Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Invites Hackers To Attack Its Network

Soulskill posted more than 2 years ago | from the you-come-at-the-king-you-best-not-miss dept.

Facebook 157

An anonymous reader writes "Nearly a year ago, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. Still, when the social network's security team received a tip from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the corporate network. Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. It should, therefore, come as no surprise that Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there's a million-dollar bug, they will pay it out."

cancel ×

157 comments

Sorry! There are no comments related to the filter you selected.

Slashdot invites FIRST POST (-1)

Anonymous Coward | more than 2 years ago | (#40801199)

Attack this!!

stay frosty, bro (0)

Anonymous Coward | more than 2 years ago | (#40801219)

u know how we do

Grammar! (1, Insightful)

ThunderBird89 (1293256) | more than 2 years ago | (#40801239)

Holy hellbore, editors! At least read through the summary before letting it out onto the page teeming with grammatical errors. It reads like it was written by a grade schooler.

Have you ever considered being on topic? (-1)

Anonymous Coward | more than 2 years ago | (#40801285)

Do you have a PhD in English? Are you a certified and licensed instructor in that language in written form with many years of professional experiencing teaching it?? I doubt it. Go away troll. Your kind is NOT wanted here. The isn't English class, a formal document for legal purposes, or anything else that demands "perfect grammar" (for whatever that is, beauty in the eye of the beholder, just like resumes): It's a forums on technical topics and in this case, a computer security based one. You're blatantly off topic.

Re:Have you ever considered being on topic? (1, Informative)

Anonymous Coward | more than 2 years ago | (#40801315)

A PhD in English is certainly not required to ensure good communication. You've fallen victim to the Fallacy of Grey [lesswrong.com] - "not a professional in English teaching" is not the same thing as "unable to communicate well". Strive for perfection in everything you do, as Sir Henry Royce tells us.

Re:Have you ever considered being on topic? (-1)

Anonymous Coward | more than 2 years ago | (#40801381)

Oh go get laid poindexter

LMAO - he'd need a manual for that! (-1)

Anonymous Coward | more than 2 years ago | (#40801823)

He'd also complain it wasn't written up to his 'standards' when he strikes out, lol!

Absolutely LMAO (0)

Anonymous Coward | more than 2 years ago | (#40802463)

Thanks for that humor and you're probably correct.

You've a victim of delusions of grandeur (0)

Anonymous Coward | more than 2 years ago | (#40801385)

In your thinking you're certified to critique others writing, when you're clearly not.If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem. Get out your hooked on phonics and get on topic, troll.

Re:You've a victim of delusions of grandeur (0, Troll)

hawguy (1600213) | more than 2 years ago | (#40801707)

In your thinking you're certified to critique others writing, when you're clearly not.If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem. Get out your hooked on phonics and get on topic, troll.

English good not need here. Me right any way me can and you no understand than it meen you stupid. me not.

Thanks for proving my point (0)

Anonymous Coward | more than 2 years ago | (#40801771)

I understood you perfectly, regardless of your writing style (doubtless intentional, but possibly not (as you may have actual difficulties writing English say, due to being a non-english speaker/writer)). So, once more: If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem! The wannabe "english professor"/"grammar nazi" was put in his place by a TROLL downmod by the community here who by that down moderation has basically stated "go away troll".

Re:Have you ever considered being on topic? (0)

Anonymous Coward | more than 2 years ago | (#40801345)

Do you have an account? Nope. Go away troll, your kind is NOT wanted here.

Of course, neither do I!

Pot calling the kettle black (0)

Anonymous Coward | more than 2 years ago | (#40801399)

Get on topic, you off topic troll. Get a life.

Re:Have you ever considered being on topic? (2, Informative)

multisync (218450) | more than 2 years ago | (#40801615)

Do you have a PhD in English? Are you a certified and licensed instructor in that language in written form with many years of professional experiencing teaching it?? I doubt it. Go away troll.

I don't have a PhD in English, but I don't need one to tell you "broadened" is the wrong tense. The second sentence should read, in part,

they made an unprecedented choice by broadening the scope of the bug bounty program

instead of the way it is currently written.

This has nothing to do with language "evolving" or grammar police; they made a mistake that breaks one of the syntax rules of the language, and it should be corrected.

Re:Have you ever considered being on topic? (-1)

Anonymous Coward | more than 2 years ago | (#40801925)

If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem. Get on topic above all else, since you are clearly, off topic.

Re:Have you ever considered being on topic? (1, Insightful)

RicardoGCE (1173519) | more than 2 years ago | (#40801699)

Your kind is NOT wanted here.

The average Slashdot summary makes this very, very evident.

Downmoderation shows otherwise (0)

Anonymous Coward | more than 2 years ago | (#40801727)

The "Grammar Nazi"/"English Professor" wannabe got downmodded though, lol -> http://it.slashdot.org/comments.pl?sid=3011387&cid=40801239 [slashdot.org] . Slashdot readers told him where to go and the ratings illustrate that, clearly.

Re:Have you ever considered being on topic? (1)

RobertLTux (260313) | more than 2 years ago | (#40802353)

a big problem with "its not a formal document so FOAD" is that not making the effort can transfer to YOUR CODE the folks that try to use more formal grammar are just not wanting to let that kind of language laziness pass.

Okay so we shouldn't be arguing between NYT and Yale commas but dumping a complete trainwreck of language in and then claiming Not Formal so I CAN HAZ EROARS is Bollocks.

(and yes i know that i was not perfect myself but i at least used the Builtin spellcheck and tried)

Re:Have you ever considered being on topic? (0)

Anonymous Coward | more than 2 years ago | (#40802633)

There's no doubt ThunderBird is off topic and clearly has the problem here. That problem? Stated as plainly as is possible as it was here earlier: If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem. So much for Grammar Nazis, as ThunderBird was down moderated and rightfully so because he is an off topic troll.

Re:Have you ever considered being on topic? (1)

zippthorne (748122) | more than 2 years ago | (#40803053)

Would you rather be corrected by well-meaning grammar lawyers, or continue making and compounding mistakes until you're writing in a language that may be difficult to receive by the intended audience?

Consider what a failure to communicate may mean. In the case of the summary, a failure to receive the communication would be more detrimental to the reader than to the writer, but those roles can also be reversed when the author needs to be understood more than the recipient needs to understand. Also consider that some groups of recipients may reject communication attempts out of hand based on the style of the author, permanently excluding the author from interaction with those groups, which may have economic impact for the communicator.

Dialect differentiation is one of the pillars of the gentrification of society. It offers a way for the elite to segregate themselves from the plebs, limiting social mobility. Those with access to the "rules of grammar" and the the training in them can easily spot others of the like.

Do you still wish to avoid the pain of being corrected from time to time?

Would you care to be on topic? (0)

Anonymous Coward | more than 2 years ago | (#40803209)

Once more so it "sinks in" (drink this in and digest it): If you can't gather the meaning of words within the framework of the context they're used in, you're the problem. Incidentally, the topic here is not english grammar you know! Writing style is pure opinion, like who's resume is better or worse. As long as the audience gets the message that is what is most important.

Re:Have you ever considered being on topic? (0)

Anonymous Coward | more than 2 years ago | (#40803615)

Grammar is important, twat.

Important to a pusscake like you mentalboy! (0)

Anonymous Coward | more than 2 years ago | (#40803813)

We know your ADHD n' Dyslexia make it hard for you to read! However, it's not our fault you're a brain-damaged reject either.

Re:Have you ever considered being on topic? (0)

Anonymous Coward | more than 2 years ago | (#40803825)

Profanity's a last resort of off topic trolls like you. Take your meds.

Re:Grammar! (1)

ThunderBird89 (1293256) | more than 2 years ago | (#40801799)

Well that escalated quickly...

"Troll" moderation? Oh please, if anything, this is "Offtopic", but certainly not trolling. The summary is badly written, a grammatical wreck, there's no denying that. There's no denying that there are editors, either. And there's also no denying that as editors, verifying the accuracy, correctness, sources, and presentation of the summaries posted is their responsibility in the end. In this case, they failed their job, and I'm right to call attention to that.

As for your ad hominem attacks, you're going to have to do better than that to even faze me. Try going to logical, coherent arguments, and skip that part about the redundancy of language due to context, bad grammar is bad, redundancy or not.

This was stated earlier and I agree with it (0)

Anonymous Coward | more than 2 years ago | (#40801849)

If you can't gather the meaning of words from within the context in which they are written, it is clearly YOU with the problem. You're in no position to critique others' writing either. What exactly qualifies you on that grounds?? Your MERE "opinion"??? Please... get over yourself, and get on topic.

Re:Grammar! (1)

bryonak (836632) | more than 2 years ago | (#40802289)

Seems like you're being trolled by someone with mod points copy-pasting the same ad hominem stuff anonymously and downvoting reasonable replies. Don't worry, it'll correct itself.

Personally my French writing sucks and I'm thankful for people pointing out possible corrections - they help me improve. Reading a correct and nicely formulated writeup is simply more efficient than having to figure out what the author is trying to convey. It's the editors' job to pay attention to that, so yes, your kind is welcome here.

Funny offtopic TBird can't deny this (0)

Anonymous Coward | more than 2 years ago | (#40802443)

http://it.slashdot.org/comments.pl?sid=3011387&cid=40801849 [slashdot.org]

"Seems like you're being trolled by someone with mod points copy-pasting the same ad hominem stuff anonymously and downvoting reasonable replies. Don't worry, it'll correct itself. - by bryonak (836632) on Saturday July 28, @01:08PM (#40802289)

Seems like you're another easily made sockpuppet alternate registered 'luser' account of ThunderBird's obviously (like THAT fools anyone around here, as we've seen it many times before) "suddenly defending him" on his obvious off topic wannabe english critic statements (lol).

Don't worry, it'll correct itself. - by bryonak (836632) on Saturday July 28, @01:08PM (#40802289)

Oh, it did long ago: Tbird was downmoderated!

Re:Funny offtopic TBird can't deny this (1)

ThunderBird89 (1293256) | more than 2 years ago | (#40802511)

Check the UIDs: bryonak registered long before I did, and for the record, I don't play dirty like trolls do: everything I do on this site is connected to this single account, be it a good or bad thing, and I responsibly take all replies and karma-deltas for what I do and say.

However, it's not hard to notice that the replies are all the same, word-for-word, and all are attacks directed against my person, not against my points. As such, they carry no weight, only noise.

You're downmodded troll (0)

Anonymous Coward | more than 2 years ago | (#40802603)

Off topic and all: Accept it. Grammar nazis always fail.

Check the UIDs: bryonak registered long before I did by ThunderBird89 (1293256) on Saturday July 28, @01:44PM (#40802511)

First - Should we nominate you for 'sainthood' because you're stupid enough to have a registered 'luser' account (many of them as I suspect as do others here) that makes you an easily tracked sheep? Secondly - that doesn't mean you're just he posting under this account this time. Get one thing clear/straight: We all KNOW how many people keep alternate registered 'luser' sockpuppet accounts here!

I don't play dirty like trolls do: everything I do on this site is connected to this single account, be it a good or bad thing, and I responsibly take all replies and karma-deltas for what I do and say.by ThunderBird89 (1293256) on Saturday July 28, @01:44PM (#40802511)

See above, "Rinse, Lather, & Repeat"... pretty simple, & yes - the /. community is aware that happens too, and is the dirtiest trick of all. HBGary ring a bell?

However, it's not hard to notice that the replies are all the same, word-for-word, and all are attacks directed against my person, not against my points. by ThunderBird89 (1293256) on Saturday July 28, @01:44PM (#40802511)

Oh, really? They're directed to the fact you are off topic, and think you're "the great critic" of others' writing (with no real credentials on your part to be able to do so and have a little street cred on that account). Get over yourself. Once more:

IF YOU CAN'T GATHER THE MEANING OF WORDS WITHIN THE FRAMEWORK OF THE CONTEXT IN WHICH THEY'RE USED, IT IS YOU WITH THE PROBLEM!

As such, they carry no weight, only noise.by ThunderBird89 (1293256) on Saturday July 28, @01:44PM (#40802511)

Ahem: A downmoderation of your blatantly off topic initial post by the community here shows otherwise http://it.slashdot.org/comments.pl?sid=3011387&cid=40801239 [slashdot.org] YOU FAIL! Your person is off topic. No questions asked: Argue with that fact.

Re:You're downmodded troll (1)

ThunderBird89 (1293256) | more than 2 years ago | (#40802713)

Says the Anonymous Coward, who's even afraid to show his handle. You don't know anything about people's usage habits and accounts, or if you're a site admin who does, prove it. You can do that by, say, publishing my IP address. You should be able to access the logs if you're an admin and know exactly who are my "sock puppet" accounts. So go on, prove it to everyone that I'm a dirty, cheating, sock puppet-using troll. I'm waiting.
Of course I'll be waiting a long time: if you do have access to those logs, and look up my IP, you'll see only one account uses it: this one.

As for being off topic with my initial comment, I accept that, never denied it either. However, I maintain my point that the summary, as it is now, should never have seen the light of the front page. At the very least, the editor posting it should have looked it over and corrected any mistakes to produce a summary befitting the site.

Pot calling the kettle black (0)

Anonymous Coward | more than 2 years ago | (#40802895)

Says the Anonymous Coward, who's even afraid to show his handle. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Now who's guilty of ad hominem attacks? "Do not as I do, do as I say", eh?? Please... lol - you've only shown us that not only are you a wannabe english writing critic (with no real credentials or qualifications on that account), but that you're a pseudo logician too... lol!

Have you also considered I may not even HAVE a registered 'luser' account here (much less many of them as I suspect you do along with others replying to your blatantly off topic trolling)?

You don't know anything about people's usage habits and accounts, or if you're a site admin who does, prove it. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Hmmm - Awfully 'defensive' there, talk about a DEAD GIVE AWAY (seems we struck a nerve, eh? Nothing hurts like the truth!) - also, as to knowing what is what on that account??

How do you KNOW I don't???

(Again - Your logic is weak, and easily overturned by reverse psychology)

Fact: You don't know that I don't.

You can do that by, say, publishing my IP address. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Why would I do that and possibly break laws?

You should be able to access the logs if you're an admin and know exactly who are my "sock puppet" accounts. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Ahem: Anyone can use TOR and do that, so once more: Who do you *think" you are fooling?

(Also, can't you be on topic, ever? Hence, you were downmoderated to TROLL status!)

So go on, prove it to everyone that I'm a dirty, cheating, sock puppet-using troll. I'm waiting.by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

No need!

You're "foaming at the mouth" overly defensive replies are doing the job nicely as well as your "defenders" who are, like you, off topic as all hell... lol!

Of course I'll be waiting a long time: if you do have access to those logs, and look up my IP, you'll see only one account uses it: this one.by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

First of all, we'll be waiting for you to be on topic forevr, lol!

Secondly/Again: "Rinse, Lather, & Repeat" and re-read about TOR above, thanks (you're not doing very well, nor are your "defensive replies", overly so, either). Either your technical knowledge on that account is weak, or you *think* others here don't know how it's done.

Again: See HBGary online... it's been done, busted, and well known.

As for being off topic with my initial comment, I accept that, never denied it either. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

About time... With that said?

Well, perhaps you should be at -1 TROLL then, right? After all, you were down moderated for being off topic and yes, a troll for that.

However, I maintain my point that the summary, as it is now, should never have seen the light of the front page.by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

First, your "point" is OFF-TOPIC... get it? Oh, that's right - you do and admit it.

Secondly - That's mere opinion from an off topic unqualified wannabe english writing critic, nothing more... what was it you called it? PURE NOISE!

At the very least, the editor posting it should have looked it over and corrected any mistakes to produce a summary befitting the site.by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Once more in regards to your off topic trolling you were down moderated for:

IF YOU CAN'T GATHER THE MEANING OF WORDS WITHIN THE FRAMEWORK OF THE CONTEXT IN WHICH THEY'RE USED, IT IS YOU WITH THE PROBLEM!

AC off his meds (1)

bmo (77928) | more than 2 years ago | (#40803011)

Your meds. Take them. Now.

--
BMO

Quit projecting! (0)

Anonymous Coward | more than 2 years ago | (#40803043)

How "original" (not) and weak. Is the "best defense" you have, that? You FAIL, troll, off topic as usual.

Re:Quit projecting! (1)

bmo (77928) | more than 2 years ago | (#40803561)

I was joking before. I'm not now.

Take your meds.

BMO = "the Projectionist" (lmao) (0)

Anonymous Coward | more than 2 years ago | (#40803775)

Keep projecting:. We can tell you need your meds loony boy!

AC off his meds (1)

bmo (77928) | more than 2 years ago | (#40803811)

I would taunt you, but taunting the mentally disabled is considered bad form.

--
BMO

BMO = "Biggest Mentalcase Online" (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803843)

I'm taunting you, Biggest Mentalcase Online (lol, BMO) right here http://slashdot.org/comments.pl?sid=3011387&cid=40803801 [slashdot.org] so take your meds and quit projecting pusscake.

Re:BMO = "Biggest Mentalcase Online" (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803851)

LMAO! Love the acronym. Don't mind BMO. He forgot his meds again.

BMO = Biggest Mentalcase Online (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803801)

Biggest Mentalcase Online keeps repeating himself, projecting his own issues in his taking medications to keep his loony brain in check: Hilarious!

Re:BMO = Biggest Mentalcase Online (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803865)

Hahahaha, good one. Fits mentalboy BMO perfectly (BMO = Biggest Mentalcase Online).

Re:BMO = Biggest Mentalcase Online (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803899)

You hurt the projecting mentalboy BMO's feelings, he quit posting.

Re:BMO = Biggest Mentalcase Online (lol) (0)

Anonymous Coward | more than 2 years ago | (#40803909)

He'll post again. His OCD and rage due to it demands it of him, lol!

Re:You're downmodded troll (0)

Anonymous Coward | more than 2 years ago | (#40803021)

It's APK - the writing style is quite recognizable, as is the insistence that he is always correct and never the one with the problem. Don't bother with him, you're wasting your time and energy getting that loon to go back on a position once his mind made up.

Who was downmoderated? ThunderBird69 (0)

Anonymous Coward | more than 2 years ago | (#40803069)

Why?? He is off topic and admitted it even:

"Troll" moderation? Oh please, if anything, this is "Offtopic", but certainly not trolling. by ThunderBird89 (1293256) on Saturday July 28, @12:05PM (#40801799)

From http://it.slashdot.org/comments.pl?sid=3011387&cid=40801799 [slashdot.org]

Are you so stupid you didn't see that much?

As to my being anyone else like APK? Please: Quit trying to play "forensic investigator" already (you're not good at it).

After all, the fact of the matter here, is this: It wouldn't matter who I was when the poster himself admits he was off topic and the fact he was downmoderated as a troll for it.

Re:Who was downmoderated? ThunderBird69 (1)

ThunderBird89 (1293256) | more than 2 years ago | (#40803201)

If you're going to quote my words, please give full context (since you seem to be so much into context), and include the rest of that paragraph, in which I explain just why I commented what I commented.

Re:Who was downmoderated? ThunderBird69 (0)

Anonymous Coward | more than 2 years ago | (#40803215)

If you're going to post here, please be on topic. Can you do that? Thank you.

How's this for a quote of YOUR words? (0)

Anonymous Coward | more than 2 years ago | (#40803241)

As for being off topic with my initial comment, I accept that, never denied it either. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Facts: You admit to being off topic. You were downmodded for it! You can argue all you like but you are proving your detractors points for him since you cannot get on topic!

Let's use TBird's "logic" (as you post as AC) (0)

Anonymous Coward | more than 2 years ago | (#40803179)

Quotes from ThunderBird69 (who admits being off topic and wonders why he was downmodded as a troll), from his own words and "pseudo logic" here http://it.slashdot.org/comments.pl?sid=3011387&cid=40802713 [slashdot.org]

Prove it's APK. You're a coward posting as AC too and TBird cut that down also:

Says the Anonymous Coward, who's even afraid to show his handle. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

and

You don't know anything about people's usage habits and accounts, or if you're a site admin who does, prove it. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

and

So go on, prove it to everyone that I'm a dirty, cheating, sock puppet-using troll. I'm waiting.by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

That said, from "the english grammar off topic nazi himself", your hero (lol, sock puppet is more like it) whom you "defend" and fail in? Once more - prove its apk.

You can't, you fail, and it is hilarious. It is SO easy to get the better of you off topic trolls it is not even funny anymore. You need "brain upgrades", lol!

(Funny you post as ac now too... lol!)

Funniest part is this:

as is the insistence that he is always correct and never the one with the problem by Anonymous Coward on Saturday July 28, @02:57PM (#40803021)

Funny TBird was downmoderated for being off topic and ADMITTING it too:

As for being off topic with my initial comment, I accept that, never denied it either. by ThunderBird89 (1293256) on Saturday July 28, @02:12PM (#40802713)

Hence his downmoderation and continually being off topic. You too, and by TBird's reasoning? You fail yet again.

If you can't gather the meaning of words (0)

Anonymous Coward | more than 2 years ago | (#40802999)

Within a framework of the context they're used in, you're the problem. No small wonder you were downmodded to trolldom for being off topic!

Here's an opinion too (0)

Anonymous Coward | more than 2 years ago | (#40803891)

Your grammar sucks, so you're not one to talk (or write).

VERY GOOD/SMART (0)

Anonymous Coward | more than 2 years ago | (#40801253)

This is using the enemy against "himself", & at the same time, strengthening themselves also.

APK

P.S.=> I've said this before & I'll say it again: The 1 "good" thing hacker/cracker types do, is show what needs "shoring up" (but, admittedly, that's about it). Just making "lemonade out of lemons" on that note...

... apk

Re:VERY GOOD/SMART (1)

Teresita (982888) | more than 2 years ago | (#40801325)

I'd say Facebook was doing a very good job annihilating itself with their $38 IPO now down 37% and the clunky Timeline UI. I'd be hard pressed to think of an external black-hat operation that could top those two self-inflicted wounds. Maybe porn site ad popups with loud audio of womenfolk enjoying themselves which you can't turn off, even when you are at Mass or in a very important interview. That might be a worthy hack.

Re:VERY GOOD/SMART (1)

TFAFalcon (1839122) | more than 2 years ago | (#40801471)

Wasn't the IPO a good thing for facebook?

Just think about it. They managed to trick people into putting much more money into the company then what it was worth. That money is still in the company now, even if the stock price crashed.

Re:VERY GOOD/SMART (0)

Anonymous Coward | more than 2 years ago | (#40801495)

Except that most of it went into the pockets of early investors like Goldman Sachs.

Not on topic, however... (0)

Anonymous Coward | more than 2 years ago | (#40801537)

You may be right. Selling "intangibles" like advertising is b.s. that's wrecking the United States (in part), imo at least. Domestic manufacturing & food production kept this nation STRONG via internal employment of the citizenry as well as exports of actual physical goods. We don't DO much of THAT anymore, unfortunately.

Why? Greed.

See - I was told that the "service economy" was coming in the early to mid 1980's in my 1st of 2 degrees and I told the professor "It won't work. Most guys want to go do their 6-2/7-3/8-4/9-5 job in a factory (or like environs on those hourly schedules) that's unionized for stability and security, go home, eat dinner, spend time with kids, do household chores & yardwork, drink a beer, make love to the wife, go to sleep and get up the next day and do it again - the familiarity of routine! There's only so many chiefs needed and far more indians to account for and keep happy. A nation's composed of individuals, and individuals form societies. Happy individuals make for happy AND ECONOMICALLY HEALTHY societies".

He threatened I might fail that economics class, to which I told him

"When you learn to *think* for yourself, instead of spitting back what "FORBES" magazine is feeding you? Then you can make statements like that, and I have plenty of witnesses here in class to your threat. Try it, let's see what happens when I go WAY over your head if you do that..."

(Needless to say, I passed that class with a good grade too!)

* My point is that this ENTIRE fiasco in the economy was being FED TO US as far back as that, & imo in a "seize the youth, seize the future" type thing, and possibly earlier, to aid in creating this mess, today (all so that the "investment class" could profit by the easiest means possible - payroll control!). Take away disposable income (monies beyond necessities like food, rent/mortgage, etc.), you take that away from the people, creating a hand-to-mouth minimum wage ridden "economy", and ruin eventually.

(Between that & the dishonesties being practiced in government, banking, stock markets, and corporate Amerika? We have, what we have... what a shame, it really is... I've been alive for 1/2 a century now almost & watched things get bad. Really, bad...)

APK

P.S.=> I saw this coming a LONG time ago, even as a "green kid" (not that I am the 'wisest guy there is', FAR from it), but even then? I knew we were heading for problems, and here we are, today... unbelievable greed is @ the root/heart of it, imo... apk

There's a bug (4, Funny)

vawarayer (1035638) | more than 2 years ago | (#40801295)

Annoying Facebook Games.

I can log in with someone else's cookie. (1)

DerUberTroll (2676259) | more than 2 years ago | (#40801355)

Plain and simple.

Re:I can log in with someone else's cookie. (0)

Anonymous Coward | more than 2 years ago | (#40801375)

DerUberTroll stole the cookie from the cookie jar.

Re:I can log in with someone else's cookie. (1)

DerUberTroll (2676259) | more than 2 years ago | (#40801393)

It is true. Make several accounts and try it. You'll see. I don't take credit for this find. I was told this and I tried it.

Re:I can log in with someone else's cookie. (0)

Anonymous Coward | more than 2 years ago | (#40801517)

Is that humor? Of course, one can login with someone else's cookie. That's true of every website out here!

Re:I can log in with someone else's cookie. (1)

John Holmes (2619159) | more than 2 years ago | (#40802199)

Without providing credentials?

A million is pandering. (0)

Anonymous Coward | more than 2 years ago | (#40801357)

"...It should, therefore, come as no surprise that Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there's a million-dollar bug, they will pay it out."

Wow, a whole million, eh? Nothing like devaluing your company's lifesblood down to chump change.

It should come as no surprise to Ryan McGeehan when someone sells out their data for 10 million, or perhaps 20. And if Facebook doesn't think the value of that data is worth it, they're either being very naive or downright stupid.

cost vs risk = capitalism? (2)

SpzToid (869795) | more than 2 years ago | (#40801377)

OK, so I'm the Facebook corp. and I run a cost vs. risk analysis and come up with the numbers and resulting decision we see here today. Clearly they have the money, and the relative risk plus technical infrastructure so they figure this works out for them.

OK, let's say I'm a Blackhat criminal hacker, poking around the Facebook network doing nasty stuff all the time, as best as I can, because this is what I do. And one day I get caught by Facebook or someone else along those lines. I am so busted. But wait, I can explain I was really a white hat all along, just trying to feed my family the best I can. Whatever happens next can't be too bad, and I'll live to fight another day. So then I figure capitalism rocks. Also maybe I'll see what Facebook offers when I really find a big hole worth exploiting.

Win, win, and so captilism = security?

There must be something I am not seeing here. Could such pure capitalism do something about all those evil Chinese and Russian and Ukranian hackers too? That which laws and police cannot really do very well at this time?

To look at this another way, the US/Israeli State Resources behind Flame and Stuxnet (etc.) seem to have been fairly successful doing harm.

Re:cost vs risk = capitalism? (1)

NettiWelho (1147351) | more than 2 years ago | (#40802437)

There must be something I am not seeing here. Could such pure capitalism do something about all those evil Chinese and Russian and Ukranian hackers too?

If the payout for playing for white hat team was guaranteed to be better, I could see a lot of those motivated by money to be swayed over.

Re:cost vs risk = capitalism? (0)

Anonymous Coward | more than 2 years ago | (#40802875)

While paying high bounties can make it worth for a blackhat to sell the exploit to you instead of selling it to the Russian mafia (there are some caveats: what guarantees do you have he won't sell to both? what guarantees does he have you won't throw him in jail forever?), on the other hand it acts as an incentive to find exploits in your system. So you end with a potentially expensive (or inexpensive, depending on many variables), secure, and very highly targeted system. As long as you pay better than everyone else, great you're secure. But the moment someone with a bigger wallet comes along (and if you have something of value to exploit they will) you're screwed as you have basically paid to train an army of criminals in exploiting your system.

Also maybe I'll see what Facebook offers when I really find a big hole worth exploiting.

Maybe. But considering the number of blackhats who were tricked by companies, if I were you I'd prefer to sell it to (other) criminals instead. Better safe than sorry. Or sell to both criminals and Facebook, and use a different fake identity every time you deal with Facebook.

I peed a little (2)

houghi (78078) | more than 2 years ago | (#40801411)

I peed a little when I read compromise the integrity or privacy of Facebook user data. If they think that would be the result from a hack, then having an account means you are a hacker.
If you subscribe and don't use your real name, you must be a 1337 Hax0r

Fairly cynical view... (5, Insightful)

mspohr (589790) | more than 2 years ago | (#40801425)

"Nobody expects malicious attackers to have a change of heart and hand over information about a vulnerability for a few thousand dollars when they could sell the stole information for much more. "
I really don't think that all hackers are greedy. While there are hackers who are willing to take the risks of selling hacks to criminals, there are probably many hackers who would be interested in exploring vulnerabilities for a modest legal reward.

Re:Fairly cynical view... (1)

jones_supa (887896) | more than 2 years ago | (#40801509)

And how many actually have contacts to sell that kind of stuff?

Re:Fairly cynical view... (0)

Anonymous Coward | more than 2 years ago | (#40801743)

It says malicious attackers. I don't believe it's making a blanket statement.

Re:Fairly cynical view... (1)

Capt. Skinny (969540) | more than 2 years ago | (#40802375)

Agreed. This won't cause black hats to have a change of heart, but it will bring more white hats to the table by giving them more of an incentive.

Inviting crime to our personal data (0)

Anonymous Coward | more than 2 years ago | (#40801445)

Inviting crime to our personal data, good show facebook, are you trying to drive us away?

I do not welcome deliberate encouragement and funding of crime on my personal profile.

Yet more reasons to leave Facebook. This is not the way to test your product, you do REWARD people for ATTACKING the people that are giving you your bread and butter. Without us you HAVE NO INFORMATION TO SELL.

Makes sense (1)

JanneM (7445) | more than 2 years ago | (#40801451)

Just count each successful attack as another active user. I guess every bit helps when your stock value is on the line.

DNS hack (2)

ralferix (1342841) | more than 2 years ago | (#40801501)

I tried going to Facebook today, didn't come up so decided to checkout Slashdod since I could see other sites, I find this story about Facebook inviting hackers on DefCON weekend. Well, seems my DNS doesn't resolve them, is this widespread? C:\Users\r>ping facebook.com Ping request could not find host facebook.com. Please check the name and try again.

Options for "DNSBL filtered 'secured'" DNS servers (-1)

Anonymous Coward | more than 2 years ago | (#40801585)

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html [comodo.com]

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apkb

Re:Options for "DNSBL filtered 'secured'" DNS serv (0)

Anonymous Coward | more than 2 years ago | (#40801945)

Good post. Thanks for the info (can't see why you're downmodded though).

Re:Options for "DNSBL filtered 'secured'" DNS serv (1)

Anonymous Coward | more than 2 years ago | (#40802123)

Can't you give me some information about the hosts file? You probably don't know about that, maybe a little too advanced for you.

You need to be more observant (0)

Anonymous Coward | more than 2 years ago | (#40802385)

Was already posted long ago here as well -> http://it.slashdot.org/comments.pl?sid=3011387&cid=40802123 [slashdot.org] FAR predating your post...

* So much for that from you...

APK

P.S.=>

"Can't you give me some information about the hosts file? You probably don't know about that, maybe a little too advanced for you." - by Anonymous Coward on Saturday July 28, @12:48PM (#40802123)

"Read 'em & weep" above... However, I suspect you don't read well, based on proof of my statements, & your BLATANT error...

... apk

You need to be more observant... apk (0)

Anonymous Coward | more than 2 years ago | (#40802407)

Was already posted long ago here as well -> http://it.slashdot.org/comments.pl?sid=3011387&cid=40801683 [slashdot.org] FAR predating your post I am replying to now...

* So much for that from you...

APK

P.S.=>

"Can't you give me some information about the hosts file? You probably don't know about that, maybe a little too advanced for you." - by Anonymous Coward on Saturday July 28, @12:48PM (#40802123)

"Read 'em & weep" above... However, I suspect you don't read well, based on proof of my statements, & your BLATANT error...

... apk

Re:You need to be more observant... apk (0)

Anonymous Coward | more than 2 years ago | (#40803919)

Excellent job APK: Burning a troll with his own mistake.

Re:Options for "DNSBL filtered 'secured'" DNS serv (0)

Anonymous Coward | more than 2 years ago | (#40803663)

I LOL'd. XD

Well played.

Re:Options for "DNSBL filtered 'secured'" DNS serv (0)

Anonymous Coward | more than 2 years ago | (#40803755)

I laughed at the idiot who posted this too http://it.slashdot.org/comments.pl?sid=3011387&cid=40802123 [slashdot.org]

Another option to consider (custom hosts files) (0)

Anonymous Coward | more than 2 years ago | (#40801683)

Custom hosts "hardcodes" of your favorites of their "IP address to host-domain name 'equation'" in line records in hosts can overcome that crap too & help. That's in addition to my initial post reply to you here -> http://it.slashdot.org/comments.pl?sid=3011387&cid=40801585 [slashdot.org] on filtering DNS servers.

DNS has KNOWN issues, & can be "redirect poisoned" over ports 51/53. Hosts help "skirt that issue", take a LONG read (but a detailed one as to why):

I use hosts in the following ways (see my 'p.s.' below, in detail, for your reference) to COMPLIMENT & OVERCOME THOSE PROBLEMS IN DNS & OTHER MECHANISMS LARGELY!

Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful):

---

1.) Blocking out malware/malscripted sites
2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware
3.) Blocking out Bogus DNS servers malware makers use
4.) Blocking out Botnet C&C servers
5.) Blocking out Bogus adbanners that are full of malicious script content
6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)
7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).
8.) Added "anonymity" (to an extent, vs. DNS request logs)
9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).
10.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)
11.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).
12.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)
13.) Blocking out TRACKERS
14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).
15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.

---

* & FAR more... read on below IF you are interested (for detail).

AND, for those of you that run Microsoft Windows 32 or 64 bit? An automated hosts file creation & mgt. program:

http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip [securemecca.com]

(You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do))

What's it do for you?

It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") after it obtains custom hosts file data from 12 of the reputable & reliable sources listed below:

---

1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malware makers (since host-domain names are recyclable by they, & the RBN (Russian Business Network & others)) were doing it like mad with "less than scrupulous", or uncaring, hosting providers)

4.) Better 'anonymity' to an extent vs. DNS request logs (not vs. DPI ("deep packet inspection"))

5.) The ability to circumvent unjust DNSBL (DNS Block Lists) if unjust or inconveniences a user.

6.) Protection vs. online trackers

7.) Better security vs. the DNS system being "dns poisoned/redirected" (a known problem for recursive DNS servers via port 51/53 misdirection)

8.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters

And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).

9.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).

10.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns ping to avoid DNS (noted above why)).

11.) Removal scanners (if the users decide to remove hosts entries from imported data they can check if the site is indeed known as bad or not (sometimes 'false positives' happen, or just bad entries, or sites clean themselves up after infestation due to vulnerable coding etc./et al)).

12.) Removal of bloating material in many hosts files like Comments (useless bulk in a hosts file that's "all business")

13.) Removal of bloating material in many hosts files like Trailing comments after records (produces duplicates)

14.) Removal of bloating material in many hosts files like Invalid TLD entries (program checks this in a BETTER method than the API call "PathIsURL")

15.) Removal of bloating material in many hosts files like Trims entries (vs. trailing blanks bloat on record entries)

16.) Removal of bloating material in many hosts files like the conversion of the larger & SLOWER 127.0.0.1 blocking "loopback adapter" address (slower due to larger size bytes wise to parse, & slower if loopback happens) to the smaller/faster to parse & load 0.0.0.0

17.) Uniformity of ALL entries in hosts (as to records inserted & format they use - reducing bloat AND repeated bloating entries).

18.) Filtration-Removal of sites that IF in a hosts file are KNOWN to cause problems on larger portals that use CDN etc.

19.) Custom hosts files protect ALL webbound programs, not just webbrowsers (like AdBlock addons, & it doesn't even block ALL adbanners by default anymore) & it does so @ a more efficient faster level (Ring 0/RPL 0/Kernelmode) acting merely as a filter for the PnP design IP stack, vs. the slower level webbrowser programs & their addons operate in (Ring 3/RPL 3/Usermode), which addons slow them even more by "layering on" parsing & processing that browser addons layer on.

20.) Custom hosts files also offer the speedup to favorite sites noted above, & even firewalls + browser addons do NOT offer that...

---

& MORE, in roughly 15 minutes runtime (on an Intel Core I7 920 Quad/4 core cpu @ 2.67ghz) & faster on faster CPU's (e.g. - Intel Core I7 3960 "extreme" 6-7 core CPUs = 7 minute runtime) & slower on slower CPU's (Intel 1.5ghz Celeron single core = 45 minutes).

* The malwarebytes/hpHosts site admin another person/site hosting it (Mr. Steven Burn, a competent coder in his own right), said it's "excellent" in fact and has seen its code too...

(Write him yourselves should anyone doubt any of this -> services@it-mate.co.uk , or see his site @ http://hosts-file.net/?s=Download [hosts-file.net] )

A Mr. Henry Hertz Hobbitt of securemecca.org &/or hostsfile.org can also verify that this program is safe - write him @ -> hhhobbit@securemecca.com

It'll be releasing soon to sites that host 64-bit programs (even though it also has a 32-bit model, line for line the same code except for 32 in place of 64 in its help file & user interface)!

I told myself (since i built it in late 2003 in version 1.0++ & have rebuilt it 5x since in Borland Delphi 3.0/5.0/7.0 32-bit & currently into 64-bit using Delphi XE2) IF things didn't get better on the "malware front", out it would go for the general public to get the above enumerated multiple & versatile benefits custom hosts yield for end users (mainly saving them money on speed + bandwidth they pay for each month as well as added "layered-security"/"defense-in-depth" AND reliability all noted above)

APK

P.S.=> Details of the above synopsis/short summary are as follows below:

21++ ADVANTAGES OF HOSTS FILES (over browser plugins for security, &/or DNS servers):

(Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs)).

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below, & especially vs. the July 12th 2012 "DNSChanger" trojan purge that's coming soon (those folks won't get to sites if infested - I will, due to hardcodes in my hosts file of my fav. 20 sites + using BETTER filtering DNS servers (see list below))...

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows - functions for "reverse DNS lookups"), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucket's DNS Records Hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, 6.)bAn experiment gone wrong there is NOTHING I can do about that!for again, "Layered Security" too)...

---

24++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

"That is, do the things you would normally do to secure your own machine from malware, intrusive advertising, and vulnerabilities. Use the hosts file to block certain domains from being accessible." - by wickerprints (1094741) on Friday June 22, @12:57AM (#40407865)

"Ad blocking hosts file, I use it as an adult ;-) http://winhelp2002.mvps.org/hosts.htm [mvps.org] " - by RJFerret (1279530) on Friday June 22, @01:15AM (#40407983) Homepage

"There is probably a decent list of domains out there that you can put in your hosts file so that lookups for these fail. I assume you're more concerned about accidental adverts and such, which is a fair concern considering how many sites have em" - by ieatcookies (1490517) on Friday June 22, @01:21AM (#40408005)

"I find mapping hosts to 0.0.0.0 is faster, because it's not a valid IP address, so the DNS subsystem of your OS will ignore it without trying to connect. There are several hostfile collections out there. I merged three of them several years ago just for my own freedom from ads and other junk. I currently have 131572 host names zero'd out." - by Dracos (107777) on Friday June 22, @01:34AM (#40408085)

"I also use linux a lot more now and, beyond a custom hosts file, don't have any active antivirus software beyond what comes with Ubuntu" - by sneakyimp (1161443) on Friday June 22, @04:26PM (#40416169)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* THE HOSTS FILE GROUP 34++ THUSFAR (from +5 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]
HOSTS MOD UP vs. SOPA act: 2012 -> http://yro.slashdot.org/comments.pl?sid=2611414&cid=38639460 [slashdot.org]
HOSTS MOD UP vs. FaceBook b.s.: 2012 -> http://yro.slashdot.org/comments.pl?sid=2614186&cid=38658078 [slashdot.org]
HOSTS MOD UP "how to secure smartphones": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2644205&cid=38860239 [slashdot.org]
HOSTS MOD UP "Free Apps Eat your Battery via ad displays": 2012 -> http://mobile.slashdot.org/comments.pl?sid=2734503&cid=39408607 [slashdot.org]
HOSTS MOD UP "How I only hardcode in 50 of my fav. sites": 2012 -> http://it.slashdot.org/comments.pl?sid=2857487&cid=40034765 [slashdot.org]
APPLYING HOSTS TO DIFF. PLATFORM W/ TCP-IP STACK BASED ON BSD: 2008 -> http://mobile.slashdot.org/comments.pl?sid=1944892&cid=34831038 [slashdot.org]
HOSTS vs. TRACKING ONLINE BY ADVERTISERS & BETTER THAN GHOSTERY: 2012 -> http://yro.slashdot.org/comments.pl?sid=2926641&cid=40383743 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskc

Severe lack of trust (0)

Anonymous Coward | more than 2 years ago | (#40801505)

Yes, come hack our site! And if you suceed, we'll turn you in to the police.

This sort of competition requires a large amount of trust on both sides. I see far too much potential for:
1) Facebook to claim that legitimate contenders were actual hackers and have them arrested (either unintentially or intentionally).
2) Legitimate hackers that get caught to claim that they were only taking part in the hacking competition.

I think that there are few people who trust Facebook, and with good reason. One thing you can be certain of is that they will be logging all hacking attempts.

Facebook needs a GOJF card "ap" (1)

RobertLTux (260313) | more than 2 years ago | (#40802469)

I if i was going to try for the money then i would detail my efforts and then not give the info to FaceBook before i get issued a GOJF card (i would also have a Trusted Third Party monitor things so FB can't say "you used your hack to steal X from us beyond what was needed to prove the hack")

If FB won't play ball then the info goes up on "HackBay" on a 12 million dollar reserve

No $ (-1)

Anonymous Coward | more than 2 years ago | (#40801515)

my friend's sister-in-law earned $18515 a week ago. she has been working on the internet and bought a $314800 condo. All she did was get fortunate and make use of the instructions laid out on this site http://snurl.com/24g56wd

Duh? (0)

Anonymous Coward | more than 2 years ago | (#40801551)

And WHAT could possibly go wrong?!

I officially hacked Facebook! (0)

Anonymous Coward | more than 2 years ago | (#40801609)

I became an advertisement company, gave Zuck a fist full of dollars, and now have full access to everything you do!
Officially I'm even considered "part of the company", and hence "no information was passed on to third parties". :P

Cheap (1)

Patch86 (1465427) | more than 2 years ago | (#40801675)

Although I can see the appeal of something like "bug bounties", I can't help but feel that it's basically testing on the cheap. As an IT professional, it feels a bit like devaluing a highly skilled career; or at best, making testers nothing but self-employed, pay-as-you-go workers rather than full employees or traditional contractors.

I mean, what Facebook are basically offering is "no win no fee" Penetration Testing. Rather than paying a team of certified, experienced Pen Testers to run a thorough and comprehensive report, they're saying "yeah, do a Pen Test, but we'll only pay you if you find anything wrong". Not only that, but "we'll only pay you properly if you find something really wrong". And if Facebook have actually managed to inadvertently make their system secure, they'll get to find that out via 100's of hours of free testing.

Bug bounties to encourage end-users to post proper bug reports is one thing, but this seems like a slightly grubby step too far to me.

What's worth attacking? (0)

Anonymous Coward | more than 2 years ago | (#40801693)

Wait... FB has data that's worth attacking? This really is news to me.

PHP (0)

Bengie (1121981) | more than 2 years ago | (#40801789)

And here I thought someone was poking fun at FB using PHP. http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/ [veekun.com]

Virtually every feature in PHP is broken somehow. The language, the framework, the ecosystem, are all just bad. And I can’t even point out any single damning thing, because the damage is so systemic.

fun read

adv (-1)

Anonymous Coward | more than 2 years ago | (#40802023)

what Martin answered I'm taken by surprise that a mother can get paid $5897 in 4 weeks on the computer. did you see this site http://www.makecash16.com

Stupidity (0)

Anonymous Coward | more than 2 years ago | (#40802179)

What about the hackers who just want the data, not the money? They will be masked by all the script kiddies with dollar signs in their eyes.

Am I missing something? Buy bugs from black-hats? (1)

VortexCortex (1117377) | more than 2 years ago | (#40802303)

If they care about paying the right price for the bugs, why not just buy the existing exploits from the black-hats? Hackers get paid what the bug is ACTUALLY worth (on the black market), you fix even more bugs, driving more folks to search for cracks, driving bug price down, everyone's happy?

I get that white hatters are beneficial, but I'd still be careful attaching my name to a "bug bounty". They can throw you in jail for white hat hacking at a whim -- It's still illegal by the retarding letter of the law.

Obvious (1)

mapfortu (2567463) | more than 2 years ago | (#40802745)

Slashdot pwnz this realm. Nobody takes down that feed. Writing to the United Nations on the .int is also a good example. The .int pages load like crap because they're all served over the analog POTS at significant intersection points to avoid all of the network card exploit cycles traveling on the common global fiberoptic and metallic. The analog circuits make HTTP page loads terrible but standard plain text e-mail is never a problem.

Silverspur's Stronghold is similar. We manage our own analog, the server client software takes care of necessary compression, and we don't push advertising crap into your three pixel console click box. Interpol has some extra good filters on their telephones, we believe we have a few they don't, they believe they have a few we don't. It's all great sporting fun.

"Challenge accepted" (1)

fph il quozientatore (971015) | more than 2 years ago | (#40803149)

Let me guess... 24 hours later the workstation on Mark Zuckerberg's desk had its hostname changed to challengeaccepted.facebook.com?

Wouldn't touch with a 10' pole! (-1)

Anonymous Coward | more than 2 years ago | (#40803257)

Two Texas girls--ages 12 and 13--were arrested earlier this month and charged with online impersonation, a third-degree felony, for creating a fake Facebook account under the name of another student at their school.

Wake up.
Fuck facebook everything.
http://reason.com/blog/2012/07/27/two-texas-pre-teens-create-a-fake-facebo

Decriminalization (1)

El_Muerte_TDS (592157) | more than 2 years ago | (#40803337)

Now it's legal to hack their network. Which is a nice move for white hats, but it also gives black hats permission to fuck around with people's private data.

Why not provide a copy of the facebook software with mock up data to which you give permission to hack.

Chinese Characteristics (0)

Anonymous Coward | more than 2 years ago | (#40803727)

The Chinese do not need an invitation. What the West calls an "invitation" is construed there as a provocation.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>