×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Microsoft Releases Out-of-Band Security Patch For Windows

harryjohnston Re:What is it? (178 comments)

An elevation of privilege affecting the entire domain is certainly critical, particularly when it's already being used in attacks.

This means that if the attacker has control of one machine in the domain, he or she can take control of every other machine, including the servers.

about two weeks ago
top

Microsoft Releases Out-of-Band Security Patch For Windows

harryjohnston Re:DOES Affect Vista, Windows 7, Windows 8, 8.1. (178 comments)

No, the security bulletin is very clear that the vulnerability doesn't affect client versions of Windows. The patch has been made available anyway only as a defense in depth precaution.

If you look at the "Affected Software" table, you will note that the "Maximum Security Impact" is "None" for client versions.

(OK, I guess it depends on what you mean by "affect". But the upshot is that you only need to patch servers - more specifically DCs - now, everything else can wait and be done with next month's updates.)

about two weeks ago
top

Computer Scientists Ask Supreme Court To Rule APIs Can't Be Copyrighted

harryjohnston Re:Oh, *now* it's OK to extend the Java API ... (260 comments)

Hmmm. Good points. Well, I don't suppose it matters to me any more, it's been years since I wrote anything in Java. (It was a major pain at the time, though; I had a small but significant investment in Java code, and I pretty much had to abandon it. At the time, at least, Microsoft's Java was the only one that produced executables that would just run without needing something else installed first.)

about three weeks ago
top

When We Don't Like the Solution, We Deny the Problem

harryjohnston And in other breaking news ... (282 comments)

... some scientists think that Republicans and Democrats may in fact be members of the same species.

about three weeks ago
top

Computer Scientists Ask Supreme Court To Rule APIs Can't Be Copyrighted

harryjohnston Oh, *now* it's OK to extend the Java API ... (260 comments)

... but when Microsoft did the same thing, *that* was evil.

(If Google wins, does that mean Microsoft can put Java back into Windows again?)

about three weeks ago
top

Intel To Expand Core M Broadwell Line With Faster Dual-Core Processors

harryjohnston Ouch (52 comments)

Very cool technically speaking, and good for system designers ... it will, however, make it that much harder to comparison shop, if the same CPU has a different speed depending on how it's wired up.

about three weeks ago
top

Will the Google Car Turn Out To Be the Apple Newton of Automobiles?

harryjohnston Was it ever intended to be a commercial product? (287 comments)

It isn't clear to me that Google ever intended this to be a commercial product, or at least not in the short-to-medium term. Treated as a research project, it is impressive regardless of the practical limitations.

about a month ago
top

3D-Printed Gun Earns Man Two Years In Japanese Prison

harryjohnston Re:proof banning guns doesn't harm criminals (331 comments)

In reality, in nations like New Zealand (and Japan, I believe) criminals rarely use guns. A well-connected crook can get a gun if he wants one, but the risks generally outweigh the benefits. (For a start, using a gun to commit a crime guarantees much more police attention than you would otherwise get. And if you do get caught, you can expect a much harsher sentence.)

about a month ago
top

Ask Slashdot: Good Hosting Service For a Parody Site?

harryjohnston Nothing surprising about RPG/MUD restrictions (115 comments)

Doesn't surprise me at all, and hardly seems a fair criticism. I would expect most hosting services would prohibit sites that are likely to cause disproportionate load, unless they have a charging model that allows for it.

about a month ago
top

Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

harryjohnston Re: Supreme Court Justice Louis Brandeis (208 comments)

That's a slight misrepresentation. The surveillance was thought to be legal at the time it was carried out, and it *should* have been legal - that is, the original law was not intended to prohibit it but was merely badly drafted. In circumstances like that, prosecution would be grossly unjust.

about a month and a half ago
top

Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

harryjohnston Re:Technical claims as reported puzzling (208 comments)

The article says "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page." That's the technical claim I'm talking about, and the only one that I've seen so far in support of the contention that the site was hacked.

If this claim is credible, then the site was in fact responding on its routable address, and might (at least in principle) have been found by scanning the internet.

If this claim is not credible, then I'd like to know what credible evidence *has* been presented.

(As an aside, a few days back I saw someone claim to have identified a specific mistake in the configuration file that caused the site to allow connections that didn't come through Tor, but I can no longer locate this claim and can't speak for its technical accuracy.)

about a month and a half ago
top

Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

harryjohnston Technical claims as reported puzzling (208 comments)

Has the defense presented any actual evidence that the site was hacked?

The Ars Technica article says: "Experts suggested that the FBI didn't see leakage from the site's login page but contacted the site's IP directly and got the PHPMyAdmin configuration page. That raises the question of how the authorities obtained the IP address and located the servers." ... but that doesn't make sense. If having the IP address was all they needed to identify that it was indeed the droids - sorry, server - they were looking for, well, that's easy enough these days: there are less than four billion routable IP addresses, so try them all. It might take a few days or a few weeks or even a few months, depending on what resources you can throw at it, but it's no big deal. So what am I missing? Or are the defense just blowing smoke?

about 1 month ago
top

Apple Yet To Push Patch For "Shellshock" Bug

harryjohnston Re:Arstechnica = fail (208 comments)

You're quite right, I hadn't read the article you were referring to - assumed it was more of the same, to be honest - and so was reading your post out of context. Sorry about that and thanks for the clarification.

As far as I know, though, bash itself (the upstream version) hasn't accepted the comprehensive patch yet? I think that's what the writer meant, not that none of the individual distributions have applied it.

about a month ago
top

Apple Yet To Push Patch For "Shellshock" Bug

harryjohnston Backporting not an issue (208 comments)

Backporting the patch(s), or fixing it from first principles for that matter, is unlikely to be an issue. The problem just isn't that complicated.

The delay is more likely due to Apple's more rigorous testing regime.

about 2 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

harryjohnston Re:Arstechnica = fail (208 comments)

It could also be exploited remotely if the function parsing code has any bugs in it. Several have already been discovered, including one that is probably remotely exploitable.

http://lcamtuf.blogspot.co.nz/...

about 2 months ago
top

Pseudonyms Now Allowed On Google+

harryjohnston Re:The frick? (238 comments)

Exactly.

I've been asked to sign up to Google+ for one reason or another a few times (and refused) and been signed up without being asked another few times. No promises, but the next time that happens I might not bother to delete the account.

As it happens I do use my real name, but I don't see why I should have to prove it to anyone. (And people, mostly Americans, do sometimes assume that I made it up; if I recall correctly, the phrase used on the most recent occasion was "sexually explicit joke username".)

about 4 months ago
top

Court Releases DOJ Memo Justifying Drone Strike On US Citizen

harryjohnston Re:American Civil War (371 comments)

Of course, I suppose that if they had been allowed to secede, they would then be a foreign nation which the US could have declared war on perfectly legally.

about 5 months ago
top

Court Releases DOJ Memo Justifying Drone Strike On US Citizen

harryjohnston American Civil War (371 comments)

Whenever this sort of thing comes up I always wonder ... was the Civil War unconstitutional? That also involved military action against US citizens, and presumably the Union didn't hold trials for each individual Confederate soldier before allowing anyone to shoot at them.

What are the significant differences, if any?

about 5 months ago

Submissions

top

Windows 8.1 security enhancements backported to Windows 7

harryjohnston harryjohnston writes  |  about 6 months ago

harryjohnston (1118069) writes "If you read this story a few days back you might be excused for thinking Microsoft have abandoned Windows 7 to the dusty shelves of history. Only a few weeks earlier, however, update KB2871997 was released, backporting a number of enterprise-level security enhancements that first appeared in Windows 8.1.

This blog post from last week goes into more detail. It should perhaps be mentioned that many, though not all, of the new features are only useful if you have upgraded your domain controllers to Windows 2012 R2, so this is not an entirely altruistic move on Microsoft's part. (Many enterprises do not have to pay any extra fees to upgrade Windows on the desktop, but do have to buy new licenses to upgrade servers.)"

Link to Original Source
top

Ask Slashdot: Alternatives to Groklaw?

harryjohnston harryjohnston writes  |  more than 2 years ago

harryjohnston writes "Having been kicked off Groklaw a while back for "ignorance", i.e., having opinions differing from those of the owner, I'm looking for an alternative source of news/commentary about legal issues relating to technology — other than Slashdot itself, of course! Any suggestions?"
top

US Cyber Command Drinks the Cloud Kool-Aid

harryjohnston harryjohnston writes  |  about 3 years ago

harryjohnston writes "According to the head of the NSA and General Keith Alexander, the best way to improve the nation's cyber defenses is by shifting to a "cloud architecture". Is this a well-reasoned plan or a buzzword-induced hallucination? You decide."
Link to Original Source
top

Peer-to-peer traffic drops 10% after new law

harryjohnston harryjohnston writes  |  more than 3 years ago

harryjohnston writes "Following the introduction of New Zealand's new copyright legislation, which we discussed last week, major ISP Orcon reports that international peer-to-peer traffic has dropped 10%. This might mean that the law is actually working, to some extent, though experts say the effect will probably only be temporary."
Link to Original Source
top

Indonesian MP caught watching porn in Parliament

harryjohnston harryjohnston writes  |  more than 3 years ago

harryjohnston writes "An outspoken supporter of Indonesia's draconian anti-pornography laws was caught watching porn on his tablet computer in Parliament during a debate about plans to build a new parliamentary building. I'm all in favour of a casual approach to government, but this may be taking it a bit far."
Link to Original Source
top

Palin: treat Julian Assange as terrorist leader

harryjohnston harryjohnston writes  |  more than 3 years ago

harryjohnston (1118069) writes "Sarah Palin is reported as saying that Julian Assange, director of WikiLeaks, should be "pursued with the same urgency we pursue al-Qaeda and Taleban leaders". She also asked whether the US has used "all the cyber tools at our disposal" to shut down the WikiLeaks web site. It isn't clear whether she realizes that such an effort would almost certainly be illegal."
Link to Original Source
top

Man jailed for naked photo of ex on Facebook

harryjohnston harryjohnston writes  |  about 4 years ago

harryjohnston (1118069) writes "A resident of Wellington, New Zealand has been jailed for posting a naked photograph of his ex-girlfriend on her Facebook page. This is believed to be a legal first — although since he had also pleaded guilty to threatening to kill, wilful damage, theft and assault, it seems likely that the judge took those into account in deciding on a jail sentence."
Link to Original Source
top

The Psychology of Scam Victims

harryjohnston harryjohnston writes  |  about 5 years ago

harryjohnston (1118069) writes "Frank Stajano, ARM lecturer in Ubiquitous Computing Systems at the University of Cambridge, and Paul Wilson, writer/presenter for the popular BBC Three series "The Real Hustle", have written a fascinating technical report (PDF) on the psychology of scam victims, based on the television series but with particular emphasis on how real-world scams (and the psychology behind them) translate into electronic scams, and on what security engineers need to know in order to mitigate the risks."
Link to Original Source
top

Another Microsoft Update Update

harryjohnston harryjohnston writes  |  more than 5 years ago

harryjohnston writes "The Microsoft Update Product Team have announced (via their Microsoft Update Product Team Blog that the Automatic Updates client code will be updated at the beginning of next month.

Because of limitations in the client software, this update will be automatically installed unless Automatic Updates is disabled completely, ignoring settings like "Notify me but don't automatically download or install them".

In my own opinion such an update is unlikely to cause any harm, but many have disagreed in the past. Full disclosure: I have been awarded as a Microsoft MVP. Let the bashing commence!"

Link to Original Source
top

New sort of social engineering - personal threats

harryjohnston harryjohnston writes  |  more than 6 years ago

harryjohnston (1118069) writes "Looks as if malware distributors have upped the ante again. Bulk email aimed at tricking people into visiting a web site for a drive-by download is nothing new, but I've never seen this particular, and rather disconcerting, approach before:

"Subject: she has already gone to hospital!!

Hello, harry.

Listen to me carefully, i don't know what your name is, but i'll find you=
  and i'll cripple you, because this is you who tempted her!!!
She has already gone to hospital, you're next, this is evidence: [malicious link redacted]"

Scary huh?"
top

Pay up or no security for you

harryjohnston harryjohnston writes  |  more than 6 years ago

harryjohnston writes "Cisco appears to have adopted a policy of making people pay for service contracts if they want security updates for Cisco client software. I've been trying to update their VPN software on my home laptop (which I use to connect to the Cisco VPN hardware at my workplace) ever since I realized it had an elevation of privilege vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

However, Cisco won't provide me with the update because I don't have a service contract with them.

Despite repeated requests, they seem unwilling to provide any explanation of this baffling policy. Their latest response, and I quote verbatim:

"If you don't services contract on your profile and you are guess level access and which guess level access and you will not have any access download any software from Cisco website. If you have any further please contact Cisco.com suppport team or contact us 1 800 553 2447."

On the plus side their product support response time is excellent. The preceding work of art arrived in less than 30 minutes. :-)"

Journals

harryjohnston has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?