×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Bill Gates Patents Detecting, Responding To "Glassholes"

hAckz0r Re:bullshit patent (129 comments)

Yea, he is patenting the use of one camera to detect another. Pure BS. Now let the stealth and polymorphic camera wars begin!

yesterday
top

Student Records Kids Who Bully Him, Then Gets Threatened With Wiretapping Charge

hAckz0r Administrator mentality - see, hear, & do noth (707 comments)

I could have been this kid back in Jr High school. I might even have done exactly what this kid did back then, if recording devices didn't weigh a ton. Yea, I'm dating my generation here.

.
Bullying was out of control, even back then. Its nothing new except for the media is finally covering it. I was no the receiving end of that bulling up until the day I took Aikido. My instructor was an elderly woman weighing in all but about 86 lbs soaking wet. That class change my life. I had started taking Judo 9 month earlier but it had not yet come in handy for anything. After sitting in on just one Aikido class at the ripe old age of 13, only watching, I threw and pinned my adult Judo instructor using an Aikido move in a sparing match when I was just supposed to be the practice dummy for class demonstration purposes.

Since graduating from high school, I have also taken Taekwondo, Shaolin Kung Fu, and Kenjutsu, but I always come back to Aikido in a time of need and/or a delicate situation. Its just more useful in everyday life. You merely use the opponents own energy against themself, by understanding the physiology of the human body and how it can and can not move. The philosophy of not hurting the opponent is the best part of it, and therefore useful for almost any kind of bad situation.

https://en.wikipedia.org/wiki/...

My last encounter with such a school yard bully was as a bystander in a high school metal shop class, only I just couldn't stand there and watch it happen. The Class Clown (aka dumb F*@ck ) took a hand full of metal shavings off the lathe and went to shove it down this one kids shirt, and my own hand wound up going in right behind. I clinched his fist so he could not let go of the metal shavings, pulled his hand out slowly, squeezing his hand with around 90+ lbs of pressure, and then gently rolled him across the shop bench table with one hand. All 200 lbs of him, while I was about 150lbs at the time. Its proof that with enough thrust even pigs can fly....

The administration, as you might guess did nothing, so the mighty sward of 'do-nothing-ever' cuts both ways at times.

A little bit of self confidence can allow you to talk your way out of bad situations a lot more easily. Simple fact, its no fun to pick on someone who is just not afraid of you. The bullies are after the feeling of control they get when someone submits to their will, and they won't get any kind of satisfaction like that here.

yesterday
top

The Security of Popular Programming Languages

hAckz0r Re:Not a useful paper (181 comments)

I think 'slot' is a misinterpretation of someone else's pronunciation of SLOC, or source lines of code, but its usually used in (kilo) k-sloc or (mega) m-sloc when talking about errors in software. if you are talking about just sloc you are in deep trouble bug wise.

.
Another possibility is in GUI programming there is a such thing as a slot, which is essentially a callback routine associated with an interface control. However applying that definition to an error count metric is troubling since there is no standard size for a callback.

For what its worth, whatever language NGINX is written in is not the one to use, the site gateway is apparently down, implicating a bug in the web software serving the article. Maybe the hackers are trashing the servers right now? I would have liked to have been able to read the article on broken web software, but the web software was broken.

yesterday
top

How a 'Seismic Cloak' Could Slow Down an Earthquake

hAckz0r Re:Weaponize (101 comments)

Very true. Waves have both constructive and destructive interference, and the sources would have to be perfectly aligned to really negate the energy. That of course means your cloak would need to be deep inside the earth exactly where the seismic energy is coming from. And good luck at injecting enough energy to affect trillions of tons of rock exactly in phase with a seismic wave that you didn't know was coming exactly at that instant. This kind of nonsense could only happen on April 1st.

about two weeks ago
top

Facebook, Google Battle To Bring Internet To Remote Locations

hAckz0r Stupid "battle" (49 comments)

They both have a common goal, to get a network to the masses. Just make nice, join forces, and get the job done. Enough with the story headlines and get on with it.

about two weeks ago
top

Tesla Model S Gets Titanium Underbody Shield, Aluminum Deflector Plates

hAckz0r Re:sky should be the limit... (314 comments)

This decision is for the laymen that don't know enough to see the solution for what little benefit it provides. To them carbon is bad. Think Coal (flammable) and C02 (poisoning our atmosphere, and why we buy a Tesla in the first place). Never mind that graphite is non-flamable and diamond is the hardest structure known, as they don't get in the news.

Maybe spider silk? Spiderman is cool. Yup, make it out of spider silk and that would sell a lot of cars.

https://en.wikipedia.org/wiki/...

about three weeks ago
top

Prototype Volvo Flywheel Tech Uses Car's Wasted Brake Energy

hAckz0r Not new tech at all (262 comments)

Back in the early 80's, in my undergrad days, I was designing my dream car, which had a 300 lb epoxy kevlar flywheel (didn't have carbon fibre back then) which at maximum rpm would punch out a theoretical and instantaneous 32,000 horse power (for a very very short time), with all wheel drive, if the mechanical components could even handle that kind of load. The design challenge was to see how much power you could design the system to handle without twisting the frame.

What Volvo doesn't mention though is that if you extract that kind of energy from a single flywheel system the car will spin violently if the tires break traction. The only way to handle that much torque is to have a dual flywheel system using counter rotation to negate that rotational torque. Step on the gas a little too hard when on ice and you are out for quite a surprise.

about three weeks ago
top

Lasers May Solve the Black Hole Information Paradox

hAckz0r Re: Backup your data now (75 comments)

Your storage infinite device: 1) create a radio receiver that transcribes the incoming signal into a laser beam. 2) Drop it into a black hole. The data in the beam now becomes infinitely compressed as it tries to get to the event horizion. 3) Send it all your data. 4) pr0fet! Just make sure the EULA states that it is to be used only for perminant storage (as nothing ever comes back out of a black hole.)

about three weeks ago
top

Environmentalists Propose $50 Billion Buyout of Coal Industry - To Shut It Down

hAckz0r Re:Won't change anything... except (712 comments)

Economics is key, but not necessarily from the consumers perspective. If you buy a coal burning plant what you have created is one very rich and powerful investor who knows little more than how to manage a Coal burning plant. The question then is how you then entice that same person to invest his money in a different technology that is better for the planet. Taking someone from 'running the worlds dirtiest power producing technology' to suddenly 'caring about the planet' may be harder than it sounds unless its actually written into the contract or something else is made to look like a lot better investment. The filthy rich have a tendency to love money unfortunately.

about a month ago
top

Environmentalists Propose $50 Billion Buyout of Coal Industry - To Shut It Down

hAckz0r Won't change anything... except (712 comments)

Except raise the prices of electricity. The Coal plants will just import form overseas and the proce to consumers will be higher as a result. Not that raising the price won't change the economics, but it won't kill the industry like they seem to assume here. It would be better to pour their money into some R&D to find a better substitute with a lower cost green alternative. After all $50 Billion with a 'B' would certainly help find better technology if in the right hands.

about a month ago
top

Getty Images Makes 35 Million Images Free For Non-Commercial Use

hAckz0r Love this part (66 comments)

Quote: will continue to “pursue online infringing use as we’ve done traditionally.”

about a month ago
top

Routers Pose Biggest Security Threat To Home Networks

hAckz0r Re: But Routers are good things! (264 comments)

You just described our 'indirect internet access' and yes I once used ssh proxies to loop back and test our own security perimiter. Currently I use Qubes-OS to partition my personal desktop security domains. one vm to do "work", another for email that can only access the smtp/imap servers, attachments open in one time use disposable vm's, so no custom attachment payloads can exfiltrate anything. Lastly one Internet only vm browser domain for sites requiring persistance or special certs. Network wise they do not overlap, as you are inside or out and cant see any data from the other vm domains. Hardware, priv drivers, and even DMA are confined to a networking vm while all traffic through it is encrypted. Its better than the indirect method, but at some point I will be forced to give it up.

about 2 months ago
top

Routers Pose Biggest Security Threat To Home Networks

hAckz0r Re: But Routers are good things! (264 comments)

They can mitm using any cert installed in any browser that anyone is running so long as they own the network routers out to the Internet. They have no control over my desktop nor my cellphone that I accessed /. from, via wifi, to submit my prior post. From where I am now they do not.

about 2 months ago
top

Routers Pose Biggest Security Threat To Home Networks

hAckz0r Re: But Routers are good things! (264 comments)

For the most part I agree, only trusted signing athorities do nothing for you when the protocol itself lends itself to MITM attacks. Where I work all SSL traffic is monitored in this way, for security reasons. Including this post.

about 2 months ago
top

Routers Pose Biggest Security Threat To Home Networks

hAckz0r Re:But Routers are good things! (264 comments)

What is the one thing worse than having a Bot on your desktop machine? Having a stealth Bot controlling your network, having access to all your hosts, playing man-in-the-middle for all your "secure" SSL/TLS banking and credit-card connections. Andy you have no clue that it is even there. At least when you get a Bot on your local desktop machine you will have clues that something is spinning CPU and taking up disk space, if you are smart enough to notice those things. When a bot controls and sees everything, while giving no indication, and you have no AV or utilities on embedded hardware to diagnose the problem, then you have a REAL problem.

Yes, having a router is better than having no router, but only if YOU still own it. Once the bad guys p0wn it then it is no longer your friend.

about 2 months ago
top

DARPA Seeks the Holy Grail of Search Engines

hAckz0r I guess they decided... (78 comments)

... that Snowden didn't have good enough tools available.

about 2 months ago
top

Is Whitelisting the Answer To the Rise In Data Breaches?

hAckz0r paid advertisement (195 comments)

This article appears to me to be an advertisement placement article. The technology is not new, and hence not 'start up companies', except the one they are pushing. The technology is built into Windows but has no useable interface. stupid of Microsoft to leave that to the user and say nothing while maleware and hacking goes rampid. It is however good however to see the best solution get more attention. The AV track is a loosing proposition right out of the gate if you are the target of a hacker. My company has been using Bit9 for years. It does the job fairly well. The downside to this technology is process injection and overflow attacks do not run binaries, so 'running process checksums' are likely necessary. Fixing the overflow problem with an OS level secure library, and its enforcement, is necessary.

about 2 months ago
top

Do Hypersonic Missiles Make Defense Systems Obsolete?

hAckz0r No, its not obsolete, not by a long shot (365 comments)

Keep in mind that the same organizations that invented the Missile Defence System also invented the hypersonic missile. What makes anybody so sure that hypersonic interceptors are not already in the works?

Also, hypersonic technology is hard. Do the math. Its a lot harder than either politicians or reporters might think. Just because somebody can test a vehicle for a short distance (ie tens of seconds) does not mean it is a viable solution to anything. Making one that actually flies for any duration and can maneuver and evade is not yet a reality. At those speeds you don't need much to go wrong, to get going really really wrong. Its very unforgiving above Mach 7.

There are very few countries that can pull it off right now and they are not even the ones we particularly need to worry about. Those that we do need to worry about are still trying to figure out simple ICBM's, which is a full magnitude easier than even the simplest short duration hypersonic flight, and a whole lot cheaper to make.

about 2 months ago
top

Amazon: We Can Ship Items Before Customers Order

hAckz0r This has been tried before (243 comments)

It ended badly at the Boston Tea Party. The King of England anticipated that we would buy the tea he sent us whether we wanted to buy it or not.

about 3 months ago
top

Massive Android Mobile Botnet Hijacking SMS Data

hAckz0r Re:No fix from the NSA for this ?? (117 comments)

They do have a fix. Its called 'SELinux for Android' (SEforAndroid).

.
http://selinuxproject.org/page/SEAndroid

"Security Enhancements for Android (SE for Android) is a project to identify and address critical gaps in the security of Android. Initially, the project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the project is not limited to SELinux."

In fact its part of the latest Android distributions (Android 4.3+) but its not generally enabled by default yet. Eventually we should be able to lock down the device to prevent all kinds of malware, but unfortunately it doesn't block users from being stupid and installing apps from the more seedy places. Chances are if you install a hacked app you'll just grant it all kinds of permissions that you shouldn't. It can't fix 'stupid'.

about 4 months ago

Submissions

top

Say NO to software patents

hAckz0r hAckz0r writes  |  more than 2 years ago

hAckz0r (989977) writes "The WhiteHouse.gov ( https://wwws.whitehouse.gov/petitions#!/petitions ) now has an online petition to stop the USPTO from issuing any more software patents. One must register first with the petition site, wait for the confirming email, login, then locate the "Open Petitions" menu to go to the list of petitions. Scroll down to the one called "Direct the Patent Office to Cease Issuing Software Patents", and then do what you think is right. They need 3,428 petitions total to make it meaningful, and has logged 1,572 as of my entry."
Link to Original Source
top

Finding Compromised/Malicious Source Code

hAckz0r hAckz0r writes  |  more than 5 years ago

hAckz0r (989977) writes "I am in the final phase of a research project software design which, believe it or not, intends to help locate embedded malicious logic in Mega-SLOC sized source code bases, and eventually even across multiple computer language linkages. This tool is intended to aid an analyst in finding things like back doors, Easter eggs, time bomb logic, or other undesired or malicious logic inserted into the source code. The design has been highly scrutinized, and the funding for the project is now looking imminent. Once all the final papers are signed, and it really happens, then it's straight from the frying pan into the fire for me. The educated nay-sayers will no doubt be quick to remind me that you can't prove a negative. I already know that fact all too well.

Ok, now on to the real question. In order to prove any real life viability in the final software implementation we will need to demonstrate its many capabilities against a set of real life threats. I could write my own tests but I feel like that would be like cheating. Compromised 'Open Source' projects would be an obvious choice for availability reasons, but the problem is that as soon as an OS project admin realizes that their software product has become compromised, it literally disappears off of the Internet, almost over night. Poof! Gone! The Fedora/Redhat OpenSSH compromise could be one such example. Anybody even seen any Fedora updates lately?

I can start by chasing down other repositories that cache rpm source and then do my own deltas, if they have not already pulled that deprecated version, but that is still timing dependent. Obtaining copies of even older exploits seems to be even more troublesome and very time consuming, especially if one has to actually contact the project owners directly to revive a specific deprecated version number.

So my questions to Slashdot are:

1)Is there a compromised source code repository I am not aware of? Hacks-R-Us maybe? If it were a simple virus or a rootkit this would be much easier!

2)If you had to identify and then find these older deprecated versions of source code (C/C++ for now, other languages to follow) how would you go about doing this collection efficiently? Is there a comprehensive list of hacked OS projects with version numbers? Closed source doesn't count if the source code is not obtainable.

3)What specific deprecated/exploited OS software packages would be most worthy of testing if you only had a short time line, say about two weeks to collect them in? What floats to the top of the list? The Linux Kernel hack no doubt would top my list, then OpenSSH *2

Thanks in advance for your consideration."

Journals

hAckz0r has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...