Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

The Psychology of Phishing

dunkindave Re:well (46 comments)

No, like if they want to gain access to data in company ACME Co, they do some research about that company, find people who belong to it, often in specific groups they are particularly interested in (the missile division of ACME for example), then seak out information on these people, like what conferences they have attended (attendee lists are often published on the web) or what projects at the company they are working on (a newsletter on the web mentions them in a small article about the Ramrod SuperAgile Counterstrike Missile System), then send them an email tailored just for them: Hi Joe, we found another missile system using flight parameters that may be interesting for use in the Ramrod. Here is the website..., signed your coworker Frank.

The spam from your bank doesn't normally address you by name, or mention details like your account number or which local branch you use and when. In fact, it is the lack of such details that most people use for clues that it is spam, so when those details are there they typically trust it. That is the gist of the article.

5 hours ago
top

The Psychology of Phishing

dunkindave Re:well (46 comments)

The criminals offer people stuff they want, marketing offers people shit they don't want. Seems simple enough

Except the article is about spear-phishing. In spear-phishing, the emails are tailored to the intended victim, pretending to be from someone the attacker knows or believes the victim trusts, such as an email from their boss or their HR department, and the emails normally include information that the victim assumes isn't public which adds to the email's trust. Such emails may pretend to contain important employee training updates, company newsletters, specific conference information for conferences the target is known to attend, references by project name to projects the victim is working on, etc. This means the spear-phishing email is very different from typical spam which is clearly marketing, or so generic as to be obvious spam. It also means that without confirming the email's legitimacy via out-of-band methods, it may be virtually impossible to verify if it is real or not.

The problem for the defenders is the only real defense against a well crafted spear-phishing email is to instruct people NEVER to open an attachment, to click on a link, to visit a website if so instructed, or even to respond with information that may be requested. But such a world would render most business email useless.

6 hours ago
top

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

dunkindave Re: What? (50 comments)

An NSL is quite frankly whatever the author of the NSL wants it to be. Typically, you're right, it's a request for information or access, but it also prevents you from telling ANYONE about it. So, who knows. You don't most likely. Unless you're party to it.

No, an NSL is specifically only for requesting of information.

From Wikipedia: A national security letter (NSL) is an administrative subpoena ...

A subpoena is a writ issued to compel testimony by a witness or production of evidence.

What makes the NSL special, and the reason people believe it is unconstitutional, is 1) it is not directly authorized by a judge, and 2) it can come with the requirement that the recipient not disclose that it happened or that the disclosure occurred.

An NSL is NOT a blank check for the government to order people to do whatever they say. It is very specific in its abilities, and that is only to request information, and possibly (though while the norm, this is not required) to require its existence to be kept confidential. So you see, I do know, as does anyone else who does a cursory lookup about what an NSL is.

yesterday
top

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

dunkindave Re:What? (50 comments)

Er, I mean on advice of COUNSEL. Damn spell checker.

yesterday
top

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

dunkindave Re:What? (50 comments)

The conference didn't stop the presentation, the presenters withdrew it on advice of their own council since they believe they didn't have the legal authority to present the results of the research.

yesterday
top

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

dunkindave Re:What? (50 comments)

Put your tin foil away. People at institutions like Carnegie Mellon's Software Engineering Institute typically work on grants and funding that come with conditions, such as the funder owns the material or can dictate its dissemination. It sounds like the researchers discovered something they thought interesting, looked around and decided BlackHat would be a good place to present, then the lawyers pointed out that they hadn't yet received the required permissions per the funding agreement/grant so they have backed off for now.

An NSL is a directive to disclose info that may include the requirement not to reveal the disclosure occurred. An NSL is not a way to simply order someone to be quiet.

yesterday
top

A New Form of Online Tracking: Canvas Fingerprinting

dunkindave Re: And this ... (181 comments)

I recently saw an article that said, basically, by installing privacy software you make your machine more unique versus the other machines on the Internet and therefore make it EASIER to uniquely identify your machine. You may not be loading the cookies they try to ram down your browser's throat, and all the other persistent ways to track, but they can tell you DON'T load certain images, or keep certain cookies, and that too can be a clue for them.

2 days ago
top

Russian Government Edits Wikipedia On Flight MH17

dunkindave Re:Do you have any hands-on experience ? (665 comments)

When you perform a terrorist act you tell that YOU did it in order to intimidate. You don't deny you did it.

They did tell us they did it in a Twitter post right after the shootdown, but that was when they thought they had shot down a military transport. Then they discovered the plane was a civilian airliner so they deleted the post and shifted into denial mode. Nope, didn't shoot it, never had such a missile system, nothing to see so please go away.

I also find funny Putin's explanation that it is Ukraine's fault since if they were to have just rolled over and let the fighters have what they want, then they wouldn't have been shooting at planes. Officer, it isn't my fault the guy got shot, he got in the way of my bullet so it's his fault!

2 days ago
top

Canadian ISP On Disclosing Subscriber Info: Come Back With a Warrant

dunkindave Re:Good for them (55 comments)

This is what they say, now let's see what they do! I truly hope they are true to their words, including behind the scenes where we don't normally see.

about a week ago
top

White House Punts On Petition To Allow Tesla Direct Sales

dunkindave Re:For us dummies.... (382 comments)

The problem with your description is that some of the laws Tesla is now fighting are recent legislation or regulations. For example, in New Jersey, the regulation prohibiting Tesla from performing direct sales was only put in place on March 11, 2014 by the New Jersey Motor Vehicle Commission (composed of political appointees of the Governor). Likewise in New York, they are looking at passing legislation to ban the way Tesla is selling vehicles.

NY dealers have Tesla ban in sights

It is/was legal but being made illegal. While aspects of the requirement of franchises may be in previous laws, Tesla built their model to comply with those laws, so the dealership associations are having their paid stooges rewrite the laws to block Tesla.

about a week ago
top

White House Punts On Petition To Allow Tesla Direct Sales

dunkindave Re:For us dummies.... (382 comments)

Traditional car companies see Tesla as a threat. They see Tesla is using a different sales model, namely that Tesla sells their cars directly to the consumer instead of using a dealership, and then the big guys use this difference to try and block Tesla from selling cars by influencing state legislatures (with things like money) to pass laws that say new cars can only be be sold through a franchised car dealership, not directly. The car companies know that all the new US car companies in the last century that have tried to enter market using dealership have failed for a few reasons, but one big one is that the new guy is too small so the dealership is one that would handle multiple brands, and as the new unproven line, the cars don't get pushed, so wither and die. That is what the big manufacturers want, for Tesla to fail, and they are paying their lawmakers to create laws to make Tesla's job impossible.

about a week ago
top

Brazil Nut Effect Explains Mystery of the Boulder-Strewn Surfaces of Asteroids

dunkindave It is still just a theory (58 comments)

My problem with these kind of articles is how they state it as 'case closed'. All this is is a theory of what is happening. Maybe it has a lot of solid science behind it, maybe it is even right, but right now it is still just a theory for us to explain what is happening. Using words like "Now an international team has solved the mystery" makes it sound like there is no debate, this is the answer, and anyone who says otherwise is an idiot. While I am not a scientist, I come close enough, and this fails the scientific method, at least in how the reporting represents it.

OK, I feel better now.

about a week ago
top

Apple Refutes Report On iPhone Threat To China's National Security

dunkindave Re:Someone is lying. (134 comments)

If I was China I would ban western products.

That is China's goal. It is just their stated reasons that are suspect.

about two weeks ago
top

The First Person Ever To Die In a Tesla Is a Guy Who Stole One

dunkindave Re:Unsafe at any speed (above 100 MPH)... (443 comments)

My guess is the Tesla hitting one of the "street poles" (telephone pole?) mentioned while sliding sideways at a high rate of speed was the cause of the car being split in two. This differs from Interstates in a very important way, namely, most poles on or near highways are designed either to break away if struck, or have crash barriers around them to absorb the crash energy. Poles on city streets on the other hand are designed for impacts at city street speeds, not highway speeds. At city street speeds cars crumple, not subdivide. An aluminum light pole with a breakaway is a lot different than a one foot diameter wood pole cemented into the ground when hit.

about two weeks ago
top

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet

dunkindave Re:Fast Flux (62 comments)

The idea behind fast-flux is to make blocking or recognizing an activity based on IP addresses essentially impossible, since by the time the bad IP address is known, communicated, and entered into whatever system is doing the blocking or detection, the addresses have changed to a new set and the race starts over. 5 to 15 minutes is a common rolling period for these people.

about two weeks ago
top

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet

dunkindave Re:And how does it get these domains? (62 comments)

You can't, but in order to regain control, all they need to do is successfully register ONE of them so when the botnet swarm tries to phone home it finds that one and they are back in business. Based on the summary, each week it tries a different list of random domain names so they can keep trying, week after week, until they succeed. I am also presuming these domains are spread across multiple TLD so it isn't just a matter of having the registrar for .com or .org block them. They would also need to get all the country TLD registrars to block the list as well.

about two weeks ago
top

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

dunkindave Re:Seems appropriate (353 comments)

Not true about reckless endangerment. For a person to be guilty of that crime, they must knowingly have committed the act that caused others to be endangered and known that it could endanger them (or at least a reasonable person would have known). The "intent" part is when caution was thrown to the wind. A drunk driver doesn't intent to kill the minivan full of people, but they chose to drink then to drive, and that is where the intent came in. They intended to be reckless.

about two weeks ago
top

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

dunkindave Re:Seems appropriate (353 comments)

Actually, this can happen to a fashion in the United States as well. In a trial, both sides are required to give the list of witnesses and evidence to the other side in advance of the trial so they can perform whatever investigation/interviews/... they need to. The witness out of nowhere seen in movies doesn't happen. There are however two exceptions I know of: 1) one side presents something, like a statement from a witness not contained in depositions, and the other side then produces a witness to refute it, and 2) when new evidence is discovered that didn't allow time for the pretrial notification (they still have to convince the judge it really is newly discovered and has a significant impact on the prosecution/defense). Having a witness you know of and not revealing who it is until you want to call them to the stand, would fail the above test and the witness would not be allowed to testify, no matter what you feel they would have to say.

about two weeks ago
top

UK Computing Student Jailed After Failing To Hand Over Crypto Keys

dunkindave Re:But it wasn't for "national security" (353 comments)

I think the term "stop and identify" is not being used correctly, since your quote says " to a peace officer who has lawfully arrested the person". Being stopped and asked is a lot different than being arrested and asked. One arrested they have a right to know who you are for processing. Just being stopped does not carry that requirement. That doesn't mean the Texas law isn't absurd though (haven't read it).

about two weeks ago
top

Austrian Tor Exit Node Operator Found Guilty As an Accomplice

dunkindave Re:Whatever way we want it to be (255 comments)

Once, a congressman from the United States said of his constituents, "There are no law-abiding citizens, there are only citizens who haven't yet broken a law."

Funny, I tried googling your quote to see what congressman said it and when, but Google didn't find any matches. I also tried some variants of the wording but still no luck. It seems to me that such a quote would produce a lot of search results if it happened. Citation please?

about three weeks ago

Submissions

dunkindave hasn't submitted any stories.

Journals

dunkindave has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...