×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense

blizz017 Re:Tricky. (356 comments)

On the one hand, Mangham definitely didn't have prior authorization. His actions were illegal, regardless of his intentions.

On the other hand, Facebook's long-term security has been dramatically weakened. Now, anybody who finds a vuln in Facebook isn't going to report it for fear of doing jail time.

Sounds like a fuck-up for everyone involved.

Or you know you follow Facebook's procedure for their bug-bounty program: https://www.facebook.com/whitehat/bounty/ Paying special attention to the following section:

Exclusions The following bugs aren't eligible for a bounty (and we don't recommend testing for these): Security bugs in third-party applications (e.g., http://apps.facebook.com/%5Bapp_name%5D) Security bugs in third-party websites that integrate with Facebook Security bugs in Facebook's corporate infrastructure Denial of Service Vulnerabilities Spam or Social Engineering techniques

If you want to test any of those, you do what practically any book on "ethical hacking" ever states and you get prior authorization.

more than 2 years ago
top

Tech Forensics Take Center Stage in Manning Pre-Trial

blizz017 Re:Military vs. Civilian Justice (172 comments)

1. He's not at trial yet; this is an Article 32 hearing.. basically a grand jury hearing/pre-trial. 2. At Trial, he would have a jury of his peers; far more so than you'd find in a civilian courtroom. He's and enlisted soldier, so if his defense team opted, they can have a jury full of enlisted soldiers. 3. Contrary to what you wish to believe; military court martials aren't show trials. I'd argue that they're ultimately far more fair and impartial than you'll ever find in a civilian courtroom where a DA and/or Judge may have a political agenda to fulfill.

more than 2 years ago
top

Android Ice Cream Sandwich SDK Released

blizz017 Re:Seriously? (309 comments)

which really only works if the only thing the person did was unlock the phone.. if the phone was actually used, you'd have indistinguishable smear marks all over the screen.

more than 3 years ago
top

Security Researcher Threatened With Vulnerability Repair Bill

blizz017 Re:Service Guarantees Citizenship (231 comments)

So if I disclose all your bank password, would that make me immune ? I agree in part, but it is a problem. If as a delivery dude, I find your key under the front door mat, can I make a 1000 copies and drop them off all over the city with your address to teach you to be safer ? I am genuinely asking, I don't have the answer. If I simply return your key, and you keep putting it under the mat, then what do I do.

That's not what he meant; If you disclose the vulnerability that exposes his passwords, you're immune. If you exploit the vulnerability and disclose the passwords than you're not immune from the action of disclosing data improperly. You don't have to disclose the passwords to prove the vulnerability. In your little example, the vulnerability would be the key under the front door mat. The exploit would be using that key and/or making copies of the key. Proper disclosure would dictate that you notify him that his key is under the front door mat and give him time to respond and remedy the situation after a period of time (say 30 days) if he ignores the vulnerability or the vulnerability is remedied, than disclose the vulnerability. Improper disclosure would be letting the public at large know the day you found the key; you don't need to make copies of the key to prove or disclose the vulnerability.. it adds nothing and just makes you a dick. In the reality of this case; the guy didn't disclose any customer data to the public at large (at least from what I gather), and he stated that he will delete any data resulting from the breach and would even allow the company to verify as such. Following the whole "Disclosure Guarantees Immunity" philosophy this guy should be in the clear. Data access is going to occur at times in vulnerability research, what you do with that data is what should determine whether you get immunity or not.

more than 3 years ago
top

Motorola's Identity Crisis

blizz017 Re:Long term, it is a good thing... (135 comments)

Last thing I read on it was from April in this article: http://www.businessinsider.com/next-xbox-may-be-profitable-on-day-one-2011-4 Seems like the business segment containing Xbox is down 5.5 billion over its lifetime, but has been turning a profit for each of the last 11 quarters.. they may be down overall, but they're going to break even here pretty quickly; even more so if they decide not to go the hardware loss route with the next xbox.

more than 3 years ago
top

GAO Report: DoD Incompetent At Cybersecurity

blizz017 Re:Simple solution (104 comments)

As already stated.. this is precisely how it works now. You've practically described it to a T. In fact, we further segregate networks based on the level of classified information they carry; all of which are airgapped.

more than 2 years ago
top

Space Station To Be Deorbited After 2020

blizz017 Re:Why? (572 comments)

The Space Station is in a Low Earth Orbit (LEO) and will fall to the Earth without its regular altitude boosts

The ISS is in LEO because NASA was INCAPABLE of building a space shuttle that could achieve higher orbit! Because it had to have WINGS so it could land with secret military payloads at designated airfields in the continental USA.

So the AMERICANS crippled the INTERNATIONAL Space Station. It should have been in higher orbit to start with then it would last longer, but NO the Americans had to have it their way. Hopefuly the Chinese won't make the same dumb mistakes.

Nobody said the other partners had to take NASA's money... they were free to build a space station on their own. Don't bitch when the biggest financial and technical partner mandates its way; especially when the next closest partner barely surpassed 1/10th of the AMERICAN cost on the project.

more than 3 years ago
top

Space Station To Be Deorbited After 2020

blizz017 Re:Why? (572 comments)

Interesting that this is not a NASA announcement...

Despite the fact that most American news media refer to it as 'The NASA Space Station" It is, in fact, not exclusively a NASA space station. Its correct title is "ISS" which stands for "International Space Station".

NASA is just one partner of many on this project.

What american news media refer to it as 'The NASA Space Station'? I'm curiously interested, as I have never seen it referred as such.

more than 3 years ago
top

A Linux Distro From the US Department of Defense

blizz017 Re:WikiLeaks 2014 - DOD Spied on employees (210 comments)

And it wouldn't be news at all... given that LPSL its primarily meant to access DoD systems not for general browsing/playing around (In fact the primary point of it is for accessing webmail which requires CAC authentication, and configuring CAC authentication on home systems has generally been a PITA for IT Support), and given nearly every DoD system has the following disclaimer:

THIS IS A DEPARTMENT OF DEFENSE COMPUTER SYSTEM. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized U.S. Government use. DoD computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized DoD entities to test or verify the security of the system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this DoD computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes.

I think it's fairly safe to say that people already know their stuff is being monitored...

more than 3 years ago
top

Anonymous Hack One Gigabyte of Data From NATO

blizz017 Re:NATO Hacking (304 comments)

They are for the most part (Packet switching over shared lines for certain networks being the obvious case of non-isolation physically). Hitting internet connected servers nets you some unclass/fouo maybe confidential level stuff. If you're lucky and hit the right place at the right time, you might get some info that was accidentally uploaded that's classified higher and hasn't yet been cleansed. Keep in mind we have whole groups of people dedicated solely to finding classified info uploaded to NIPR/Public Internet facing systems and to investigate the cause and clean the affected systems. This is why I always take the 'We've hacked NATO's public facing servers and netted some juicy info!!!' type stories with a very big grain of salt. Remember none of the Bradley Manning/Wiki-leaks stuff came from a internet connected network.

more than 3 years ago
top

Thunderbird Unseats Evolution In Ubuntu 11.10

blizz017 Re:Exchange connectivity? (283 comments)

Unfortunately some of us are still stuck with Exchange 2003, so we're still SOL for the most part.

more than 3 years ago
top

US Contemplating 'Vehicle Miles Traveled' Tax

blizz017 Re:The Real Real problem (1306 comments)

What gives you the impression that Energy Efficient Vehicles are lighter than Gas Guzzlers? A Chevy Volt is 3781 lbs A Nissan Leaf is 3354 lbs A Ford Mustang is 3655 lbs A Chevy Corvette is 3350 lbs Granted you'll have differences between different variations of the same model; but just use those as generalized examples. Now if you're comparing a Leaf to a Suburban that's a whole other ballgame and is like comparing apples to oranges.

more than 3 years ago
top

Has GNOME Rejected Canonical Help? Shuttleworth Responds

blizz017 Re:Nokia had the same problem (181 comments)

Except for that whole period of time from the mid/late 80's to late 90's where Apple was on the verge of being bought about by Sun for $5 a share and doing absolutely nothing to make a mark on the consumer market in any fashion.

more than 3 years ago
top

Hypersonic Radio Black-Out Problem Solved

blizz017 Re:The shuttle doesn't (currently) black out (88 comments)

And this article wasn't talking about the space shuttle. In fact the word "shuttle" doesn't exist in either the summary or the article.

Really? Damn.. i guess I just imagined reading this line:

Ordinarily, this plasma absorbs and reflects radio waves at communications frequencies, leading to a few tense minutes during the re-entry of manned vehicles such as the shuttle.

more than 3 years ago
top

Playstation 3 Code Signing Cracked For Good

blizz017 Re:Epic Fail? Hardly. (534 comments)

I'm surprised you actually expect such an announcement to come from them. Why in the hell would they ever open themselves to a potential lawsuit by announcing it publicly. That's not to say it hasn't been done, particularly since depending on what the PS3 cluster is being used for, the NSA and/or DISA has almost assuredly broken the PS3 down to find out its flaws security wise.

more than 3 years ago
top

Wired Responds In Manning Chat Log Controversy

blizz017 Re:And that's what's wrong! (222 comments)

Not a search and seizure (as already mentioned), but you also neglected to read the full passage particular the part referring to how it can't impair the government when it comes to 'if the offense consists of the receipt, possession, or communication of information relating to the national defense, classified information, or restricted data under the provisions of section 793, 794, 797, or 798 of title 18, or section 2274, 2275, or 2277 of this title, or section 783 of title 50,' So basically it's not applicable anyhow, because like it or not.. Wikilieaks is clearly in possession of classified information.

more than 2 years ago
top

Wired Responds In Manning Chat Log Controversy

blizz017 Re:Have you considered the possibility... (222 comments)

Out of all that, that's the one thing in his post you wanted to highlight? Really is it that hard of a concept to swap out 'LEO busting organized crime'' and put 'Intelligence Agent undercover in foreign terror cell' or shit even a 'LEO undercover inside domestic terror cell'. This distinction between 'Law-enforcement agency' and 'Government business' isn't as clear cut as you'd like it to be; in fact the lines are highly highly blurred. But you know that's because Law enforcement is apart of the government. You did realize that right?

more than 2 years ago
top

Car Produced With a 3D Printer

blizz017 Re:3D Printers (257 comments)

Because Milling != 3D printing; even though they both use CNC. Milling involves starting with a raw material and cutting/machining away at it to achieve the desired end product. 3D printing involves printing the final product layer by layer. There are plenty of Videos out there for you to look up to see the difference.

about 4 years ago
top

Wikileaks Donations Account Shut Down

blizz017 Re:Uh (725 comments)

Dream on. Did you realize that there is still stuff from the frelling Spanish-American war that is classified? If I had ten grand in spare change lying around I might spend it on a lawyer for a FOIA query to see what's there, but let's face it, I don't so it's just going to stay that way. Have you seen the process for a FOIA request? You need to know the exact title and location of the document that you want. You can't just ask for documents relating to the cover-up of the bombing of a wedding party, you need to ask for US Army Action Report 172047a, CIA Predator Flight 2491 Operator Transcripts, and NATO After Action Report 1772-Q42. If the information that you actually need is in Flight 2490 Operator Transcript instead you need to start the process all over again (if you ever find out where it really is). Making things worse, generally the indexes themselves are classified, and if you manage to get access to one it will be so highly redacted as to be useless.

That's absolutely not true at all; FOIA requests can be/have been/generally are in the form of 'generalized' requests; is it better if you are specific about your request? absolutely, it will save you money seeing how they generally charge by time used in the search and by page. You can literally request : "This is a request under the Freedom of Information Act. I request that a copy of the following documents concerning the following subject matter be provided to me: Any and all reports concerning the actions at Abu Ghraib Prison from 1 JAN 2004 - 30 APR 2004."

more than 4 years ago
top

Game Prices — a Historical Perspective

blizz017 Re:A couple of points missed by the article... (225 comments)

Still missing the point.. There's a fee associated for selling a title on a console.. outside of any production costs; Microsoft/Sony/Nintendo all charge a specific amount of money so that games can be played on their systems; these are called 'Publisher License Agreements' here's an example of one for the Xbox360 between Microsoft and THQ: http://legal.realdealdocs.com/index.php/2008/04/18/xbox-360-publisher-license-agreement/ Basically Microsoft gets royalties for every 360 title sold; Sony gets royalties for every PS3 title sold; Nintendo gets royalties for every Wii title sold.

more than 4 years ago

Submissions

blizz017 hasn't submitted any stories.

Journals

blizz017 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?