Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

"BadUSB" Exploit Makes Devices Turn "Evil"

cant_get_a_good_nick Re:and this is news why? (146 comments)

My understanding of this.. read only only mitigates part of this.

The simple part:

So, you plug something in. It gets an enumerate request. It replies back "Howdy, i'm a USB mass storage device (a.k.a hard drive)".. Ok cool, i mount you read only. But then the stick says "Oh BTW, im also a keyboard". This is where you get hosed. Read only, disabled autoplay, doesn't help you as much as you want.

The "keyboard" can then send keystrokes to your machine. There are probably some things you can do with this without raising suspicion.

The next level:

So you plug something in. Your device is evil, and it knows some bugs in some Host Controller firmware.

The OS tries to enumerate the device. The evil device knows how to send packets that then pwn the host controller. It rejigs the firmware. This is now screwed. This is under the OS, under any device driver even. You are now pwned. Your host controller now can be used to lie about files coming from disk, or lie about keyboard, or siphon things off.

All this before it even figures out that this is supposed to be a mass storage device, much less read only.

This is wickedly clever.

1 hour ago
top

A 24-Year-Old Scammed Apple 42 Times In 16 Different States

cant_get_a_good_nick Re:Wow ... (408 comments)

I sorta second the "marketing purposes" asking for ZIP.

You can usually refuse this, and besides that, about 50% of the time they ask you for zip after the transaction has gone through anyway. They can read Track 1 of your card, which includes your name. Name + zip is a decent proxy for unique ID, and Axciom probably has your name anyway.

2 days ago
top

Private Data On iOS Devices Not So Private After All

cant_get_a_good_nick Re:So... (100 comments)

Also, turning off this behavior - plugging a phone into a computer, pressing "OK" without any authentication allows siphoning - is pretty hard to do. You need to download a wonky piece of software called Apple Configurator to do this. It's usually for corporate/educational bulk deployments, and the UI shows this.

2 days ago
top

Private Data On iOS Devices Not So Private After All

cant_get_a_good_nick Re:Article got it wrong (100 comments)

Hmm, like the AC joke below, I'm a bit torn when you said "Security Expert" for Steve Gibson. Aside from prodigious self promotion, as far as actual security talent, Steve's both good and bad. I may listen to this one, because this one is more in his wheelhouse - specifically describe in easier terms a complicated subject previously researched and digested by someone else.

He's much less useful when making declarations of what to do - he's too enamored of assembly (which can lead to more security holes - there are no checks or restrictions in Assembly as in say, C#, Java, or even C++), he keeps on talking about that he won't move off of XP (and implies that it's safe for others to do so).

3 days ago
top

Private Data On iOS Devices Not So Private After All

cant_get_a_good_nick Re:Stallman was right (100 comments)

Stallman is crazy. Even crazy people can be right about a few things here and there, but overall he's a zealot. The jokes goes "even a stopped watch is right a couple times a day - though you need a second working watch to see when."

The Hurd has been under development since 1983. Three decades, and still not a stable version? When he started the HURD we didn't have the web, nor the Internet. If we waited for Stallman to actually ship, we would have lost out on a lot (both good and bad, but mostly good).

The issue with Stallman is where do you stop? OK, so now you have an OS totally under your control (well maybe, but lets pretend yes). Now, the hardware! OK, rewrite the BIOS/OpenFirmware. Now you're under control! No, there may be stuff in the chips.... lets go grab some sand.

Soon enough, you either have to say you write everything (and this is the mess you get from making your own toaster) or just realize you need to have faith in some companies you may or may not want to trust.

3 days ago
top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

cant_get_a_good_nick Re:Zero Days? Updates? (132 comments)

My point is - part of the security of a LiveCD is the fact it's a Read Only medium. Malware can't write to it.. But it also means you can't update buggy code. What if my LiveCD has Heartbleed?

The AC who commented "burn a new one" doesn't know how most distros do things, which is not to create a new CD image every time a package changes. The CD image is current on Day 1, and deviates from the true distro starting possibly on Day 2. Unless you only use the CD Image on release days, you'll always be slightly behind on (at least some) packages.

Yes yes, i know part of the point of a USB stick is a controlled Distro where you know the current state of all things on it. But, it still has issues with Zero Days. Lets say there's a Zero day, and I write to your USB stick. Now you're compromised, with a false sense of security. Do people drop to "single user with networking" on their USB sticks, do updates, then run in multi-user with parts of the file system read-only?

about a week ago
top

'Just Let Me Code!'

cant_get_a_good_nick Re:Code the way you want... (368 comments)

When I heard the Learn’d Astronomer

WHEN I heard the learn’d astronomer;
When the proofs, the figures, were ranged in columns before me;
When I was shown the charts and the diagrams, to add, divide, and measure them;
When I, sitting, heard the astronomer, where he lectured with much applause in the lecture-room,
How soon, unaccountable, I became tired and sick;
Till rising and gliding out, I wander’d off by myself,
In the mystical moist night-air, and from time to time,
Look’d up in perfect silence at the stars.

Sometimes it sucks when your hobby becomes your profession. But it doesn't have to stop being your hobby.

about a week ago
top

'Just Let Me Code!'

cant_get_a_good_nick Commodore 64 (368 comments)

part of my nostalgia for coding on the C64 is how you felt you could know everything about the box. There was a book, Mapping the C64 and C64C. that told you about every single address on the computer. You felt you could get everything done with some pokes and peeks, or some machine language. (LDA anyone?).

Now, you can do more, but you don't feel you can push to the envelope of the hardware. How many classes does java add every release cycle? How often does CPAN turn over?

I think im not the only one with that nostalgia.. there's an offer on that book for >700 dollars. I lost mine over the course of several moves during College days.

about a week ago
top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

cant_get_a_good_nick OT: signature (132 comments)

Im stealing your signature...

about two weeks ago
top

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

cant_get_a_good_nick Zero Days? Updates? (132 comments)

Not a troll, but how do you get updates on a LiveCD? a good safe distro would not only update bad code easily, but also prevent whatever malware gets in from writing to local disc. What to do?

about two weeks ago
top

Researcher Finds Hidden Data-Dumping Services In iOS

cant_get_a_good_nick Law Enforcement should cost (98 comments)

Process is now taking about four months on average, and costs
about $1,000, so LE is looking for streamlined / inexpensive
tools to collect evidence.

Part of the protection against tyranny isn't the gun, but simply that certain law enforcement has certain costs. Part of it is red tape - a warrant sticks some glue in the process, slows it down. Part of it is monetary costs. In the 1970's wire taps cost a lot.

These costs force some filtering of resources. You can't just go after everyone, you need to be somewhat efficient with resources. It doesn't eliminate bad actors, but it makes the consequences more intense.

Part of what the NSA is doing, they can do because the surveillance is so cheap. If it cost them 1000 a person, then just in America it would cost them 350 Billion a year to spy. The world would cost 7 Trillion. We can't afford that, only that surveillance is (too) cheap does mass surveillance make sense.

about two weeks ago
top

California In the Running For Tesla Gigafactory

cant_get_a_good_nick Re:Texas! (172 comments)

Troll feeding time...

Why is it that government can never do anything right, well, unless it's the army, then it can do no wrong. Somehow if there's a bullet involved, government becomes perfect. Try to feed a kid, whoa, that can never work.

Oh, and if the government tries something and doesn't work, that's proof that government sucks. But if it does something, and can compete with private business, hey that's government being mean, and there's some law to prevent it. Government sucks by attrition - anything that works that works better than private industry is killed and all you see are the things that don't work.

Anyways, Google started using the university network, using students educated at Stanford, using an operating system partially developed at a University, using a networking protocol developed at a University from ideas originally from a government institution. The original hardware included a Sun, again developed at Stanford. They used the web, which was started as a non-business thing, a bunch of CERN guys wanted to push physics research papers around. The first web didn't have much commerce on it, it was the NCSA webserver (NCSA from the University of Illinois - a public land grant institution) and NCSA Mosaic that popularized it before any company went on.

Yet, you'd say none of that matters. It's very easy to win arguments by definition. Im sure you'd say "but none of that HELPED them" and just dismiss it.

about two weeks ago
top

California In the Running For Tesla Gigafactory

cant_get_a_good_nick Re:Texas! (172 comments)

What made the oil industry successful is oil. Whatever regulations or non-regulations you want to give, if there's no oil, there's no oil industry.

It can be argued that silicon valley grew because of California University school system. A good chunk of which is publicly funded. Remember Sun stood for Stanford Univeristy Network. Google started at Stanford. A good chunk of Apple Mac OSX and iOS is BSD, developed at University of California, Berkeley. The Internet as we know it started at Berkeley - one of the first TCP/IP stacks was just known as Berkeley Sockets. The Internet was at first a DARPA project (government funded) for distributed command and control. The work then went to California universities, trying to share scarce computing resources.

about two weeks ago
top

OpenWRT 14.07 RC1 Supports Native IPv6, Procd Init System

cant_get_a_good_nick Not a flame war: dd-wrt vs openWRT (71 comments)

I pushed my router to dd-wrt a while ago. At the time, I liked the UI on dd-wrt better than openWRT. I also noticed some issues on my specific hardware for OpenWRT. How do they stack up?

about two weeks ago
top

Ask Slashdot: Future-Proof Jobs?

cant_get_a_good_nick Re:Seriously? (509 comments)

Whether or not you believe Kurzweil's specific predictions (and I don't) planning for a radically different job future is worth it. I didn't see the poster asking about Kurzweil's specific prediction, as much as "hmm, I kind of agree from this guy that the world will change, lets ask Slashdot for some ideas on where this is going".

Want to be a UPS driver? Or a taxi driver? Or Truck Driver? Thank Google - that's gonna go away. Want to be a waiter? We're already moving to a "tablet for orders, fewer servers for food delivery" model. "Hey, lets screw over people who don't even make minimum wage!!" Good luck being a Travel Agent now. Are you a lit geek and you have a romantic image of working in a bookstore? Nahh, Amazon. When I was in college, I was a cashier to make school money. Nahh, Self-Checkout. We can't quite predict how many jobs Watson is going to knock out. Even law is seeing a glut. A career where you need years of expensive schooling and then have a barrier of a certification is having a hard time finding jobs for all the graduates. All these are current, or in a few years. F**k the singularity, this is now.

I know I'm mangling the Eisenhower quote but: Plans are worthless. The act of planning is essential.

about two weeks ago
top

Massive Job Cuts Are Reportedly Coming For Microsoft Employees

cant_get_a_good_nick Re:Not Surprising (300 comments)

If it's bought out, you'd better polish anyway. At least if either is a public company.

The CEO talked about finding synergies and cost cutting. He's now on the clock to save money, to keep the stock price up. Cutting jobs has short term costcutting gains, and the negative consequences are long term. You may be toast either way.

about two weeks ago
top

Economist: File Sharing's Impact On Movies Is Modest At Most

cant_get_a_good_nick Re:Lies, damn lies. (214 comments)

Maybe I worded my response wrong, but I did get the sarcasm. In fact I agreed with your point (notice the third word of my response) - there are a bunch of companies that "hate" piracy, but really for different reasons for what they let on and losing market isn't what they're fighting.

My add-on was more about how you grouped the "piracy haters" together, when they're quite different. Microsoft 1985 (needs market share, can let some OS piracy go through to sell Office) is different than Microsoft 2002 (XP and office are dominant in market, need to maximize revenue per seat, crush piracy) is different than Microsoft 2014 (losing Office seats to Google, Open/LibreOffice, may tolerate piracy a bit more).

Music has a specific indentured servitude business model - well that and making money on both sides of CD pressing - not the same as Microsoft. Though piracy is not killing music, it is killing the major labels. Piracy is part of the move to digital, which is killing the model. I bet most labels do care about music, but they care about their revenue more. You can argue that it isn't killing music, and you'd be right. But that's not what the labels see. They see their way of life going away, and they are fighting to keep it.

So yeah, agreed with the joke about "yeah the markets are tumbling" but wanted to add something to the discussion.

about two weeks ago
top

Economist: File Sharing's Impact On Movies Is Modest At Most

cant_get_a_good_nick Re:Lies, damn lies. (214 comments)

Though I agree with most of what you write, I disagree with the using Microsoft as an example. It isn't the same as a movie.

OSes have network affects. My life is somewhat easier if you have the same OS as me. My life is a bit easier still if you have the same apps as me. If everyone around me has Windows, maybe I buck up and pay for Windows myself. Also, Microsoft has both Apps and OS divisions. Piracy in OS may be tolerated (it was early on) if it leads to more app sales. Movies have some sense of group culture if you and your friends have seem them, but no where near the network effects as OSes.

One thing we all miss is not the Piracy fight really is a fight against technology. It's not the fight against pirates as much as the fight against digital distribution.

In the old days (pre 2000's) the business model for a record label was as a gatekeeper and a Venture Capitalist for bands. You're a band, you'd get signed, you'd get an advance, which was expected to be earned back by product. The advance would pay for your studio time, your mastering, your distribution. That, and rock stars generally are not that careful with money with what's left over, so they'd be in debt quickly. Well, now because of the advance, you're essentially in a state of indentured servitude until you pay it off. The studio owns the masters, owns the copyright, you get by on touring. The studios were vertical, they owned the CD pressers, and they'd charge you for each CD they made (even though that business ran a profit on its own).

In a digital model, the studio is cheaper (iPad + garageband? joking, but probably not too far off), pressing fees go away, and distribution fees go away. So, now the studio doesn't have financial hooks in you. You don't owe them anymore. Their business model is now gone. If they said "poor us, our business model where we get bands into debt so badly that they are stuck with us for essentially life is gone" they'd not get much sympathy. Piracy? yeah, claim that and you might get some action.

about two weeks ago
top

Unintended Consequences For Traffic Safety Feature

cant_get_a_good_nick Any data from other countries? (579 comments)

Taiwan has had these for years. Not only do the pedestrian walk signals have timers, so do both the green and red lights. They'd have to adjust for density though.... if you think driving in the states is hard, try driving in Taipei where every lane has scooters on both sides of you.

Personally, I like and use the pedestrian counters as part of my driving. As part of my judgment i check those if available, whether to push through the light or not.

Get off the damn phone, both drivers and pedestrians.

about a month ago

Submissions

top

How Do I Secure Windows XP for my Mom?

cant_get_a_good_nick cant_get_a_good_nick writes  |  more than 6 years ago

cant_get_a_good_nick (172131) writes "As the family tech geek, everyone asks me how to get rid of viruses. As I explain malware and the difference between the infection vectors of worms, trojans, and viruses, their eyes (understandably) glaze over. And I can't even tell them what's the best freeware anti-virus + anti-spyware + anti-malware-of-the-day for Windows (I'm a Linux geek myself). I moved my sister from a public IP to a private IP, and saw her eyes wander the room when I tried to explain why it's better for her.

Faced with the choices of getting a family that just understands tech (not gonna happen) getting them to move off Windows (not gonna happen) or letting them get infected (I don't want to happen), what are the best resources for getting a Windows machine relatively safe, and keeping it so? The more i look at this, the more I need to explain malware, DHCP, firewalls, rootkit, Windows update (but avoid WGA), the more I hear them ask for a magic bullet to make it all go away. How can I make Windows security as simple as possible?"

Journals

cant_get_a_good_nick has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>