Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Comcast Tells Government That Its Data Caps Aren't Actually "Data Caps"

Predius Re:Sigh (333 comments)

I want to say this was all debated once in the past back in the dialup era. If you advertised 'unlimited' dialup, you had to deliver and couldn't back door in per hour charges, etc. What makes this any different?

4 days ago
top

Errata Prompts Intel To Disable TSX In Haswell, Early Broadwell CPUs

Predius Re:Not all that surprising... (131 comments)

A feature that has yet to appear in the Xeon line, and Intel claims to already have a fix to bake into the next steppings so... Opterons can go back to being scared of the future.

about three weeks ago
top

NVIDIAs 64-bit Tegra K1: The Ghost of Transmeta Rides Again, Out of Order

Predius Re:Is it better? (125 comments)

This is an area where post compile optimization can shine. By watching actual execution with live data, the post compiler optimizer can build branch choice stats to tune against based on actual operation rather than static analysis at compile time. HP's dynamo project IIRC was based around this idea, it'd recompile binaries for the same architecture it ran on after observing them running a few times. I believe the claims were an average 10% improvement in perf over just compiler optimized binaries.

about three weeks ago
top

Microsoft Takes Down No-IP.com Domains

Predius Re:Affected me (495 comments)

On the flip side, most ISP operated edge DNS servers ignore low TTLs below their desired threshold now as a means of reducing load, I've seen some force a 24hr minimum.

about 2 months ago
top

Microsoft Takes Down No-IP.com Domains

Predius Re: My stuff got hit by this. (495 comments)

There are ways to do VPNs from dynamic endpoints that don't require dynamic DNS. IPSec supports xauth for just this purpose.

about 2 months ago
top

Microsoft Suspending "Patch Tuesday" Emails

Predius Re:It looks like a response to anti spam laws (145 comments)

Come to think of it, I'm getting emails from VMWare asking for permission to get further emails from them as well...

about 2 months ago
top

Microsoft Suspending "Patch Tuesday" Emails

Predius Re:It looks like a response to anti spam laws (145 comments)

It's not just MS, OpenSRS (Based out of Canada) has just done away with their email notification for system outages as well. They're now providing an RSS feed or you can periodically check their blog. Their solution for those who liked email alerts, a third party service that watches the RSS feed and emails on updates...

about 2 months ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

A reboot isn't a power cycle... and at least on the Intel's if you go with an enterprise model they stay in RO mode. It's certainly something to consider, I'd hope for an appliance design the estimated write volume would be taken into consideration also so you would never plan for the drive to reach that point in the appliance's life span?

about 2 months ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

The drive did go into read only, until power cycled. As documented.

I get the planned obsolescence gripe, but it didn't lock out until over twice it's advertised write capacity had been burned through, and again, at no time did it corrupt data. You light the fuse with the first write and advance towards the time bomb with each additional one, so planned or not the drive only has a finite life span. Would you prefer the Samsung's failure mode instead?

about 2 months ago
top

Kingston and PNY Caught Bait-and-Switching Cheaper Components After Good Reviews

Predius Re:And another on the ban pile (289 comments)

Actually, if you read the article...

None of the drives died at their 200TB rated endurance, although the Samsung DID fail a data retention test. The Intel let go at 700+ TB of writes along with two other drives, but did so with plenty of advance warning and died in a way as to allow for one last read off of the data without corrupting it with a bad write. Hard to fault them there.

about 2 months ago
top

Cisco Opposes Net Neutrality

Predius Re:Somewhere in my mind... (337 comments)

If there is enough bandwidth that there is no congestion or queing required, QoS is useless.

about 3 months ago
top

Cisco Opposes Net Neutrality

Predius Re:Somewhere in my mind... (337 comments)

And QoS isn't needed if you have enough bandwidth in place in the first place.

about 3 months ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

That is your opinion. And you can do what you want with your mailing list server.

And any domain owner can configure DMARC if (s)he wants to. Which leaves the recipient mailserver operator free to NOT accept the message from your mailinglist server. Your opinion is not internet-law (even if it is written in RFC).

And that is why DMARC is a bad standard that hopefully the net as a whole rejects. They purposely avoided the RFC process. RFCs may not be 'internet law' but if everyone decides to start going their own way, we're going to end up back in the olden days of IM with everyone stuck in balkanized little e-mail fiefdoms unable to contact other fiefdoms. Would sir like to sign up for Google's Internet, Microsoft's, Yahoo's? Pick one, and hope your friends pick the same.

about 4 months ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

Breaking normal mailinglist behavior... DMARC is based on a misinterpretation and misuse of email headers.

about 4 months ago
top

How the USPS Killed Digital Mail

Predius Re:Incomplete (338 comments)

Not entirely true. While they don't collect funds collected via taxes, they also don't PAY taxes on many things, like say property taxes for their offices, sorting facilities, etc. So they indirectly are Government funded, at the state and municipality level.

about 4 months ago
top

GNU Mailman 3 Enters Beta

Predius Re:DMARC (57 comments)

With the way DMARC is being implemented, I don't think there is a way for a listserve to be 'DMARC compliant'.

Instead I've had to tell those with Yahoo and Hotmail accounts to go away and not to come back until they get an account with a non DMARC nutter service.

about 4 months ago
top

Department of Transportation Makes Rear View Cameras Mandatory

Predius Re:Grabs popcorn (518 comments)

Of course, this is ignoring the INCREASE in accidents this will cause by people looking forward, staring at a screen rather than backwards while backing up, missing little details like traffic to the left and right, etc. I'd be much happier if they mandated a minimum visibility spec out the back than cameras, we're now mandating distracted backing up... blech.

(Side note, I won't be riding a motorcycle on the street ever again, too many idiots not paying attention at the wheel now, this isn't going to help.)

about 5 months ago
top

Is Whitelisting the Answer To the Rise In Data Breaches?

Predius Re:Hash (195 comments)

Exactly. Windows has a means of doing this built in from at least XP, but no app provided to automate it's management. You can setup the system so it will only execute binaries with approved hashes. Back around 2002/2003 we were playing with a program in house that would build a baseline of approved hashes on a clean system, then push that list out to our workstations. To get an app approved we would then fire up the clean box, install, update, push, etc. We never got it past the budget phase though, but it accomplishes exactly what OP is asking about. For point of sales terminals, etc that shouldn't be a moving target I'd say heck yes they should be in whitelist only mode.

about 7 months ago

Submissions

top

Operation Payback's Command and Control System

Predius Predius writes  |  more than 3 years ago

Predius writes "Fun with Anonymous — Infiltrate the hive

Anonymous has been in the news again lately for loosely coordinated DDoS attacks on high visibility targets in the name of defending Wikileaks. Their weapon of choice is a modified LOIC (http://en.wikipedia.org/wiki/LOIC) install, a 'network stress tool' written to include IRC driven command and control. Volunteer LOIC installs become part of the 'Hive Mind' which Anonymous directs to attack chosen targets.

The command and control of LOIC is actually VERY simplistic. Figuring it out takes very little effort thanks to the modified LOIC install including nearly the full source of all code used to make the prepackaged binaries.

By default LOIC expects the user to direct it. Upon providing an IRC server, port and channel it switches to Hive Mind mode and connects to IRC automatically and joins the specified channel to await instructions. Instructions must be posted by a channel owner or operator, or in the topic of the channel. As security, all LOICs use predefined username patterns as well as specific user and real name info.

Nick: LOIC_XXXXXX (Replace the X's with upper or lower case letters, must be 6 total to match the channel invite mask.)
Username: IRCLOIC
Realname: Newfag's remote LOIC
Server: thealps.anonops-irc.com or irc.anonops-irc.com port 6667
Channel: #loic
CTCP Version Reply: SmartIrc4net 0.4.0.28389

From the LOIC README:
-------------------------------------------
==============================
|| CONTROLING LOIC FROM IRC ||
==============================

As an OP, Admin or Owner set a channel topic or type message with (as an example
):
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true

To start attack type
!lazor start

Or just append "start" in the END of the topic
!lazor targetip=127.0.0.1 message=test_test port=80 method=tcp wait=false random
=true start

To reset options back to default:
!lazor default

To stop attack:
!lazor stop

And remove "start" from topic (if exists)
You can also replace "start" by "stop" in the END of the topic.
-------------------------------------------

There are bots in the channel that periodically do version checks on all bots in the channel, so make sure you get the version string right. Also there are real users who monitor for odd activity, so I suggest just idling with your LOIC simulation and setting up a second connection to poke around with using normal looking credentials. So far they have been fairly quick to g-line suspected fake LOICs that botch any of the credentials and post repeated warnings to attack any found 'with anger'.

#OperationPayback is where the live chaos is, mostly a shouting match of various self proclaimed 'hacktivists' with a few trying to direct the horde with various degrees of sucess. This channel is also handy to monitor as changes to the attack plan will be announced along with start times.

As various external sources disable Anonymous assets, either irc servers directly via DoS attacks or by disabling the domains used new replacements are announced here as well. The Hive appears to be very slow in recovering from these hits given that the simplistic control structure doesn't include a means to auto-update the hive settings, relying on constant user monitoring and intervention instead. There is active discussion in #newloic on an upgraded or replacement tool in progress."

Journals

Predius has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>