count on a random cheap ARM box's VGA output to be top-notch, of course, especially these days when the VGA output is just mostly for legacy support. Digital is the more sensible option, with its consistent quality.

Slashdot Top Deals

When the bosses talk about improving productivity, they are never talking about themselves.