Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror

Comment Victim blaming, Opsec, and old email addresses (Score 1) 93

By itself this doesn't mean he was directly compromised. We need to be really careful about inferring things from presence on these stealer lists and breach tracking sites. This is the second time in the last couple weeks that I have seen a "stealer" list being used to discredit someone.

You can easily end up on these without having ever had a directly compromised device of your own. If you have an email password combination that was breached in any of the many public breaches listed out there (see https://haveibeenpwned.com/), all it takes is that credential to have ended up in the list being used by another nefarious actor to attempt attacks on new targets.

These are public lists, and if an attacker is using that list to attack another target, and the attacker's machines are also compromised (if you lie down with dogs, you get up with fleas).... that's it, you are now potentially in that list associated with other services than the originating service. It doesn't mean anything other than you had an account with a previously known password from a breach.

So yeah... it might infer this guy's opsec is terrible, It might indicate he was hacked, but it just as easily---and probably more likely--- might indicate nothing other than he was a victim of a 3rd party breach (like almost all of us who have been around a while will have been) and then someone else using that list was hacked... E.g. a password on a throw-away website/forum 20 years ago that was breached, forever plays forward in future attacks based on those lists. It appears as a new compromise, when it isn't.

From TFA..

"
As Lee notes, the presence of an individualâ(TM)s credentials in such logs isnâ(TM)t automatically an indication that the individual himself was compromised or used a weak password. In many cases, such data is exposed through database compromises that hit the service provider. The steady stream of published credentials for Schutt, however, is a clear indication that the credentials he has used over a decade or more have been publicly known at various points.
"
User Journal

Journal Journal: It is 2025 and Slashdot doesn't support IPv6?

Journal by grub
I've been migrating all my stuff to IPv6 because I'm retarded and felt like (another) winter project.

So I have a Debian VM that is IPv6-only for testing things out, general browsing, etc. and see that Slashdot doesn't support IPv6? One would think a tech site would have been onboard with this years ago.

Submission + - 45 years ago CompuServe connected the world before the World Wide Web (wosu.org)

Submitted by Tony Isaac
Tony Isaac writes: Silicon Valley has the reputation of being the birthplace of our hyper-connected Internet age, the hub of companies such as Apple, Google and Facebook. However, a pioneering company here in central Ohio is responsible for developing and popularizing many of the technologies we take for granted today.

A listener submitted a question to WOSU’s Curious Cbus series wanting to know more about the legacy of CompuServe and what it meant to go online before the Internet.

That legacy was recently commemorated by the Ohio History Connection when they installed a historical marker in Upper Arlington — near the corner of Arlington Center and Henderson roads — where the company located its computer center and corporate building in 1973.

The plaque explains that CompuServe was "the first major online information service provider," and that its subscribers were among the first to have access to email, online newspapers and magazines and the ability to share and download files

Submission + - Car Software Patches Are Over 20% of Recalls, Study Finds (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Software fixes are now responsible for more than 1 in 5 automotive recalls. That's the key finding from a decade's worth of National Highway Traffic Safety Administration recall data, according to an analysis from the law firm DeMayo Law. While that's a sign of growing inconvenience for drivers, the silver lining is that a software patch is usually a much quicker fix than something requiring hardware replacement. "Our analysis suggests we're witnessing a shift in how automotive recalls are handled. The growing number of software-related recalls, coupled with the ability to address issues remotely, could revolutionize the recall process for both manufacturers and vehicle owners," said a spokesperson for DeMayo Law.

In 2014, 34 of 277 automotive recalls were software fixes. The percentage of software recalls floated around 12–13 percent (apart from a spike in 2015) before growing steadily from 2020. In 2021, 16 percent of automotive recalls (61 out of 380) were for software. In 2022, almost 22 percent of recalls were software fixes (76 out of 348), and last year topped 23 percent (82 out of 356). Leading the way was Chrysler, with 82 different software recalls since 2014. Ford (66 recalls) and Mercedes-Benz (60) are the two runner-ups. Meanwhile, Tesla ranks only eighth, with 26 software recalls since 2014, which puts it on par with Hyundai (25) and Kia (25).

Electrical systems were the most common problem area, which makes sense—this is also the second-most common hardware fix recall and would probably be the top if it were not for the massive Takata airbag recall, which has affected more than 100 million cars worldwide. The other common systems affected by recalls requiring software remedies were related to backover prevention—whether that be reversing cameras, collision warnings, or automatic emergency braking—airbags, powertrains, and exterior lighting.

Comment Re:Look Up... (Score 1) 108

by mosch (#64191230) Attached to: Aviation Sector Sees No Fast Tech Solution To GPS Interference Problem

I also wonder how much it would cost to have the flight deck track location based on gps _and_ location based on an inertial reference system; then perhaps warnings could be provided if those locations diverge, and the pilot could opt to use one, the other, or neither as appropriate.

A super high-end inertial reference unit is in the hundreds of thousands of dollars, but I'd wager that something good enough to get you to the other side of a war-zone should be feasible for low five figures; maybe less if it could reuse components from cars or mobile phones.

Submission + - Encrypted Snapchat message led to panic response (bbc.co.uk) 2

Submitted by Bruce66423
Bruce66423 writes: A Spanish court has cleared a British man of public disorder, after he joked to friends about blowing up a flight from London Gatwick to Menorca.

Aditya Verma admitted he told friends in July 2022: "On my way to blow up the plane. I'm a member of the Taliban."

But he said he had made the joke in a private Snapchat group and never intended to "cause public distress"....

A key question in the case was how the message got out, considering Snapchat is an encrypted app.

One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability".

In the judge's resolution, cited by the Europa Press news agency, it was said that the message, "for unknown reasons, was captured by the security mechanisms of England when the plane was flying over French airspace".

The message was made "in a strictly private environment between the accused and his friends with whom he flew, through a private group to which only they have access, so the accused could not even remotely assume... that the joke he played on his friends could be intercepted or detected by the British services, nor by third parties other than his friends who received the message," the judgement added.'

So does the UK's GCHQ have a hack into Snapchat? Or how else did it get to the security services?

Slashdot Top Deals

I like work; it fascinates me; I can sit and look at it for hours.

Close