Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Microsoft Takes Down No-IP.com Domains

Predius Re:Affected me (495 comments)

On the flip side, most ISP operated edge DNS servers ignore low TTLs below their desired threshold now as a means of reducing load, I've seen some force a 24hr minimum.

about a month ago
top

Microsoft Takes Down No-IP.com Domains

Predius Re: My stuff got hit by this. (495 comments)

There are ways to do VPNs from dynamic endpoints that don't require dynamic DNS. IPSec supports xauth for just this purpose.

about a month ago
top

Microsoft Suspending "Patch Tuesday" Emails

Predius Re:It looks like a response to anti spam laws (145 comments)

Come to think of it, I'm getting emails from VMWare asking for permission to get further emails from them as well...

about a month ago
top

Microsoft Suspending "Patch Tuesday" Emails

Predius Re:It looks like a response to anti spam laws (145 comments)

It's not just MS, OpenSRS (Based out of Canada) has just done away with their email notification for system outages as well. They're now providing an RSS feed or you can periodically check their blog. Their solution for those who liked email alerts, a third party service that watches the RSS feed and emails on updates...

about a month ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

A reboot isn't a power cycle... and at least on the Intel's if you go with an enterprise model they stay in RO mode. It's certainly something to consider, I'd hope for an appliance design the estimated write volume would be taken into consideration also so you would never plan for the drive to reach that point in the appliance's life span?

about a month ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

The drive did go into read only, until power cycled. As documented.

I get the planned obsolescence gripe, but it didn't lock out until over twice it's advertised write capacity had been burned through, and again, at no time did it corrupt data. You light the fuse with the first write and advance towards the time bomb with each additional one, so planned or not the drive only has a finite life span. Would you prefer the Samsung's failure mode instead?

about a month ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

Actually, if you read the article...

None of the drives died at their 200TB rated endurance, although the Samsung DID fail a data retention test. The Intel let go at 700+ TB of writes along with two other drives, but did so with plenty of advance warning and died in a way as to allow for one last read off of the data without corrupting it with a bad write. Hard to fault them there.

about a month and a half ago
top

Cisco Opposes Net Neutrality

Predius Re:Somewhere in my mind... (337 comments)

If there is enough bandwidth that there is no congestion or queing required, QoS is useless.

about a month and a half ago
top

Cisco Opposes Net Neutrality

Predius Re:Somewhere in my mind... (337 comments)

And QoS isn't needed if you have enough bandwidth in place in the first place.

about a month and a half ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

That is your opinion. And you can do what you want with your mailing list server.

And any domain owner can configure DMARC if (s)he wants to. Which leaves the recipient mailserver operator free to NOT accept the message from your mailinglist server. Your opinion is not internet-law (even if it is written in RFC).

And that is why DMARC is a bad standard that hopefully the net as a whole rejects. They purposely avoided the RFC process. RFCs may not be 'internet law' but if everyone decides to start going their own way, we're going to end up back in the olden days of IM with everyone stuck in balkanized little e-mail fiefdoms unable to contact other fiefdoms. Would sir like to sign up for Google's Internet, Microsoft's, Yahoo's? Pick one, and hope your friends pick the same.

about 3 months ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

Breaking normal mailinglist behavior... DMARC is based on a misinterpretation and misuse of email headers.

about 3 months ago
top

How the USPS Killed Digital Mail

Predius Re:Incomplete (338 comments)

Not entirely true. While they don't collect funds collected via taxes, they also don't PAY taxes on many things, like say property taxes for their offices, sorting facilities, etc. So they indirectly are Government funded, at the state and municipality level.

about 3 months ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

With the way DMARC is being implemented, I don't think there is a way for a listserve to be 'DMARC compliant'.

Instead I've had to tell those with Yahoo and Hotmail accounts to go away and not to come back until they get an account with a non DMARC nutter service.

about 3 months ago
top

Department of Transportation Makes Rear View Cameras Mandatory

Predius Re:Grabs popcorn (518 comments)

Of course, this is ignoring the INCREASE in accidents this will cause by people looking forward, staring at a screen rather than backwards while backing up, missing little details like traffic to the left and right, etc. I'd be much happier if they mandated a minimum visibility spec out the back than cameras, we're now mandating distracted backing up... blech.

(Side note, I won't be riding a motorcycle on the street ever again, too many idiots not paying attention at the wheel now, this isn't going to help.)

about 4 months ago
top

Is Whitelisting the Answer To the Rise In Data Breaches?

Predius Re:Hash (195 comments)

Exactly. Windows has a means of doing this built in from at least XP, but no app provided to automate it's management. You can setup the system so it will only execute binaries with approved hashes. Back around 2002/2003 we were playing with a program in house that would build a baseline of approved hashes on a clean system, then push that list out to our workstations. To get an app approved we would then fire up the clean box, install, update, push, etc. We never got it past the budget phase though, but it accomplishes exactly what OP is asking about. For point of sales terminals, etc that shouldn't be a moving target I'd say heck yes they should be in whitelist only mode.

about 6 months ago
top

Apple's New Mac Pro Gets High Repairability Score

Predius Re:Amazing Apple engineering (234 comments)

It'll be interesting to see where the market moves. The companies producing boxed workstations aren't shipping them in the form factors they are because their users hate them. I think the new SATA Express is going to be the storage interconnect going forward, which retains the current 3.5" drive form factor and connector setup as well as backwards compatibility with SATA making for an easy transition and retaining support for legacy large (4TB+) spinning rust volumes.

about 7 months ago
top

Apple's New Mac Pro Gets High Repairability Score

Predius Re:Amazing Apple engineering (234 comments)

Only if by 'uncompromised' you mean:
- Limited video card options
- No internal drive bays
- No internal PCI Express slots

It's a slick rig, but it only covers one niche of the workstation market. Apple got the design to where it is by opting to eliminate choice from many of the design variables, a compromise. Other workstation vendors choose to compromise in the other direction by having systems that may require more than one fan but also allow for user choice in what powers the system.

I should point out my 4 fan workstation is nice and quiet despite all the potential spinny bits. Like the Apples of old the primary cooling fan is a low RPM large diameter unit that is silent when working. The second fan is in the power supply and thermally controlled. Again, silent under the max stress my payload is able to put it under. The last two fans are sandwiched between a radiator and again are thermally controlled and so far have only spun up into the audible range once while I was running a torture test but were still quieter than my xBox 360 at idle. My system sits at ear level to my right so it's not getting masked by being under a desk, etc. In comparison to the new Apple workstation it's far larger physically as the primary tradeoff for the customizability I have.

about 7 months ago
top

Time For a Warrant Canary Metatag?

Predius Re:Right to quit (332 comments)

Better get someone else to update it, under penalty of law, says mr injunction.

about 8 months ago
top

Time For a Warrant Canary Metatag?

Predius Re:Slavery hack (332 comments)

By announcing the plan ahead of time, you are saying the actions are in direct response to, and a way to covertly signal that a warrant with gag order has been issued. Hell, your announcement may trigger legal action BEFORE a warrant is ever issued.

about 8 months ago

Submissions

top

Operation Payback's Command and Control System

Predius Predius writes  |  more than 3 years ago

Predius writes "Fun with Anonymous — Infiltrate the hive

Anonymous has been in the news again lately for loosely coordinated DDoS attacks on high visibility targets in the name of defending Wikileaks. Their weapon of choice is a modified LOIC (http://en.wikipedia.org/wiki/LOIC) install, a 'network stress tool' written to include IRC driven command and control. Volunteer LOIC installs become part of the 'Hive Mind' which Anonymous directs to attack chosen targets.

The command and control of LOIC is actually VERY simplistic. Figuring it out takes very little effort thanks to the modified LOIC install including nearly the full source of all code used to make the prepackaged binaries.

By default LOIC expects the user to direct it. Upon providing an IRC server, port and channel it switches to Hive Mind mode and connects to IRC automatically and joins the specified channel to await instructions. Instructions must be posted by a channel owner or operator, or in the topic of the channel. As security, all LOICs use predefined username patterns as well as specific user and real name info.

Nick: LOIC_XXXXXX (Replace the X's with upper or lower case letters, must be 6 total to match the channel invite mask.)
Username: IRCLOIC
Realname: Newfag's remote LOIC
Server: thealps.anonops-irc.com or irc.anonops-irc.com port 6667
Channel: #loic
CTCP Version Reply: SmartIrc4net 0.4.0.28389

From the LOIC README:
-------------------------------------------
==============================
|| CONTROLING LOIC FROM IRC ||
==============================

As an OP, Admin or Owner set a channel topic or type message with (as an example
):
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true

To start attack type
!lazor start

Or just append "start" in the END of the topic
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true start

To reset options back to default:
!lazor default

To stop attack:
!lazor stop

And remove "start" from topic (if exists)
You can also replace "start" by "stop" in the END of the topic.
-------------------------------------------

There are bots in the channel that periodically do version checks on all bots in the channel, so make sure you get the version string right. Also there are real users who monitor for odd activity, so I suggest just idling with your LOIC simulation and setting up a second connection to poke around with using normal looking credentials. So far they have been fairly quick to g-line suspected fake LOICs that botch any of the credentials and post repeated warnings to attack any found 'with anger'.

#OperationPayback is where the live chaos is, mostly a shouting match of various self proclaimed 'hacktivists' with a few trying to direct the horde with various degrees of sucess. This channel is also handy to monitor as changes to the attack plan will be announced along with start times.

As various external sources disable Anonymous assets, either irc servers directly via DoS attacks or by disabling the domains used new replacements are announced here as well. The Hive appears to be very slow in recovering from these hits given that the simplistic control structure doesn't include a means to auto-update the hive settings, relying on constant user monitoring and intervention instead. There is active discussion in #newloic on an upgraded or replacement tool in progress."

Journals

Predius has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...