Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

CloudFlare Announces Free SSL Support For All Customers

Gollum How do they sign the certificate? (67 comments)

Am I the only one wondering how they get a CA to sign the certificate? Seems like an interesting opportunity for someone within CloudFlare to get their own SSL certs signed, and MITM to their hearts content.

about three weeks ago
top

The Five Nigerian Gangs Behind Most Craigslist Buyer Scams

Gollum Re: We need to carpet bomb Nigeria (160 comments)

In this context, something like tor or a socks proxy would also qualify as spoofing ones IP address, and could throw an ICBM on the wrong track. Just saying.

about a month and a half ago
top

The Five Nigerian Gangs Behind Most Craigslist Buyer Scams

Gollum Re:We need to carpet bomb Nigeria (160 comments)

Not strictly true. You can do it easily if you are on the path normally taken to get to the spoofed IP. For example, see Linux TProxy.

The main constraint preventing it in the general case is the difficulty of guessing the sequence numbers.

about a month and a half ago
top

Linux 3.17-rc2 Release Marks 23 Years of the Linux Kernel

Gollum Re:Poll idea (106 comments)

Ah, that would be 0.99p13, I know there was a gap there somewhere.

about 2 months ago
top

Linux 3.17-rc2 Release Marks 23 Years of the Linux Kernel

Gollum Re:Poll idea (106 comments)

0.99p30, IIRC

about 2 months ago
top

SRI/Cambridge Opens CHERI Secure Processor Design

Gollum Laser cutting directions! (59 comments)

Breathless excitement!

The achievements in the rest of this paper far outweigh the existence of a tablet built on this foundation.

They've created their own 64-bit processor! They've implemented a compiler for it! They've ported FreeBSD to it! That's some seriously impressive stuff!

But the leader has to be the laser cut tablet assembly. :-(

about 3 months ago
top

For 18 Minutes, 15% of the Internet Routed Through China

Gollum Re:Nobody Noticed ... Except Everyone (Even Slashd (247 comments)

Noone has to intercept anything, or maintain a session. Just TCPdump the lot, and look at it later.

That is, unless they are trying to intercept SSL, which they COULD do, as a CA cert controlled by a Chinese company has been added to most browsers already.

more than 3 years ago
top

The iPhone Serial Port Hack

Gollum Re:obviously meant for low-level debugging (217 comments)

Alas, this hack won't do it:

In other words, this design is powered with a power source that isn't even available until the iPhone/iPod is booted up.

I guess you could fix that with an appropriate external power supply; a little wall-wart and some appropriate voltage regulation.

A USB-serial adapter like the CA-42 (powered from the PC on the other end) would be perfect for that purpose. Check out all the OpenWRT or similar "serial console" articles.

more than 3 years ago
top

The iPhone Serial Port Hack

Gollum Re:obviously meant for low-level debugging (217 comments)

Amongst other things, I suppose.

It would be interesting to try listen on this serial port to see if the device emits any messages while booting up. Some trial and error on the baud rate may be required, of course.

more than 3 years ago
top

Un-killable 'Evercookie' Killed ... Sometimes

Gollum Re:Why Safari (186 comments)

Dominic chose to start his efforts to remove the evercookie with Safari. Others have tried with Chrome and FF, etc. No browser is immune, although those that do not support HTML5, or flash are a lot better off.

about 4 years ago
top

Working Toward a Universal Power Brick For Laptops

Gollum Hadn't really found anywhere to post this . . . . (365 comments)

I recently bought an HP 6730b laptop on auction. I took it out of the container, and turned it on (without attaching the power supply). It's pretty snappy, and seems to be in good nick.

Perfect for my mother, I thought.

I plugged the charger in, and started installing Ubuntu. Good God! It's taking an AGE to even go through the POST, never mind running the OS. Shit! And the auction specified no returns if the OS has been changed! Now what?

Xorg is taking 80% of the CPU, just moving the mouse around. WTF!?

Long story short, it turns out it is the aftermarket power brick that is to blame. Unplug it, run it on battery, works like a dream. Plug it in, and it all goes to shit.

Check the voltage on the brick - all according to spec.

Looks like it is time to get a genuine brick for my mom.

My only thought is that the laptop is spending more time cycling between power saving (C3?) states that it actually does executing the instructions it has been given. Can anyone explain this behaviour better?

more than 4 years ago
top

Open Source Router To Replace WRT54GL?

Gollum Re:Buffalo Technology gets my vote. (344 comments)

I have bought a Buffalo WZR-HP-G300NH, and couldn't be happier with it.

4 GbE ports (plus one GbE downstream to an ADSL modem in bridged mode), 32MB flash, 64MB RAM, 1 USB port. Supported by OpenWRT.

While ideally I'd also prefer an integrated ADSL + all of the above, the reality is that they are few and far between (meaning: I couldn't find one!) The advantage of the separated configuration is that should the ADSL modem be fried (e.g. by lightning), with any luck, the more expensive router might survive.

more than 4 years ago
top

Thawte Will End "Web of Trust" On November 16

Gollum Java WebStart, J2ME, Java applets (127 comments)

One thing that a lot of people are ignoring is that Thawte FreeMail certs are used by a lot of small developers to publish Java apps, and this would kill off that ability quite quickly.

That said, I have not seen a word of this on the Thawte web site, which makes me wonder if the submitter is trying to perform a DoS on Thawte for some reason, and are tricking the slashdotters into being that DoS. The page linked takes an enormous amount of time to decide that there is nothing to return, meanwhile slashdotters are beating on the server over and over. Sorry for the OP, though. The rest of their site still seems to be just fine.

about 5 years ago
top

Card-Sniffing Malware On Diebold ATMs

Gollum Re:Track record? (143 comments)

Care to elaborate a little?

What do you consider a "proper OS"?

more than 5 years ago
top

Card-Sniffing Malware On Diebold ATMs

Gollum Re:Track record? (143 comments)

I did some work for a local bank, and their ATM's were running Windows XP (not embedded), IIS (can't remember the version), and IE. This was to allow them to serve "rich content" (movies, images, animations, etc), without having to write it all themselves. The ATM just had IE talking to IIS, and displaying the results in "kiosk mode". The buttons on the sides of the screen were mapped to keys on the keyboard (I think), and that's how it ran.

I specified a full set of ports that needed to be accessible to the ATM controllers, and that was all that was supposed to be accessible from the network.

However, if you can get access to the back of the machine, it has a second monitor, keyboard and mouse, and you can access the OS, and do whatever you want to do. I *THINK* that the keyboard and mouse were locked away in the vault (or at least behind a door), but the hardware itself is pretty standard PC, so I don't imagine that it would be particularly difficult to add a USB keyboard or mouse and gain access when rebooting the device. Maybe even boot from a USB disk or similar.

The reality is that if you have physical access to practically anything, it is game over.

Personally, I would have been a lot happier to see a stripped down Linux kernel + minimal OS, BIOS passwords, bootloader passwords, etc than the entire Windows stack. Less to verify == more security.

more than 5 years ago
top

Perfect MITM Attacks With No-Check SSL Certs

Gollum Re:Really now. (300 comments)

Yes, the example cited is "RESOLVED INVALID", because the bug reporter thought there was a problem in FF, which really turned out to be a real live MITM attack, which is exactly what the link was provided as.

more than 5 years ago
top

Houses With Tails

Gollum Re:Silly to create the organization (307 comments)

The one difference (at least, as I understand it), is that Comcast owns the tail. In this case, the homeowner/HOA owns the tail, and can tell whomever is operating the tail to get lost if they don't match up to expectations.

more than 5 years ago

Submissions

Gollum hasn't submitted any stories.

Journals

Gollum has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?