Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



International Space Station Infected With Malware Carried By Russian Astronauts

JRHelgeson Bad info in article (226 comments)

From TFA:

Stuxnet only became known to the public when an employee of the Natanz facility took an infected work laptop home and connected to the internet, with the malware quickly spreading around the globe infecting millions of PCs.

Stuxnet never spread via the internet. It spread via USB only and then only up to 3 infections before it removed itself from the USB stick.

about a year ago

The Pentagon May Retire "Yoda," Its 92-Year-Old Futurist

JRHelgeson Possibly shuttering the futurist think tank? (254 comments)

The primary role of the Pentagon is to envision what warfare of the future looks like. They take a 20 year view and ask the following questions (and run the following scenarios):
1) Who is/could be the enemy?
2) What does the battlefield look like (jungle, desert, urban, etc).
3) What kind of weapons/tactics will be used against us.
4) Most importantly, what type of military hardware would we need to have in order to counter that threat 20 years out.

They then take this 'long view' and use that as a road-map to invest in future weapons technologies. Mind you; this road-map gets updated every year. Then again, every year, the Department of Defense (DoD) retires 5% of old military technology, and buys up 5% of what's new... and at the end of that 20 year cycle, you have a 100% refreshed military that his hopefully ready/capable to counter whatever threat is coming at us today.

When the Soviet Union collapsed in the 90's, the war plans changed to a dual-theater conflict between 2 large nation-states (i.e. Russia & China). That is the military they built up to fight, essentially a land war in East Asia. When 9/11 happened, DoD was caught *completely* off guard. The reactionary spending that took place cost hundreds of billions more than it should have to up-armor Humvee's and build MRAP's simply because they had failed to plan for battle in the mountains of Afghanistan/Iraq engaged in guerrilla warfare. (Perhaps this is why it was time to retire Yoda?)

If you shut the think tank, the Pentagon will no longer be the R&D arm of the DoD, and within 10 years, certainly within 20 we will be a completely reactionary military force. From there, I do not see how we could or would remain a military super power. I'm not stating this in order to take a position on this being good or bad; I just wanted to put it out there that this would be the consequence of eliminating this central, core component of the Pentagon - and the role it plays in our entire national defense establishment.

about a year ago

The College-Loan Scandal

JRHelgeson Re:College used to be inexpensive... (827 comments)

No - because then it would be 100% taxpayer funded. College is simply a money laundering operation for political power. Highly subsidized education does nothing to change that. I say the government should get out of the market entirely and let the market decide the fair price on the product being offered.

about a year and a half ago

The College-Loan Scandal

JRHelgeson College used to be inexpensive... (827 comments)

There was a day when a College education was affordable, and an enterprising student could work their way through college on a part time job. Then the government got involved providing federally guaranteed student loans. This enabled colleges to start raising tuition, because now students could finance their way through college. Today, any college that doesn't raise their tuition is simply leaving money on the table - they'd be fools not to raise rates. The horse has left the barn, and the race is on. There is no upper limit now to what colleges can charge for tuition because the loans are guaranteed.

Now, the political side of this is that conservatives never wanted the government involved in the first place, because government involvement always distorts the market (which is exactly what has happened). Progressives called the conservatives heartless because they wanted to deny education to the poor and underprivileged. Somehow this argument always seems to work - we want life easier today and never think about the consequences. (Progressives and conservatives exist in both parties, don't let anyone fool you into thinking this is a democrat/republican thing.)

Now we have the consequences: Tuition rates that are skyrocketing and it is now near impossible to go through college without taking on obscene levels of debt. Those who decried government involvement in the first place, would like to see government get out of the student loan business. The reaction is obvious: "You are anti-education! You are not for the poor and underprivileged!"

And so here we are, the way to stop it is to collapse the 'Government-Educational-Complex' - shouldn't be hard. The actual value of a college education is rapidly approaching nil, yet people are paying more and more for it. Government is always happy to enslave you to the debt, because then you'll always vote for the party who promises keeping rates low and/or forgiving your student loan debt. If that isn't slavery, I don't know what is.

about a year and a half ago

Apple: Developer Site Targeted In Security Attack, Still Down

JRHelgeson Someone is taking credit for the hack/disruption (112 comments)

There is a TechCrunch article on the breach, and someone by the name of Ibrahim Balic is taking credit for the breach.
What he wrote is below, and the link provided goes directly to the comment.

Hi there,

My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.

In total I have found 13 bugs and have reported through http://bugreport.apple.com./ The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I've also added screenshots.

One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.

4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first.

I do not want my name to be in blacklist, please search on this situation. I'm keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report.

Short URL: http://fyre.it/tjlVmC.4

about a year and a half ago

700,000-Year-Old Horse Becomes Oldest Creature With Sequenced Genome

JRHelgeson There is truth to the saying... (69 comments)

You can't beat a dead horse.

about a year and a half ago

Ask Slashdot: Best Software For Tracking Fiber Optic Networks?

JRHelgeson Re:ESRI's ArcGIS (75 comments)

Agreed - ArcGIS is what your county government uses to track utilities and maintain them.

about a year and a half ago

BT Begins Customer Tests of Carrier Grade NAT

JRHelgeson Load Balancers beware! (338 comments)

Many hosting providers have traffic load balancers that distribute traffic based upon source IP address (there is a better way to do this, but I'll get to that later). When traffic arrives it routes that traffic to a specific server. When you have a carrier that has thousands of customers all coming from 1 IP, the load balancer routes it to 1 server which quickly gets overwhelmed and either crashes or is just DoS'ed. Then it points it to the next server, then the next. Back in the early days of the internets - AOL pulled this stunt where entire regions would get nat'ed behind a firewall. It was very efficient in taking out online services.

Most load balancers will now look at the session cookie and load-balance off of that, as long as they are configured to work that way. As the practice of CGNAT (as they call it now) went away, I'm sure a number of hosting companies have gone to using source IP as a sufficient load balancing method. If so, we are sure to see these events happen again.

about a year and a half ago

Viruses From Sewage Contaminate Deep Well Water

JRHelgeson Chlorine anyone? (93 comments)

Isn't this why we add chlorine to water? And if you visit a foreign country and drink the water - you get sick?
How is it news that unfiltered ground water can contain harmful pathogens?

about 2 years ago

Microsoft Telling Users To Uninstall Bad Patch

JRHelgeson Repair released for the patch (154 comments)

There is a bootable disk that MS has released to help users recover from this nightmare.

Link: http://www.microsoft.com/en-us/download/details.aspx?id=38435

Repair Disk for KB2823324 and KB2782476 (KB2840165)
To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324, Microsoft is making available a bootable media ISO image through the Microsoft Download Center (DLC). Clicking Download means you agree to the MICROSOFT SOFTWARE LICENSE TERMS.

about 2 years ago

Ask Slashdot: Best Way To Block Noise In a Dorm?

JRHelgeson I use whitenoise (561 comments)

I have a pair of Shure noise isolating ear bud, then I put on a white, pink, or brown noise depending on the sound.
http://simplynoise.com/ is a free website that plays the sounds, or you can download the mp3.
It works awesome.

about 2 years ago

Nearly Every NYC Crime Involves Computers, Says Manhattan DA

JRHelgeson Great (108 comments)

This means Bloomberg is going to ban computers next.

about 2 years ago

Kaspersky Says Cyber Weapons "Cleaner" Than Traditional Weapons But "Much Worse"

JRHelgeson Re:Mini fix (89 comments)

Didn't you hear? He got approved for a second umlaut. His name is now: Mikkö Hyppönen

about 2 years ago

Kaspersky Says Cyber Weapons "Cleaner" Than Traditional Weapons But "Much Worse"

JRHelgeson Limit the size of data packets (89 comments)

Military uses packet sizes of 1500 bytes. We should limit the packet sizes for TCP to 768 bytes for civilian (non law-enforcement) use. Law-enforcement can use 1500 byte packets only after going through special training. This will help mitigate the threat posed by cyber warfare - and it makes as much sense as any other policy being proposed.

about 2 years ago

Hiring Smokers Banned In South Florida City

JRHelgeson This is the result of leftist policy (1199 comments)

Leftist hate liberty. They hate choice. They hate agency. Yet, they claim to carry the banner of freedom and compassion. Nearly every policy they put forth is a slippery slope for the removal of freedoms - always enshrined in the banner of good health, or 'for the children' or 'think of the poor'. It is not enough to say that smoking is bad, it must be banned! Look, I don't smoke, but I really don't care if you do smoke - it has no impact on me. Smoking doesn't make you a bad person. I've often asked - would you rather your son/daughter cheat in school, or smoke? I'm no longer shocked by the number of people who would rather have their kids cheat, than pick up a habit that - though difficult to break - does not have any effect on their moral character.

more than 2 years ago

Verizon Tech Given 4-year Federal Prison Sentence For $4.5M Equipment Scam

JRHelgeson Re:This is not the first hit on Verizon... (163 comments)

Well, if a piece of Cisco network equipment goes down that is covered contractually, they must ship a replacement. With a company as huge as Verizon, there are parts being shipped out *all* the time, and defective parts shipped back *all* the time. If you have 30 days to ship parts back, and the parts don't come back, the procedure is to initiate emails, then escalate from there. Quite often, Verizon gets involved trying to track down the missing parts, trying to solve the mystery - and never is able to resolve the issue until they see a pattern emerge and start to investigate.

The problem is that when conducting business, you must assume that your counterpart is working with you in good faith. In this instance, you have a man-in-the-middle who is transacting the business and defrauding both parties. It takes some time to find that 'leak', especially when you are doing billions a year in network gear, and RMA's of 10's of millions, and this person is doing fraud in the range of 100k+/yr. Then the person doing the fraud is using disposable phones, disposable numbers, and so tracing the fraud down after-the-fact is even more difficult.

more than 2 years ago

Verizon Tech Given 4-year Federal Prison Sentence For $4.5M Equipment Scam

JRHelgeson This is not the first hit on Verizon... (163 comments)

Verizon has been targeted many times. They would steal network equipment, then call Cisco to get an advance replacement RMA, which would take their stolen equipment and double it. Then they would sell the gear on the 'Grey Market' for Cisco hardware. They focused primarily on Cisco 12000 line cards, where an individual card sells for $100k+ and are installed in a redundant fashion.

Then they started just getting serial numbers for equipment and starting RMA's for that, and selling it on the Grey market. When Cisco called to get the status on the return... Verizon would reply with "what return".

I helped track one of these cats back in early 2000's - once he found we were hot on his trail, he abandoned his Bentley, and his Mansion and fled back home to Russia - where he lives currently. Interestingly, this same type of scam popped up in eastern Europe shortly after his relocation.

Our suspect had a friend who worked in security at one of the Verizon data centers. He would grant 'back-door' access to a facility, and permit the theft of the hardware. Stories abound of this guy being too poor to buy gas one day, borrowing $50 from friends in order to make to to the airport to fly out to New York then from New York to California, then California back home - pulling a massive roll of C notes from his pocket and repaying the $50 loan + a couple of C-notes to show his gratitude.

Perhaps the reason we hear about this happening with Verizon was that they became aware of the scam early, then kept tracking the perps until they were finally able to catch them. Kudos to Verizon Security for being able to close the loop on this one. These cases are extremely hard to track and crack.



more than 2 years ago



Hacker takes $50,000 a few cents at a time

JRHelgeson JRHelgeson writes  |  more than 6 years ago

JRHelgeson (576325) writes "In a story strangely reminiscent of Superman 3, a 'hacker' allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. Ironically, he was arrested not for taking the money, but for using false names in order to get it."
Link to Original Source

China Earthquake and Chilean Volcano related?

JRHelgeson JRHelgeson writes  |  more than 6 years ago

JRHelgeson (576325) writes "On May 2, the Chaiten volcano in southern Chile started to erupt for the first time in thousands of years. When I saw the pictures of the volcano eruption in Chile, I was amazed by the magnitude of the eruption. I immediately made the pictures my desktop background.

Then the earthquake in China happened on May 12... on the exact polar opposite end of the earth.

I picked up the globe in my office, took it off its stand. I put one finger on Mt. Chaiten, the other on the epicenter of the China Earthquake... and I spun the globe.

An amazing coincidence? Perhaps. I kinda doubt it though."

Link to Original Source

1.6M records stolen from Monster.com

JRHelgeson JRHelgeson writes  |  more than 7 years ago

JRHelgeson (576325) writes "Somebody has found a use for monster.com. The attackers first harvested applicant information using stolen employer credentials. They gathered the information on job seekers living in certain areas and seeking specific jobs. They then crafted custom phishing emails targeting the job seekers by name, getting them to install an information gathering Trojan or ransomware."
Link to Original Source



JRHelgeson JRHelgeson writes  |  more than 11 years ago

The Universal Product Code (UPC) Barcode is a 12-digit code originally introduced to retailers in the 1970's. It is a simple technology that provides an effective method of managing groups of items in a stores inventory. We're all familiar with barcodes, they've become ubiquitous. Nearly every product has one; from penny candy, to a $30,000 flat screen TV.

The problem with barcodes is how easy they are to create, or more importantly how easy they are to forge. All one must do is download a standard UPC barcode font from the internet and install it on their home computer.

An individual could walk into a store and write down the UPC code off of - lets say a 15" flat screen monitor that costs $245. This would-be criminal then goes home and prints up a UPC code on a label from his home computer. Our criminal then returns to the store, places the label on a 21" flat screen computer monitor that retails for $995 and proceed to the checkout counter.

When the would-be thief passes through the checkout stand, the cashier scans the product, rings up the sale and the criminal passes right through the front door with his thousand dollar monitor that he just bought with a $750 "instant rebate".

You have just witnessed the latest technological innovation in shoplifting, a crime I have termed "Barcode Scamming". The amount of damage a single criminal could do is staggering.

It doesn't have to be a thousand dollar transaction. A barcode scammer could simply take the code from a small box of XYZ Laundry detergent and place it on the Jumbo box. The cash register still displays "XYZ Laundry detergent" but the price isn't right, and who's going to notice?

This new crime has me up at nights because unfortunately this type of crime is on the rise. As this crime grows, it has the potential to completely destabilize our entire nation's economy. Barcode Scamming is very difficult to catch as it is impractical to expect cashiers to inspect the barcode on every product that passes through the register.

Businesses are already losing untold billions of dollars per year because of shoplifters, a cost that is then passed to the honest consumer. Right now, shoplifters get away with whatever they can hide on their person, or sneak out the front door. Now, with the use of technology, these five finger discounters can pass through any register, pay for the 'discounted' merchandise and walk right past the security guard on the way out the door.

This is precisely why we need to replace the venerated UPC barcode with newer technologies such as the RFID tag or the recently unveiled "EPC Network" which is reported to be the next generation of barcodes, able to store 96 bits of information on a printed 'barcode'. EPC stands for Electronic Product Code and is currently being developed by the Massachusetts Institute of Technology, set to debut in Chicago at the EPC Symposium on September 15, 2003.

Radio Frequency Identification (RFID) technology uses a tag that contains a microchip that stores a products ID number and serial number. RFID tags are similar to theft deterrent tags that are attached to merchandise that trigger alarms at the gates of a store if they haven't properly been deactivated.

When scanned by a RFID scanner, the tag will wirelessly transmit its unique RFID number back to the scanner. This enables retailers to scan in an entire pallet of merchandise into inventory without having to open a single box. Consumer privacy advocates are concerned that the technology could be abused by retailers to track products from the store shelf to the individual's home.

Retailers have been slow to adopt RFID tags due to the cost of the tags themselves. Tag manufacturers have been charged with bringing the cost down to 5 cents apiece. At that price, it becomes economical for distributors and retailers to deduct that nickel from their respective profit margins. The savings obtained by easier inventory management will be enough to compensate.

Of particular concern to me is a technology that is being developed by RSA Security to disrupt the transmission of information transmitted back from the RFID tags. RSA Security states that the purpose is not to disable the use of the tags, but to protect the privacy concerns of the customer. Regardless of its intended purpose, I am concerned by the development of any technology that could compromise the integrity of the RFID tag.

Regardless of the next generation of technology used, we must replace the venerated 12 bit barcode with a technology that can insure the integrity of each retail transaction. Just like a nation must insure the integrity of its national currency, product manufacturers and retailers alike must insure the integrity of each retail transaction.

I say that the concerns voiced by the privacy advocates are unwarranted. The benefits provided by the use of these new technologies are far outweighed by the economic threat posed by keeping with the obsolete UPC code. Consumers aren't stupid; they'll steer clear of retailers that keep track of too much of their personal information. Grocery stores learned this lesson when they began losing customers once they started tracking customer purchases through the use of store discount cards.

Retailers simply want to increase the efficiency of managing their inventory, while at the same time maintain the integrity of the products for sale in their store. RFID tags provide the necessary solution to this problem. In this case, the cost of not implementing the technology will soon far outweigh the costs associated with its implementation.


Viruses vs. Worms -- What's the difference?

JRHelgeson JRHelgeson writes  |  more than 11 years ago

It seems there is confusion as to what makes a virus, and what makes a worm, what distinguishes the two and why any of this matters. There is a very clear and simple distinction between the two, and it astonishes me that 'industry experts' continually fail to properly distinguish them.

Simply stated: Viruses require user interaction to spread whereas worms exploit vulnerabilities in operating systems to spread and do not require any user interaction.

Put in its most simplistic terms:
To protect yourself from a virus, do nothing. To become infected by a worm, do nothing.

Allow me to explain.

Viruses require user interaction to spread. A virus can infect a file, being parasitic in nature, or it can be a free standing application. If it is a free standing application it is most commonly a Trojan horse - a malicious application whose true purpose is disguised until the user has been tricked into launching the application. Trojan horses are often used to install backdoors on machines, but all of these are clearly viruses.

The way to defend yourself from viruses is to either use an anti-virus program, or remain alert to the various malicious programs that exist out there and DONT CLICK ON THEM.

I currently have several hundred viruses, Trojan horses and backdoors on my computer. They are all there for research purposes. I know they're there, I don't click on them, and I am not infected by any of them.

Similar to the researchers at the Center for Disease Control (CDC) in Atlanta; They work with the Ebola virus every day, does that mean they're infected with it? Of course not! They know the danger of the substances with which they work on a daily basis, and so do I.

A worm is a much different animal. The way you protect yourself from a worm is to patch the holes in your operating system. If you do nothing, and you remain connected to other computers on a network, you will become infected. Worms spread through vulnerabilities that exist in operating systems. If you patch your system, you have essentially become inoculated against the worm.

Folks are labeling the Swen virus as being a worm. While Swen does have some characteristics of a worm, its primary method of spreading is by user interaction, thereby making it a virus.

If you have failed to patch yourself against the MS01-020 vulnerability, then the Swen virus will spread simply by viewing the email. The user interaction here is the viewing of the message. The MS01-020 vulnerability was discovered in 2001. Personally, if you haven't patched your computer since then, you've earned that victim status.

Original Discussion

Slashdot Login

Need an Account?

Forgot your password?