Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

TMYates Re:Antivirus (122 comments)

Antivirus applications would never be an end all solution in any case. There might be a chance they can catch it, but you have to be up to date on the definitions for most to be able to catch it. Some newer systems may be able to do heuristics and catch potential cases that look malicious, but can have false-positives and false-negatives. Even cases where you have the best of everything and are up to date may not completely eliminate risk. This is where Zero-Day exploits (or unpublished exploits) can find their way in and disable or bypass many of these countermeasures.

Firewalls would not be helpful for anything other than blocking known ports to command and control servers. In this case, using Tor would be an advantage for the ransomware as it would block any legitimate use you may have for Tor browsing (not that I would allow it for business use in most cases). You are most likely thinking of something like an IDS/IPS system that can sit on the network and sniff out malicious traffic. Some allow for Deep Packet Inspection with SSL decryption. Even that may not cover all cases. If they use custom protocols or a different method for encrypting traffic, it would most likely render such setup useless after an infection. It may help in the initial detection however.

In the end you can never be 100% covered for anything. I always live by the notion that it is not a matter of IF but WHEN something is going to happen. The best solutions are the simplest. Make sure you have recoverable backups (don't just set them and forget). It also helps to reduce your footprint and exposure as much as possible.

2 days ago
top

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet

TMYates Government Control (76 comments)

Just have to put this out there, but now that the government has taken control, how much do you want to bet the NSA will use this opportunity to spy? Even if they do not use Zeus long term, they could use it to install their own software on millions of PCs that are already infected.

about 2 months ago
top

TrueCrypt Website Says To Switch To BitLocker

TMYates Re: Fishy (566 comments)

I may need to look into this for home use again. The USB key was the reason I stopped using it at home since it was nearly impossible to find a consumer level device without a TPM and I got tired of the USB requirement for 7. Of course it has been a few years since I bought a laptop.

I have used both TrueCrypt and BitLocker and like them both, but to be completely honest, BitLocker is the better option for a business with several computers because of the recoverability. I hated having to know our employee's TrueCrypt passwords so I could work on their systems.

Also, I may be one of the few who actually likes Windows 8-8.1.1 (*gasp*) so this would not be an issue for me.

about 2 months ago
top

TrueCrypt Website Says To Switch To BitLocker

TMYates Re: Fishy (566 comments)

Correct. But there is a downside. In order to use BitLocker without one, you will require using a USB drive for unlocking the system. A big security risk with using that method in a company environment would be how many simply leave the key in the computer. That would be like leaving the key to your house in the keyhole on the outside of your house. If you have to go that route, you can also add a password with the USB drive to unlock.

Source: Experience

about 2 months ago
top

Google Using YouTube Threat As Leverage For Cheaper Streaming Rights

TMYates Stand up against it (197 comments)

If I were a musician with a large following such as say Metallica (just an example). I would just look to google and say goodbye. Why should I be forced to something in another service just because I use YouTube for the music videos? Especially when anyone can currently upload to YouTube for free. I would then pull all my videos and music from the play store, YouTube, etc... and then start a campaign against this sort of thing with my cult fan-base. Considering some of the stores then revoke the music from those with subscriptions to Google Play and/or do not allow re-download if you forget to back up your local DRM (Had this happen with a couple of services) even though you paid for the service, who would be the one to suffer long term? I bet at that point, you would see a bunch of people leaving or using a service less and less.

Just my opinion anyway. Take it for what it is worth.

about 2 months ago
top

Google Foresees Ads On Your Refrigerator, Thermostat, and Glasses

TMYates I can see it now (355 comments)

Think about what their thought process might mean for some Android devices:

Before we establish your call, you must watch a 30 second Ad. Only after the first 10 seconds will you be able to skip. You can skip every 20 Ads.

Just look what happened to YouTube.

about 2 months ago
top

Google Foresees Ads On Your Refrigerator, Thermostat, and Glasses

TMYates Re:better question... (355 comments)

If they started playing audio for the ads, I would be pissed. That would be worse in my opinion that the stupid drive by audio bombing advertisements that seem to pop up randomly on sites. At least chrome tells you which tab it is. This is also why I turn flash off unless I know an activity I am doing requires it. Which in most cases is very little.

about 2 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates Net Send / MSG (84 comments)

For the most part that was restricted or disabled since the XP days (after one of the updates. Cannot remember which). You reminded me of the old school spam I used to get...

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates RE: Fix "normal" (84 comments)

And the previous comment that this was in reply to is now gone....

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates Fix "normal" (84 comments)

So you can be the one responsible to fix other vendor's software and web sites when they fail to run on other browsers. Have fun with that. Not everyone can switch and still function. It may not be the fault of the company using IE. Also, you have to look at organizations like Hospitals that are under regulations that may make it impossible or expensive to recertify equipment. A good example is the FDA regulating product certification systems. Changing out a system design can cost tens or hundreds of thousands of dollars to recertify a design.

I have my fun with Linux and use it in various ways, but it isn't always the easiest thing to just swap out in a workstation setting. You apparently have very limited knowledge of the various industries and exist in a world where your way is the only correct way. You can go have fun with your copy of Linux, but don't assume it fixes everyone's issue without understanding what they do. If they can switch and still function, great. For purely desktop/laptop environments, Microsoft still has ~90% market share.

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates Re:Misleading Summary (84 comments)

I saw it show up on my WSUS server today for XP on up.

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates Re:My thoughts. (84 comments)

This response was supposed to be a general "what should I do" not "what can I do" type of question. I used the browser topic as a sample, but yes they have released the patch. If a vulnerability was published today, you cannot just assume tomorrow they will have a patch ready to ship and hence why the question was asked how to handle a situation of such.

It depends on the size of the shop and the IT staff. As a one man IT shop, I would be the one creating, testing, and implementing. Not saying everyone is bad at that, but I happen to know my scripts and GPO objects. In the workaround, they clearly gave instructions for running the fix at a command line. That part would not be difficult to do and if it were serious enough for a large organization, they would most likely already have a rapid test process in place for a vulnerability like this. You would still have to educate the users on a new browser should you push one out, but at least you can reduce the time needed for IT to go to every computer and manually install the software. You wouldn't have to instantly switch it to default.

As for the GPOs to manage the other browsers, it depends on how they store files. But to prove you wrong on Chrome not having them, here: https://support.google.com/chr...

EMET should have been a 3rd option, but I wouldn't recommend every shop immediately go out there and implement it without understanding it. There are many complicated things that it helps mitigate and improperly implemented could cause more headaches to the help desk. That being said, I have started to research it for other reasons so I won't knock it being a worthwhile investment.

Also, you better hope you are on the latest version of EMET, because 4.1 has been bypassed and it is only a matter of time for newer versions: http://bromiumlabs.files.wordp...

Now go back into your hole since you are too afraid to stand behind anything other than AC for your post name.

about 3 months ago
top

Ask Slashdot: How To Communicate Security Alerts?

TMYates My thoughts. (84 comments)

In the case of the browser, there are a couple of things I would have done:

1) IT should have selected a viable alternative. Whether it is Chrome, FireFox, etc... IT should be deciding on one to use. You are right in not wanting to bog down the help desk with these calls. By selecting one you can send a message out to your users stating that to improve security, reliability, and performance of your system, we will begin rolling out a new web browser for everyone to use. Be sure to include time for a quick training session. There are various methods for pushing software out behind the scenes as well to install it without bothering many of the workers.

2) Used something like Group Policy to push out the workaround and disable the DLL in question. This could have easily been done using a login script or GPO. Then you could sit tight waiting on a patch for your existing browser. You may still want to remind everyone to be on the lookout for anything suspicious and report it should something happen.

The sad fact is that nothing is bulletproof. It could just as easily be Chrome or Safari next week. Don't forget Safari had a nasty SSL flaw not too long ago too. You are right in not wanting to scare your users, but that is where I say you need to put effort into education on the basics of security. Let them know you have their back. And above all, be creative.

about 3 months ago
top

Ask Slashdot: System Administrator Vs Change Advisory Board

TMYates WSUS or SCCM (Configuration Manager) (294 comments)

I would recommend the use of either Windows Software Update Services (WSUS) or in combination with System Center Configuration Manager (SCCM). WSUS allows you to approve/unapprove all the updates you want to allow in your network. You can group specific computers to a specific set of approved updates if you would like. You can also use SCCM to manage the change control, what was approved, and what was installed. SCCM can also be used to deploy updates in certain circumstances.

Of both of the options, WSUS is free and can be installed on Windows 2k3 or newer. SCCM is now licensed through the System Center package which may or may not be worth looking into if you want to look at the other built in components to it.

about 3 months ago
top

Microsoft Confirms It Is Dropping Windows 8.1 Support

TMYates Re:Slashdot is ridiculous (575 comments)

I completely agree. I should also mention there have been XP updates in the past (though not like a full service pack) that required you to run before any other update would show up. But alas, nobody probably remember the updates to Windows Update that did this.

The point Microsoft is making here is that 8.1 is going to be supported, but it requires this one update for any future updates. This is probably due to many of the new features and changes to the UI they have implemented. They also probably could have worded it better.

That being said, they need to fix the current issues with their patch first. Namely the TLS issue because if you do not have 2K8 R2 or higher for a WSUS server then you have to turn off SSL because lower versions cannot support TLS 1.2.

about 3 months ago
top

The New 'One Microsoft' Is Finally Poised For the Future

TMYates Re:One Kernel? What Does That Mean? (270 comments)

Probably not entirely true right now because most of their development has not touched the SDKs for these platforms. It is still a work in progress and their new Unified App framework will most likely make your desire a reality. The fact that they went from Windows CE during the Windows Phone 7.X and earlier days to an NT kernel for 8 shows this progress in the phone space for Microsoft. It also helps that they are migrating from XAP apps to Appx. The new Xbox One uses something based off Windows 8 components (At least kernel, not sure of anything else). Even the Windows for ARM called RT (Big fan of mine by the way for all the haters out there).

They are getting there, but it is not an overnight accomplishment. That would be like saying tomorrow PS3 games will work without recompiling on an Xbox. They have to update headers and references to SDKs they are using to make it work on another platform. This is where Microsoft is really wanting to head with the Unified Apps. They want to have their framework on everything so you do not have to recode. Even better that they are open sourcing good portions of the .NET framework. That would potentially mean that even Android/Linux could use the same app in some ways.

about 3 months ago
top

.NET Native Compilation Preview Released

TMYates Re:So no more .net redistributable? (217 comments)

Just saw that. This will be interesting to see. I hope it means only the framework and not 3rd party libraries because that could make licensing or detecting 3rd party libraries interesting. I know I would want my library to still be separate unless I give you the code.

about 4 months ago
top

.NET Native Compilation Preview Released

TMYates Re:What bunk.... (217 comments)

All code ends up at one point or another as native code running against the CPU. There may be several stages before it ends up in native code. Interpreters take the code and convert it into instructions the CPU understands on the fly. The fact that .NET gets converted into CIL means that it should be at least partially interpreted. The JIT compiler is the last step that compiles it into native code for the CPU, but this happens before the code block executes. Now, there are technically ways of using the .NET NGEN tool to pre-compile for the system the code sits on, but until it hits the JIT compiler it might as well be an interpreted language (i.e. C# to CIL). This is why they are just now announcing this native compilation tool where it takes out the CIL step completely. Because .NET currently needs to first be converted into byte code before hitting a compiler, I say that it makes perfect sense that it can be considered interpreted at least to the point of the JIT. If my definition of an interpreted language is wrong then I accept that I am wrong. Most of my beliefs on this stance I would base off of the ECMA-335 specification.

about 4 months ago
top

.NET Native Compilation Preview Released

TMYates Re:So no more .net redistributable? (217 comments)

Not true. Native only means that there will be no IL (Intermediate Language) code. Right now .NET is more interpreted than it is compiled. This would mean it gets compiled like C or C++. You would still need the .NET redistributable for any libraries you reference just as you have done with C++ libraries or DLL libraries in traditional Windows development. Not having to compile the code before executing it (using the JIT compiler) means serious performance, but also paves the way to more native support on other devices. Especially since they released it into the open.

about 4 months ago
top

How Do You Backup 20TB of Data?

TMYates Re:I agree but... (983 comments)

I use CrashPlan at home for my 18+TB Home Brew SAN. I have 1 VM running as my file server that has about 10TB of the total storage assigned. I switched from Carbonite to CrashPlan because CrashPlan does not limit bandwidth like Carbonite does (2Mbps for first 200GB and then 200Kbps thereafter). It would have taken me more than 11 years to backup 4TB to Carbonite, but with CrashPlan and my 35Mbps Upload, it took me about 1-2 months for the initial backup of 10TB. Now it only syncs the updated files and has no trouble keeping up. I should also add that you can use CrashPlan to backup to a friend or external hard drive from the same app for Free as well. As for the paid subscription, Business is $7 per PC for unlimited storage and home is like $7 per PC and $14 for a family plan of up to 10. Home edition does not limit installs to non-server systems (as I use mine for personal use). * I am not a paid representative of CrashPlan. Statements are based on personal opinion or experience.

about 4 months ago

Submissions

TMYates hasn't submitted any stories.

Journals

TMYates has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...