Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

$125,000 Settlement Given To Man Arrested for Photographing NYPD

dutchwhizzman There ought to be a law... (223 comments)

There ought to be a law where any citizen can force a prosecutor to prosecute people that are suspect of committing a crime. Any prosecutor that gets too much cases where this law has to be effected should be subject of a research into his true loyalty. I wonder what party would dare to come up with a federal law to make this happen....

yesterday
top

Hackers Steal Data Of 4.5 Million US Hospital Patients

dutchwhizzman VPNs don't solve this on their own (110 comments)

Disclosure: I'm a professional Penetration Tester

We find plenty of this sort of setups at our customers. Customers set up VPNs, have a password policy and a virus scanner. They have firewalls and keep user policies restricted. Then we come and we trojan someone, or find a weak WiFi password or whatever we use to get a foothold inside their network all it takes is one little mistake and we're "in". Once we get there, we log keyboards, get password hashes from network or system memory and start to pivot all over the place. Usually, our software will trigger virus alerts, but staff doesn't react to those "in a timely fashion" and we get to keep going even though alarms are going off on several computers. We could cloak our malware and sometimes we do, but usually it's too much trouble and we get domain admin passwords within a few days and rule the network in such a way that admins wouldn't be able to get rid of us if we would rootkit and backdoor properly.

It takes more than some policies and a VPN these days. You need IDS, proper procedures, layered security and skilled, motivated staff that knows how to deal with security incidents. You need properly trained and aware users that aren't afraid to admit they messed up and that have no problem reporting others doing wrong either. Don't trust on a single technical measure, but implement them all and make sure you test and train on a regular basis. Get a data classification policy and protect data according to that policy. That means that stuff like SSNs and anything that can be used for identity theft should get extra layers of protection and alerting implemented. If you don't do all this, a serious intruder will usually get what they want.

2 days ago
top

Daimler's Solution For Annoying Out-of-office Email: Delete It

dutchwhizzman In France (229 comments)

In France it is illegal to have staff answer mail out of office hours. How's that for mandatory free time?

2 days ago
top

Apple's Diversity Numbers: 70% Male, 55% White

dutchwhizzman not just hiring (557 comments)

Once you hire someone, they may want to leave because the atmosphere in the workplace isn't what they like, or the pay for their gender or ethnicity seems off compared to others. A large part of why some companies can't seem to get their "diversity" numbers anywhere near what they want them to be, is because they have a reputation that will put certain groups off whether deserved or not.

These are things that are much more important in the long run than just getting candidates in the door that have the right skills on their resume. That part is easy, just advertise and throw money at it. Keeping them and making them fit in the team is the hard part.

about a week ago
top

Study: Firmware Plagued By Poor Encryption and Backdoors

dutchwhizzman Not safe (141 comments)

SD Cards can be several devices, including wifi cards, so those are just as (un)safe as USB devices if the device they are connected to would be susceptible to hot plugged hardware and have the drivers available for those.

SSL/TLS is plagued with bugs due to the backward compatibility issue. Heartbleed anyone?

Self Signed shouldn't be a problem, providing the device has the pubkey for the CA that was used to self sign present.

Doing a wget on an image requires at least a minimal install like busybox on top of a linux kernel. This is currently one of the most used ways to upgrade firmwares and often there are older version of busybox, the kernel and many other applications on the device. Those are one of the big sources of devices being hacked.

As you see, it's not as simple as it seems. Apart from standard apps being outdated and not validating certificates, a lot of the custom parts of firmware aren't written with any security in mind. Things like old fashioned buffer overflows, SQL/XML injections, XSS and whatnot in user interfaces are much more common than in directly web facing websites these days. With IPv6 around the corner and the end of NAT in sight, plenty of these devices will be connected directly to the internet and we will see a large increase in "things" getting hacked once we get to that point.

about a week ago
top

Is "Scorpion" Really a Genius?

dutchwhizzman He claims this himself (391 comments)

http://www.scorpioncomputerservices.com/the_founder.html

He probably is a smart guy, but these claims here would make me not want to hire him. He's so obviously full of himself that he'd probably never admit he might be wrong about something and that is just plain dangerous. So it's not just the hollywood drama, it's based on his on ludicrous claims.

about two weeks ago
top

San Onofre Nuclear Power Plant Dismantling Will Cost $4.4 Billion, Take 20 Years

dutchwhizzman Not entirely emissions free (343 comments)

While the actual generation of nuclear power in the plant may not have emitted CO2 or other burn products, you can hardly call this emissions free. Don't forget that mining the uranium ore, transporting the uranium ore and some more steps in the production process is done with fossil fuels. Nuclear waste is also a form of emission. Even if it's not directly related to greenhouse effects, it will cause severe effects on humans and nature if not taken care of (in an expensive way). All things considered, nuclear may or may not be smarter to use than coal or even wind energy, it may emit a lot less greenhouse gasses, but I wouldn't want to claim it to be anywhere near emissions free.

about two weeks ago
top

Ask Slashdot: IT Personnel As Ostriches?

dutchwhizzman Probably no way to get compensated? (246 comments)

The perv probably didn't have enough money to pay for damages to his victims and you? In some countries the government will actually make sure you get a reasonable compensation for the financial and social losses you had, even if the perpetrator didn't have any.

about two weeks ago
top

The XBMC Project Will Now Be Called Kodi

dutchwhizzman Re:This naming trend has to stop (188 comments)

Windows? It should be called "tiles" now and the amount of people that use it any other way than with whatever app they are running in a maximized window is also negligible since they started with the project.

about two weeks ago
top

Old Apache Code At Root of Android FakeID Mess

dutchwhizzman passive scan isn't perfect (127 comments)

This doesn't fix the underlying vulnerability; it merely scans for known ways to exploit it. I'm sure some clever people will find a way to thwart these scans and exploit the vulnerability, unless it gets fixed.

The only way this sort of thing can be taken care of is if Google or some governments in countries with a large market share will mandate vendors of phones or their manufacturers to provide security updates for devices for at least the duration of the contract, but preferably for the expected life of the device. Devices tend to keep working for three or four years, so that way Android users would get a similar security experience as iOS users.

about three weeks ago
top

Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense

dutchwhizzman Two computers is too expensive and cumbersome (184 comments)

Most managers wouldn't want people to have two computers on their desk, since hey, they can save 50% on desk top systems by merging them. As long as system admins do their work, nothing could go wrong, right? I'm a penetration tester by trade and no matter where I go, even thin clients and virtual machine setups aren't properly separated.

People trust way too much in technical capabilities of devices and underestimate the ingenuity and perseverance of intruders to circumvent or penetrate those devices. Sneakernet to transfer data from and to the internal network(s) and not using VLANs for separating them isn't too bad if implemented properly. Computers are way cheaper than people. They are way cheaper than technical solutions to keep networks separated including their maintenance. They are way cheaper than having an incident where your internal IT is compromised. It just looks more expensive on the desktop, which is the only place non-security people tend to look.

about three weeks ago
top

Google Offers a Million Bucks For a Better Inverter

dutchwhizzman Cubic Inches? (260 comments)

Please Google, educate the people and use metric specifications in your projects and requirements

about a month ago
top

Domain Registry of America Suspended By ICANN

dutchwhizzman ICANN is not the police, prosecutor, judge or jury (113 comments)

You'd have to wait for the government to declare Brandon Gray an illegal organization or punish them some other way if you want to rely on the criminal part of the law to deal with this. That is why you want obvious criminal actions to be named in your contract as a reason to suspend/stop delivering services or payments.

about 1 month ago
top

Linux Needs Resource Management For Complex Workloads

dutchwhizzman Look better it's already there (161 comments)

KVM, Xen and other hypervisors make Linux systems look like IBM mainframes. The whole "Virtual Machine" hype where we have guest operating systems running on hypervisors is just like IBMs Z series.

about 1 month ago
top

Obama Administration Says the World's Servers Are Ours

dutchwhizzman But they can (749 comments)

They have done so in the past and succeeded.

If a company does business in the USA, they can force them to comply or they will lose their business in the USA. If a company has even a single USA employee, they will force the employee or the employee will lose citizenship and/or risk detainment when entering USA territory. They will even arrest and detain foreign employees of companies not complying if they set foot on USA territory for this.

There are actual companies in the EU that will take great care to not have any USA customers or employees or be dependent on USA vendors for their IT infrastructure just because of this. Plenty of EU organizations and companies have chosen or are legally mandated not to use USA vendors for products and services and to not employ USA citizens because of this. If anything the USA is biting themselves in the ankles with this sort of legislation.

about a month ago
top

How a Supercomputer Beat the Scrap Heap and Lived On To Retire In Africa

dutchwhizzman power usage (145 comments)

If you can buy a new computer that will consume less power to do the same, chances are that within a few years you'd be cheaper off using the new hardware, even if that means that the old machine is written off completely. Scrap value, land fill or whatever happens to it doesn't matter then. I have plenty of old machines that have sentimental or "collector" value standing about my home. I don't power them on and actually buy new hardware (NAS boxes and raspberry pi) or run VMs to do things that the old hardware is more than capable of doing. My power bill has gone down since I started doing that, easily paying back the new hardware in a short amount of time.

about a month ago
top

How Google Map Hackers Can Destroy a Business

dutchwhizzman They failed (132 comments)

Try searching for *anything* on Google search. Over half of the results are commercial, even if you're not looking for a commercial thing. Either they failed, or they are in it for the advertisements after all. If google had balls, they'd blacklist any company that pops up with a commercial result (that they didn't get paid for) for non commercial searches. I suppose it would backlash so hard they don't want to put in the effort, or they actually failed at it.

about a month ago
top

Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

dutchwhizzman That doesn't work (231 comments)

"resetting" your phone to manufacturer settings doesn't wipe any data. Even manually "deleting" it and then "resetting" the phone doesn't do that. It merely marks the flash memory in the phone to be "reusable".

The only way to make sure the data is gone is to fill the phone up with garbage data after you've done a factory reset so there is something else written to the flash memory. After you've filled it up to the last bit, do another factory reset and you will be as close as you can get without destroying the physical device to wiping your data properly.

about a month and a half ago
top

New Single Board Computer Lets You Swap Out the CPU and Memory

dutchwhizzman Nothing New, not relevant (122 comments)

There are plenty of development boards that come as a base board with several CPU/RAM options on a daughter card. Just the fact that it fits in a raspberry pi case may make it a bit more interesting for some people. However, if you're truly into developing, you're either going to stick with the pi or get the board with the hardware specs you need and not worry about the form factor. If you're into the Pi as a consumer, it's most likely because of it's media playing capabilities. Unless this board will support XBMC with proper hardware acceleration, it's not going to be relevant for those folks either.

about a month and a half ago
top

Age Discrimination In the Tech Industry

dutchwhizzman The companies are merely hindring themselves (370 comments)

By severely limiting the type of candidate they are willing to consider, the companies are limiting themselves to a very strict model that will not allow for "star performers" to do well in that company. They will be limited to quickly going through new hires and only keeping the mediocre ones. The bad ones get fired and the good ones move on to greener pastures. This will make the whole group perform below average and recruiting costs will remain high. I don't see a need to regulate this, since the job market tends to regulate itself quite well because of this. By the way, this isn't limited to age, but also applies to gender, education, nationality and ethnicity.

about 2 months ago

Submissions

top

Facebook breaks net neutrality to buy users

dutchwhizzman dutchwhizzman writes  |  about 6 months ago

dutchwhizzman (817898) writes "Facebook is convincing partner mobile operators in third world countries to unlock not the entire internet, but just facebook for it's subscribers with a special "facebook only" subscription. By doing so, they are promoting a model where an ISP or operator can charge a fee per web site, instead of flat access rates to the entire network. With the recent agreement between Netflix and Comcast where netflix has to pay Comcast to provide proper service to it's already paying subscribers, we're seeing a worrisome future for flat fee data plans emerge."
top

New Super Doping Winter Olympics undetectable?

dutchwhizzman dutchwhizzman writes  |  about 7 months ago

dutchwhizzman (817898) writes "A journalist bought a substance known as "full size MGF" that is said to be undetectable by current doping detection methods. The substance has only been used in clinical animal trials and is supposed to reinforce muscle tissue. The press in Europe is running a big story that the drug can't be detected and people that spend 100,000 dollars will have an unfair advantage at the Winter Olympics. While current methods may not be able to detect the substance used, it is inevitable that future detection will be possible. Shouldn't the question be rephrased to "Will the samples taken from athletes at the 2014 Winter Olympics contain traces of full size MGF?""
Link to Original Source
top

Hackers vs Police paintball match

dutchwhizzman dutchwhizzman writes  |  about a year ago

dutchwhizzman (817898) writes "In a small town in the Netherlands, people from the hacking scene, police, cyber soldiers and several government agencies gathered to discuss their differences. (https://www.opcyberpaint.nl/ Dutch Language, as well as the video link below) This time, not only words were used, but paint ball guns were chosen to make arguments that words just could not bring across. Pictures can be found at http://www.flickr.com/photos/40532667@N08/sets/72157633705123865/"
Link to Original Source
top

Oracle knew for months about java 7 zeroday

dutchwhizzman dutchwhizzman writes  |  about 2 years ago

dutchwhizzman (817898) writes "Polish security researcher Adam Gowdiak submitted bug reports for the current Java 7 zero day exploit that's wreaking havoc all over the Internet months ago. It seems that Oracle can't or won't take such reports seriously? Is it really time to ditch Oracle's java and go for an open source VM?"
Link to Original Source
top

Kimble out on bail

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Kim Dotcom, Also known as the hacker Kimble, owner of MegaUpload has just been released on bail. The judge thought he wouldn't be able to flee, because he won't have access to his money. The question is now, if someone has dozens of bank accounts and a safe room, wouldn't he be burying some maple leafs around the globe as well?"
Link to Original Source
top

Monty Python to reunite for movie

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "The surviving members of Monty Python have announced they will make a new movie. It will be titled "Absolutely Anything". Graham Chapman won't be there to join them anymore, but they think the movie will still be in the spirit of "Life of Brian", "The meaning of Life" and other movies they made in the past."
Link to Original Source
top

TomTom reorganizes 10% of staff away

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Today, Tomtom, fabricator of location and route planning software and devices, announced a big reorganization. Once the biggest player in the market, TomTom is now one of the many companies offering a little box or an app that guides you to where you want to go. Also the built in navigation features of many new cars eat away at TomToms empire, it seems. Roughly 10% of the staff will have to find employment elsewhere. About half of them will be fired, the other half will not be replaced when their contracts end."
Link to Original Source
top

Southern hemisphere yellowstone sized caldera foun

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Uturuncu is a Bolivian supervolcano. Research suggests that it has an eruption frequency of roughly 300.000 years and the last eruption was, give or take a few years, 300.000 years ago. Research suggests that it started raising in a 70 km circumference by 1 to 2 centimeters per year, making it the fastest growing volcano on the planet.

Break out the tin foil hats, and store plenty of canned beans, because it may just erupt before Yellowstone pops it's cork."

Link to Original Source
top

Binary usenet groups prohibited in the Netherlands

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Amsterdam based Usenet wholesale provider News Service Europe has been mandated by the court to remove all copyright infringing content on their servers, or face severe financial penalties. Dutch copyright MAFIAA organization BREIN has won a court case making the usenet provider responsible for the content posted on other platforms than their own.

Could this be the end of usenet as we know it, or will an appeal be won by NSE? Why didn't the judge make the provider that allowed the posts responsible? Why did the judge not honor the "cancel message" procedure that technically exists in the NNTP protocol?"

Link to Original Source
top

Dutch court bans Samsungs Android 2.3 devices

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Today a Dutch court banned the Galaxy S, Galaxy S2 and the Ace. The ban will only apply to these devices when running Android 2.3 and is effective starting October 15th. The ban is based on apples scrolling patent and this is "fixed" in Android 3. It is expected that Samsung will upgrade to Android 3 very soon, probably before October 15th."
Link to Original Source
top

Google to cut off most of Labs

dutchwhizzman dutchwhizzman writes  |  more than 2 years ago

dutchwhizzman (817898) writes "Bill Coughran, SVP for Research and Systems Infrastructure, announced severely limiting of Google labs. They won't pull the plug completely, but the nifty features in several google apps that were available via labs, will most likely not get updated, and fewer new ones will appear."
Link to Original Source
top

Plan to test Shakespeare remains for marijuana

dutchwhizzman dutchwhizzman writes  |  more than 3 years ago

dutchwhizzman (817898) writes "A team of scientists has submitted a formal request to test the remains of William Shakespeare for drugs. Notably, for marijuana, since remains of clay pipes found in his garden have been tested positive for four-twenty. If they get permission, we may have to adjust our view on his world famous plays quite substantially."
Link to Original Source
top

MicroSoft Office 365 goes live

dutchwhizzman dutchwhizzman writes  |  more than 3 years ago

dutchwhizzman (817898) writes "MicroSoft today officially announced the worldwide launch of their in-browser office collaboration suite. They have recently been communicating that they are planning on a cross browser, cross platform support for all their apps in the future. Now is the time to see if they can live up to that plan and if it's any good."
Link to Original Source
top

Bittorrent and uTorrent sued for protocol

dutchwhizzman dutchwhizzman writes  |  more than 3 years ago

dutchwhizzman writes "Bittorrent and uTorrent are sued for using techniques in their clients and the bittorrent protocol. From the article it appears that technologies are used that were submitted in a 1999 patent, that was approved in 2007. This itself is not uncommon, but reading what technologies are used, HTTP could very well be prior use, or violating at least part of the same protocol."
Link to Original Source
top

Fedora refuses to fix broken flashplayer in 14_64

dutchwhizzman dutchwhizzman writes  |  more than 3 years ago

dutchwhizzman (817898) writes "After over 150 entries in a bugzilla bug over Adobes' broken 64 bit flash player, there still is nobody that is fixing the problem. Even Linus Torvalds himself has given his comment that no matter who broke it, Fedora should just fix it, since the end users don't care. Fedora developers so far refuse to revert a change to glibc that triggers the bug in Adobes's software, "because the bug is in Adobes' software and Adobe knows it's in there".

In the mean time, end users are left with glitches and broken sound in their 64 bit OS experience, and only a few found the cause and remedy for this in the bug description. Right now there is even a plea to stop submitting comments to the bug, in the hope that the developer might want to revisit it and read what should have been done weeks ago. Is it really so that developers, in this time and age, can dictate what gets commented to a bug and what gets fixed in such a big community project, just because they are the ones with write access to a repository?"

Link to Original Source

Journals

dutchwhizzman has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>