×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Department of Transportation Makes Rear View Cameras Mandatory

Predius Re:Grabs popcorn (518 comments)

Of course, this is ignoring the INCREASE in accidents this will cause by people looking forward, staring at a screen rather than backwards while backing up, missing little details like traffic to the left and right, etc. I'd be much happier if they mandated a minimum visibility spec out the back than cameras, we're now mandating distracted backing up... blech.

(Side note, I won't be riding a motorcycle on the street ever again, too many idiots not paying attention at the wheel now, this isn't going to help.)

about two weeks ago
top

Is Whitelisting the Answer To the Rise In Data Breaches?

Predius Re:Hash (195 comments)

Exactly. Windows has a means of doing this built in from at least XP, but no app provided to automate it's management. You can setup the system so it will only execute binaries with approved hashes. Back around 2002/2003 we were playing with a program in house that would build a baseline of approved hashes on a clean system, then push that list out to our workstations. To get an app approved we would then fire up the clean box, install, update, push, etc. We never got it past the budget phase though, but it accomplishes exactly what OP is asking about. For point of sales terminals, etc that shouldn't be a moving target I'd say heck yes they should be in whitelist only mode.

about 2 months ago
top

Apple's New Mac Pro Gets High Repairability Score

Predius Re:Amazing Apple engineering (234 comments)

It'll be interesting to see where the market moves. The companies producing boxed workstations aren't shipping them in the form factors they are because their users hate them. I think the new SATA Express is going to be the storage interconnect going forward, which retains the current 3.5" drive form factor and connector setup as well as backwards compatibility with SATA making for an easy transition and retaining support for legacy large (4TB+) spinning rust volumes.

about 4 months ago
top

Apple's New Mac Pro Gets High Repairability Score

Predius Re:Amazing Apple engineering (234 comments)

Only if by 'uncompromised' you mean:
- Limited video card options
- No internal drive bays
- No internal PCI Express slots

It's a slick rig, but it only covers one niche of the workstation market. Apple got the design to where it is by opting to eliminate choice from many of the design variables, a compromise. Other workstation vendors choose to compromise in the other direction by having systems that may require more than one fan but also allow for user choice in what powers the system.

I should point out my 4 fan workstation is nice and quiet despite all the potential spinny bits. Like the Apples of old the primary cooling fan is a low RPM large diameter unit that is silent when working. The second fan is in the power supply and thermally controlled. Again, silent under the max stress my payload is able to put it under. The last two fans are sandwiched between a radiator and again are thermally controlled and so far have only spun up into the audible range once while I was running a torture test but were still quieter than my xBox 360 at idle. My system sits at ear level to my right so it's not getting masked by being under a desk, etc. In comparison to the new Apple workstation it's far larger physically as the primary tradeoff for the customizability I have.

about 4 months ago
top

Time For a Warrant Canary Metatag?

Predius Re:Right to quit (332 comments)

Better get someone else to update it, under penalty of law, says mr injunction.

about 5 months ago
top

Time For a Warrant Canary Metatag?

Predius Re:Slavery hack (332 comments)

By announcing the plan ahead of time, you are saying the actions are in direct response to, and a way to covertly signal that a warrant with gag order has been issued. Hell, your announcement may trigger legal action BEFORE a warrant is ever issued.

about 5 months ago
top

Apple Converting Trial and Pirated iWork, iLife and Aperture To Full Versions

Predius Re:If only I were less organized! (134 comments)

I am. They're only free if you had some version before. If you've never bought them, you still have to pony up full retail.

about 6 months ago
top

Apple Converting Trial and Pirated iWork, iLife and Aperture To Full Versions

Predius Re:If only I were less organized! (134 comments)

Not according to the Apple App Store as of this moment. Pages, Keynote and Numbers are all $19.95.

about 6 months ago
top

Ask Slashdot: Linux Security, In Light of NSA Crypto-Subverting Attacks?

Predius Re:OpenBSD (472 comments)

Even that's no good if the problem is flaws in the spec rather than how it's implemented by OSs. If the NSA did things correctly they didn't have to muddle with actual Linux/BSD/etc src, they got flaws into the crypto definition itself that reduces the work needed to crack it. The better an OS follows the spec... the easier for the NSA to punch through.

about 7 months ago
top

When the NSA Shows Up At Your Internet Company

Predius Re:Xmission? (309 comments)

Kinda hard to do any hosting if your only connection is a port mirror, you can watch, but you can't talk over said port.

about 9 months ago
top

Windows 8.1 May Restore Boot-To-Desktop, Start Button

Predius Re:Too little too late (628 comments)

Apple has chosen to migrate to an all iOS world slowly, subtly. Give them time, it's in the grand plan. The walled garden with all of it's ways of providing a continuing revenue stream after the initial purchase will eventually be the way of all Apple systems.

MS on the other hand kinda of has to cut the cord and make the jump in one move or forever get stuck in limbo as people refuse to let go of the old ways. It will cause a lot more gnashing of teeth initially, but I suspect by the time Win 9 or 10 (or whatever they dub them) ship the new format will be cleaned up enough to appease most naysayers and the people jumping in for the first time won't have any preconceived expectations to worry about. That seems to be what MS is banking on anyways.

1 year,1 day
top

IRS Can Read Your Email Without Warrant

Predius Re:It's sucks, but they're sorta' right. (332 comments)

Clarification - In the US a service provider can view customer content on or transiting their equipment IF IT'S REQUIRED FOR NETWORK OPERATIONS. IE if there is a mail delivery problem an ISP IT monkey would be ok trolling through mailbox files looking at the smtp headers. Same ISP IT monkey would NOT be legally in the clear if he decided on a random Tuesday to read customer Bob's email for fun. If he went further and acted on the contents of Bob's email he'd really be setting himself up for a legal hurting.

1 year,7 days
top

No Firefox For iOS, Says Mozilla's Product Head

Predius Re:Not a problem for Chrome (318 comments)

Well, save for the fact that 'Chrome' on iOS is just a skin over Apple's WebKit with the slower JS engine Apple 'graciously' lets apps us vs the faster one their browser can access on the same device.

about a year ago
top

Oxford Temporarily Blocks Google Docs To Fight Phishing

Predius Re:Filter outbound email? (128 comments)

Worse, it only takes a few emails tripping the right filters or customer complaint bins before Hotmail decides to never accept email from that relay's IP ever again. No appeal, no cooling off, no support assistance, that IP goes into their blacklist and there is no digging it out afterwards.

about a year ago
top

Driver Trapped In Speeding Car At 125 Mph

Predius Re:It's called the key (1176 comments)

No, it shouldn't. There are uses for handbrake on, with throttle. Just like brakes on with throttle is ALSO a valid mode of operation. Don't dumb my car down because you're scared of it.

about a year ago
top

Tesla Motors Battles the New York Times

Predius Re:CEO Switchout (700 comments)

My Highlander Hybrid gets better milage in town, even in stop and go than on the highway. (30 city vs 25 highway). In my case it can do far more on just battery at low speeds. Weather or not the Tesla follows the same economy curve, no idea although I suspect it's close.

about a year ago
top

Home Server Or VPS? One Family's Math

Predius Re:AWS (380 comments)

Actually a minecraft server is a bit of a pig. Vanilla can be squeezed into 512MB of RAM but it won't be happy. Enable Bukkit and you'll want more than 2GB to keep it from dying due to running out of RAM.

about a year ago
top

Debian m68k Port Resurrected

Predius Re:Interesting given recent removal of 386 support (145 comments)

As a matter of fact, I do have gear in use that is affected by the removal of 386 support. (The linux terminal server project crowd in particular is affected by this also.) If I was trying to troll I think I'd have been a bit more... obnoxious with my wording? Back to the topic at hand, my understanding was that it wasn't the 386's shortcomings that doomed it, it was that they had to invoke workarounds in the x86 branch for them, and THAT was where the hardship came from when trying to move the ball forward over time. In theory, a separate arch shouldn't trigger the same pain as x86 would be free to grow, dead86 would then have to deal with issues as they cropped up separately, without impacting the other arches any more.

about a year ago

Submissions

top

Operation Payback's Command and Control System

Predius Predius writes  |  more than 3 years ago

Predius writes "Fun with Anonymous — Infiltrate the hive

Anonymous has been in the news again lately for loosely coordinated DDoS attacks on high visibility targets in the name of defending Wikileaks. Their weapon of choice is a modified LOIC (http://en.wikipedia.org/wiki/LOIC) install, a 'network stress tool' written to include IRC driven command and control. Volunteer LOIC installs become part of the 'Hive Mind' which Anonymous directs to attack chosen targets.

The command and control of LOIC is actually VERY simplistic. Figuring it out takes very little effort thanks to the modified LOIC install including nearly the full source of all code used to make the prepackaged binaries.

By default LOIC expects the user to direct it. Upon providing an IRC server, port and channel it switches to Hive Mind mode and connects to IRC automatically and joins the specified channel to await instructions. Instructions must be posted by a channel owner or operator, or in the topic of the channel. As security, all LOICs use predefined username patterns as well as specific user and real name info.

Nick: LOIC_XXXXXX (Replace the X's with upper or lower case letters, must be 6 total to match the channel invite mask.)
Username: IRCLOIC
Realname: Newfag's remote LOIC
Server: thealps.anonops-irc.com or irc.anonops-irc.com port 6667
Channel: #loic
CTCP Version Reply: SmartIrc4net 0.4.0.28389

From the LOIC README:
-------------------------------------------
==============================
|| CONTROLING LOIC FROM IRC ||
==============================

As an OP, Admin or Owner set a channel topic or type message with (as an example
):
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true

To start attack type
!lazor start

Or just append "start" in the END of the topic
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true start

To reset options back to default:
!lazor default

To stop attack:
!lazor stop

And remove "start" from topic (if exists)
You can also replace "start" by "stop" in the END of the topic.
-------------------------------------------

There are bots in the channel that periodically do version checks on all bots in the channel, so make sure you get the version string right. Also there are real users who monitor for odd activity, so I suggest just idling with your LOIC simulation and setting up a second connection to poke around with using normal looking credentials. So far they have been fairly quick to g-line suspected fake LOICs that botch any of the credentials and post repeated warnings to attack any found 'with anger'.

#OperationPayback is where the live chaos is, mostly a shouting match of various self proclaimed 'hacktivists' with a few trying to direct the horde with various degrees of sucess. This channel is also handy to monitor as changes to the attack plan will be announced along with start times.

As various external sources disable Anonymous assets, either irc servers directly via DoS attacks or by disabling the domains used new replacements are announced here as well. The Hive appears to be very slow in recovering from these hits given that the simplistic control structure doesn't include a means to auto-update the hive settings, relying on constant user monitoring and intervention instead. There is active discussion in #newloic on an upgraded or replacement tool in progress."

Journals

Predius has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...