xmff - Slashdot User

North Korea Opens .kp Sites On the Internet 175

Posted by timothy on Saturday October 09, 2010 @03:22PM from the best-place-for-them-really dept.

eldavojohn writes "What an auspicious day for the Democratic People's Republic of Korea! To commemorate the 65th anniversary of the founding of the ruling Workers' Party of Korea, North Korea will no longer depend on Chinese national internet service to reach the outside world — they have their own connection and are hosting sites like the state run media. The article mentions that about a thousand websites are coming online, including services like Skype and Twitter. From where I sit in the United States, I can't seem to get any .kp TLD sites to resolve, but the news is promising if in fact it will bring more information to the information-starved masses of North Korea."

DC Internet Voting Trial Attacked 2 Different Ways 123

Posted by timothy on Saturday October 09, 2010 @02:12PM from the but-don't-worry dept.

mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!

Ridley Scott Returns to PKD 99

Posted by timothy on Saturday October 09, 2010 @09:38AM from the hard-to-get-right dept.

Krau Ming quotes from a report at Sneakpeek.ca "Ridley Scott's Scott Free Productions will produce a 4-hour TV adaptation of author Phlip K. Dick's The Man in the High Castle, based on a script by Howard Brenton. The original 1962 novel was a science fiction 'alternate history' that won a sci fi Hugo book award in 1963. Premise of the book, about daily life under totalitarian Fascist imperialism, occurs in 1962, fourteen years after the end of the Second World War in 1948. The victorious Axis Powers, Japan and Germany, conduct intrigues against each other in North America, specifically in the former US, which surrendered to them, after the Axis conquered Eurasia and destroyed the populaces of Africa." Adds Krau Ming: "Hopefully this will fall in the category of well-done PKD adaptations (though I'll leave it up to the slashdotters to determine which of the previous movies should be categorized as such)."

Facebook Billionaire Gives Money To Legalize Marijuana 527

Posted by timothy on Saturday October 09, 2010 @08:27AM from the may-not-represent-the-views-of dept.

Aldenissin writes "Dustin Moskovitz confirmed that he has recently given (an additional) $50,000 in support of Proposition 19, which is seeking to legalize marijuana in California this November. He had previously donated $20,000 to supporters of the act, which would allow people 21 years old or older to possess, cultivate or transport cannabis for personal use and would permit local governments to regulate and tax commercial production and sale of the substance. Asked for a comment as to why he's backing the legalization of marijuana, Moskovitz just sent this statement: 'More than any other initiative out there, Prop 19 will stabilize our national security and bolster our state economy. It will alleviate unnecessary overcrowding of non-violent offenders in our state jails, which in turn will help California residents.' An irony here is that about a month ago, Facebook refused to take FireDogLake's 'Just Say Now' pro-cannabis law reform ads."

Comment Re:DD-WRT (Score 1) 350

by xmff on Thursday September 09, 2010 @04:33PM (#33527082) Attached to: Broadcom Releases Source Code For Drivers

No hw crypto, no ap mode, only current generation 11n chips supported. Also given the fact that DD-Wrt not event adopted ath9k yet in favor to hacked up half open atheros drivers I wouldn't hope for opensource brcm support anytime soon.

Comment Re:about time (Score 0) 77

by xmff on Tuesday January 12, 2010 @12:36PM (#30738714) Attached to: Apache May Stop 1.3, 2.0 Series Releases

The problem is that nginx does not support IPv6 which is kind if sad for a "modern" HTTP server. Also both nginx and lighttpd do not support mod_dav_svn as far as I know, apart from that both projects are pretty decent.

Comment Crowded spectrum (Score 2, Insightful) 115

by xmff on Friday September 11, 2009 @10:02PM (#29395291) Attached to: IEEE Approves 802.11n Wi-Fi Standard

Hopefully the 5GHz band does not become clogged up now that all the new shiny 11n gear hits the market :-/

Many 802.11n devices already jam the 2.4GHz range and render near 11g devices unusable with their multi channel stuff...

Comment Re:Wood paneling on minivans. (Score 1) 224

by xmff on Thursday July 23, 2009 @12:23PM (#28796583) Attached to: White House Panel Seeks Input On Spaceflight Plans

Man, create a blog or so to post your rants so it's easier to filter out this crap. It's not even loosely related to the current discussion.

Comment This somehow ... (Score 3, Insightful) 66

by xmff on Friday June 19, 2009 @11:32AM (#28390633) Attached to: New PHP Interpreter Finds XSS, Injection Holes

... reminds me on Perl's taint mode where all external input data is traced until it was explicitly checked through a regular expression or similar.

Comment Re:OpenWRT/DD-WRT devices all appear to be vulnera (Score 1) 272

by xmff on Monday March 23, 2009 @10:18PM (#27307107) Attached to: Botnet Worm Targets DSL Modems and Routers

So the conclusion is "worm can infect machines with weak logins - now runs on mipsel too". :) Thanks for the info.

Comment Re:Run to my openWRT router and look for.. what? (Score 1) 272

by xmff on Monday March 23, 2009 @09:26PM (#27306737) Attached to: Botnet Worm Targets DSL Modems and Routers

What exactly are we looking for?

ls -lh /var/tmp/udhcpc.env

And while you're at it, maybe recheck your password :)

Comment OpenWRT/DD-WRT devices all appear to be vulnerable (Score 5, Insightful) 272

by xmff on Monday March 23, 2009 @09:21PM (#27306705) Attached to: Botnet Worm Targets DSL Modems and Routers

How so? At least on OpenWrt, SSH and Webif aren't even exposed to the wan side without manually changing the iptables rules first.

I guess it's the same on DD-Wrt.

The devices that were targetted appear to have some serious flaws, here's a cite from an analysis of the malware:

"Several revisions of the NB5 modem shipped with a flaw which meant that the web configuration interface was visible from the WAN side, accepting connections and allowing users to administer the modem using the default username and password of 'admin' from outside the LAN. Furthermore, some of these modems suffered from another flaw, meaning that by default, authentication was not enabled for the web interface - meaning no username or password was required."

It really boils down to the usual find-weak-logins style of attacks, only the target platform has changed.

Comment Re:Usability? (Score 1) 217

by xmff on Sunday March 01, 2009 @01:14PM (#27030715) Attached to: Contest For a Better Open-WRT Wireless Router GUI

Or use a preconfigured, self-compiled OpenWrt image and do *zero* configuration after flashing.

Different projects, different audience, different goals.

Also how to automate stuff? What files do you refer to? Last time I checked, the internal DD-Wrt config was an endless sequence of "nvram set foo=bar" commands and there is *no* explaination on their meaning. Also it uses a readonly file system, so no way to easily add custom scripts or configs.

Comment Re:I have a suggestion ... (Score 1) 217

by xmff on Sunday March 01, 2009 @12:23PM (#27030283) Attached to: Contest For a Better Open-WRT Wireless Router GUI

Still using Broadcom's blob, still using kernel 2.4, still no IPv6 support, still no writeable file system, still nvram based configuration. I'm not impressed.

Slashdot Top Deals