×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Dealing With Companies With Poor SSL Practices?

F.Ultra Re:This is not a SSL matter (141 comments)

You seam to talk about something complete different from what the article is about. This is about a web store storing end users passwords in clear text in their database, not your internal system for employees or what ever. For a web store there is no reason what so ever to use the customer provided password for anything other than authenticating the user for the web service, all other access deeper in the system should use credentials set up between these services.

And even for you set up there is no reason that some deep back end have to use the same password for user X than user X typed in when accessing the web service, if you must need per user passwords inside your system then let the system auto generated credentials upon account creation for b2b authentication.

about a month ago
top

Snowden Documents Show How Well NSA Codebreakers Can Pry

F.Ultra Re:Anyone can intercept SSH some of the time (278 comments)

Yes failing to properly validate that first warning is one really nasty way to open up for a MITM. Which is why when I built a competitor to Amazon EC2 I made the newly started instance to upload the ssh public key to the meta-server so customers could verify that the warning message matched what they could pull from the web service (always curious why Amazon never thought about that) since one doesn't have physical access to the server when running in "the cloud".

about 1 month ago
top

Snowden Documents Show How Well NSA Codebreakers Can Pry

F.Ultra Re:Anyone can intercept SSH some of the time (278 comments)

The password is sent over the encrypted channel that ssh sets up so it's never sent in clear text as in say telnet. Then of course no one is using passwords since everyone should be using public keys instead anyways.

about 1 month ago
top

Snowden Documents Show How Well NSA Codebreakers Can Pry

F.Ultra Re:Anyone can intercept SSH some of the time (278 comments)

A fresh install of SSH will not just let anyone in, by default you would need a password which with SSH is never sent on the wire. Curious though who sets up something like SSH remotely, how do you connect to that machine before ssh is set up?

about 1 month ago
top

Snowden Documents Show How Well NSA Codebreakers Can Pry

F.Ultra Re:Anyone can intercept SSH some of the time (278 comments)

Not with SSH unless you set the machines password to something that is suspectible to online brute forcing instead of using public keys. And even then it's highliy unlikely that some one manages to brute force your stupid password and have time to add an entry in .ssh/authorized_keys before you had time to scp over the new keys and changed the ssh config to only allow public keys. AND if you for some strange reason do this over the Internet.

about 1 month ago
top

Ask Slashdot: Dealing With Companies With Poor SSL Practices?

F.Ultra Re:This is not a SSL matter (141 comments)

If so then you have a faulty implementation and need to change it. If you store user passwords in any other way than a salt+hash then your entire userdatabase will be made public if compromised. Services like Keepass is different since each account is secured with the users master password which is not stored in the database. Databas connections inside your infrastructure should not pass along the end users password, ever.

about 1 month ago
top

Ask Slashdot: Dealing With Companies With Poor SSL Practices?

F.Ultra Re:This is not a SSL matter (141 comments)

Yes a reset link via mail is also bad, but sendinging the passowrord via mail indicates that the site does not use hashing and is storing all customers password in clear text in their databases.

about a month ago
top

Snowden Documents Show How Well NSA Codebreakers Can Pry

F.Ultra Re: Again... (278 comments)

According to what we know about TAO they use zero day exploits so it doesn't look like hidden hack doors in closed source software/hardware. That PPTP is insecure has been known since at least 1998: https://www.schneier.com/pptp.... That Microsoft still promotes it is beyond me.

about a month ago
top

Scientists Say the Future Looks Bleak For Our Bones

F.Ultra Re: Study Written by a non-farmer (115 comments)

So you experienced both and measured your bone density after each and determined that the physical activity from farming gave you denser bones than hunting animals with say a spear. Ok it was my bad that I wrote "easier on the body" when I really meant that farming puts less strain on the body of the type that promotes bone density than the type of strain that you get from being a hunter/&gathered 12000 years ago. It has nothing to do with which is harder or easier.

about a month ago
top

Scientists Say the Future Looks Bleak For Our Bones

F.Ultra Re: Study Written by a non-farmer (115 comments)

You still don't get it. Nobody is saying that farming is not hard work or that it's even less hard work than the hunter/gatherer. Bone gets more dense from specific physical activity and not from all, for example running (which hunters do more than farmers) gives denser bone than walking (which farmers do more) and that is even if you walk for hours upon hours carrying heavy equipment vs running just a few hours.

What you also obviously miss completely is that it's a well established fact that the bones got less dense when man begun to farm those 12000 years ago, it's measured objective facts, not just logical deductions.

To make another analogy, if you weight train in a way that exposes your bones with compression power like squats and deadlifts then you also get denser bone than the pecs and biceps boy next to you that performed two bazillion sets to failure and thus exercises a hell of a lot more than you did.

about a month ago
top

North Korean Defector Spills Details On the Country's Elite Hacking Force

F.Ultra Re: It's like something taken out of a novel (166 comments)

Kim is afaik found of Hollywood movies so he probably thought that section 121 sounded cool.

about a month ago
top

Scientists Say the Future Looks Bleak For Our Bones

F.Ultra Re: Study Written by a non-farmer (115 comments)

What you fail to comprehend is that they are claiming that the farming was easier on the body than the lifestyle it replaced. It does not say that farming was easy, just that it was easier.

about a month ago
top

Cyberattack On German Steel Factory Causes 'Massive Damage'

F.Ultra Re: What took them so long? (212 comments)

Since most orders are probably faxed or mailed in via some simple order sheet you have your simple protocol right there. If it's a complicated order then you could have a human operator manually enter it since that should be the rare exception.

about a month ago
top

Cyberattack On German Steel Factory Causes 'Massive Damage'

F.Ultra Re: What took them so long? (212 comments)

A really secure air gap that would work with continous data streams should be built somewhat like this. 1. Define a simple protocol for the instructions. In the case of this steel mill it should be "produce x amount of class y steel". Thus there is limited ways of compromising the system via the protocol since there is no detailed instructions to fuck up the mill as in the article. 2. Air gap it by having the computer connected to the internet print out the order to paper. The the operator moves that paper to the production machine where it is scanned and ocr:ed

about a month ago
top

Google Earth API Will Be Retired On December 12, 2015

F.Ultra Re:Alternative? (75 comments)

Yes it sais so and links straight to the ppapi code used in chrome which is fully open source: https://src.chromium.org/viewv... . Hell even the chrome repository for ppapi is full of examle code if you want to write your own plugins.

about a month and a half ago
top

Google Earth API Will Be Retired On December 12, 2015

F.Ultra Re:Alternative? (75 comments)

It's so secret that they have their own Google Code page for it over at https://code.google.com/p/ppap... with full source available for download including SDKs for plugin developers.

about a month and a half ago
top

Voting Machines Malfunction: 5,000 Votes Not Counted In Kansas County

F.Ultra Re: (127 comments)

Here in Sweden we have different papers for each party, that is instead of crossing of a name you put a whole paper for party x into an envelope. Pro is that this makes the counting much easier and also is not complicated for the voter. Con is that it's very expensive for a new/small party to print and distribute papers to all voting places (if you get over 1% in an election then the state will pay and manage the distribution). You can also write the party name on a black piece of paper if you want to (or if the party you want to vote for doesn't have papers in your voting place) which of course negates the pro but it's rare enough to not make a real impact.

If there's a yes/no vote done then each such vote gets their own envelope and there is a yes or no paper to choose from, so no crossing their either.

about 2 months ago
top

Voting Machines Malfunction: 5,000 Votes Not Counted In Kansas County

F.Ultra Re: (127 comments)

Probably driven by the media since they want a result as quickly as possible so they can sell more tv-time. I have no idea how the presidential election works in the US but I assume here that the president elect doesn't take over directly, it probably takes some months before he/she can take office anyways so time should not be an issue for the election in it self. And also since the result is to last for four years, having a result in seconds seams quite useless.

about 2 months ago

Submissions

F.Ultra hasn't submitted any stories.

Journals

F.Ultra has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?