×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Staples: Breach May Have Affected 1.16 Million Customers' Cards

networkzombie Details please (97 comments)

I would love to know exactly how it happened so I may learn from their mistakes. I can only assume they had incredibly poor security measures in place or they were breached by some ninja who's skills were beyond comprehension. Some of the TJMaxx details were released which revealed they had poor wifi security at the store, holding onto data they shouldn't have, and no proper encryption of data, so the criminals basically cracked them from a laptop in the parking lot. If all the latest hacks are similar to the TJMaxx crack, I feel safe. Paranoia is your friend.

2 days ago
top

Hackers Compromise ICANN, Access Zone File Data System

networkzombie Re: fire them (110 comments)

Do you run your own SMTP server? No email with your FQDN should be accepted via public incoming SMTP port, only private encrypted SMTP port with AUTH should be used for MUAs and MTAs (message submission). Why would your server accept email from itself? Incoming SMTP ports should never accept email from it's own domain. This way, if you get an email as you describe, you can verify that the account has been compromised.

3 days ago
top

Telepresence Store Staffed Remotely Using Robots

networkzombie Re:Remote Torso® (52 comments)

In my dream, one of the developers had a hidden IPv6 IoT Wake on WAN setting turned on by default in the UEFI v3. It was missed by quality control. We didn't worry about getting hacked or people dying because we paid our insurance policy that year, also we didn't want to pay our engineers a decent wage to do good work because insurance against lawsuits was cheaper. We outsourced to Apple, who outsourced to Foxconn, who outsourced to a soccer ball factory in Kyrgyzstan. It works well, if you remember to compliment the chef.

about a week ago
top

Telepresence Store Staffed Remotely Using Robots

networkzombie Remote Torso® (52 comments)

I have wanted to build a remote torso for years. It is a torso (duh) with robotic arms. Basically whenever you need a plumber, a dishwasher, a doctor, or a computer tech, you would take your Torso® out of the closet and place it in the desired area where it would be controlled by an expert and complete its tasks without the need for anyone traveling to your home. After many nightmares about a chef stabbing me to death when I didn't complement him on his chicken pot pie, I decided to ditch the whole idea and hope no one else picks it up.

about a week ago
top

How Identifiable Are You On the Web?

networkzombie Re: Identifiable enough that Google targets ads (159 comments)

Actually, no. Web surfing involves visiting a multitude of sites. Whitelisting would be painstakingly difficult, especially with the wife. Even whitelisting cookies is tedious, but cookies are what you should be whitelisting. After your accept all the cookies you need (bank, Slashdot, etc...) then block the rest. Simply visiting a web site is no reason to accept a cookie. If you can identify any sites to block (DoubleClick) then blacklisting is the way to go. We're not talking about a server here, it is a web browser. Imagine whitelisting 20 sites per hour while shopping for a pair of shoes.
What I do is to identify what sites are serving me ads, surf those sites while capturing packets using your favorite tool (NetworkTrafficView from Nirsoft if using Windows is easy) and block those sites using your firewall (IPs) and/or hosts file (FQDNs). I haven't seen a DoubleClick ad in years. In Windows my hosts file looks like this:
0.0.0.0 ad.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ad.n2434.doubleclick.net
0.0.0.0 doubleclick.net
0.0.0.0 a.doubleclick.net
The Slashdot filter made me cut quite a bit out, but you get the idea.
This work has already been done and gets updated for you here: http://someonewhocares.org/hos...
My Windows Firewall is more extensive. I block massive subnets in Russia, Ukraine, and China (ex. LACNIC Latin American and Caribbean 190.0.0.0/8). This is all for a laptop that leaves the house. For an in-home solution you should get a better router and block them at the gateway so your iPad is safe too. pfSense is very flexible, but DD-WRT can do some neat tricks.

about a week ago
top

Apparent Islamic Terrorism Strikes Sydney

networkzombie Re:Australian Gun Laws are STRICT! (876 comments)

My sister lives in Melbourne and her patio furniture is stolen every year. The thieves know how "safe" they are, so they do what they like. She chained it up but they took the chain too. I recently won a .380 auto in a poker game. I put it in my shotgun cabinet. No one has ever tried to steal from my patio. When you outlaw guns, only outlaws will have guns.

about a week ago
top

Football Concussion Lawsuits Start To Hit High Schools

networkzombie Bad Helmet Design (233 comments)

Why does the helmet only have padding on the inside? Padding on the inside makes it like a construction workers helmet that is meant to protect you from hard objects like girders and falling buckets of nails. Padding on the outside of the helmet would (slightly more) cushion the repeated sudden shocks that can damage the brain. The hard candy shell should be in the middle to distribute the shock over a larger area, which in football doesn't help much because that area is your braincase, but the shell will help the helmet keep its shape. Of course padding outside the helmet would also eliminate the loud hit sounds that the spectators enjoy and make the players look like little cream puffs that can't play rough. We should just give the players weapons and release lions during the game.

about three weeks ago
top

Debian Forked Over Systemd

networkzombie Re:What a horrible name (647 comments)

I remember installing Red Hat 5.x in the 90s and wondering how Linux should be pronounced. Linus had uploaded a mp3 of himself saying "it is pronounced Linux". I listened to it over a dozen times. I still do not know the correct pronunciation. On Mondays I call it "line-ex", on Tuesdays I call it "lyn-ex", on Wednesdays I call it "line-icks", and the rest of the week I call it "lyn-icks". I guess I don't really give a crap. I never liked the name Debian either. My brother named his daughter using the same method, merging his name and his wife's name. His daughter hates it. I wonder how Debian feels. Debian is probably happy it is not named "Devuan". I wouldn't even name my goldfish that, much less an a spoon or a fork.

about three weeks ago
top

Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?

networkzombie SMTP on a Comcast Business IP (405 comments)

Dear Hawkbug, I'm apologize for my fellow posters spewing forth knee-jerk postings. I have examined your situation and I must say I am puzzled. Your MX and rDNS records are all in order. The domain in question passes the generic email server tests. Your system can obviously communicate out via port 25 or you would not be getting deferred errors from servers and it does not "look like" it is being altered by any proxy. So... Comcast is not blocking your port, nor is your email server defunct. Everything seems in order. What can we conclude? You say the email server was working up until two weeks ago. What has changed? Either the servers offering up the deferred messages have implemented a new policy against you, or Comcast is altering your outgoing port 25 (to test the proxy/manipulation theory, find a friend who has an SMTP server and examine the SMTP logs). Whatever the case, it is something that has changed recently. Did you changed anything on the server? SMTP Banner? FQDN response? Any modifications to your DKIM or SPF? The "Deferred Errors" to me say greylisting. What would get you greylisted? Someone you sent an email to marked it as spam perhaps. Were any sent to the wrong person? Were any profane? Would anyone have mistakenly reported it as spam? Examine the emails you sent right before it stopped working, they may contain clues. My experience says follow the trail of "what changed when it stopped working." Good luck.

about a month ago
top

US Postal Service Hacked, 500k+ Employees and Public Data Breached

networkzombie Re:We shouldn't count Zone Alarm alerts.. (46 comments)

So they were attacked, on average, 8,149 times per second for a year? I thought my logs were bad. They should call that guy and tell him to stop!

about a month and a half ago
top

Mathematical Proof That the Universe Could Come From Nothing

networkzombie Re:I knew it (429 comments)

That's the point. "Nothing exists" is a very old joke for more reasons than what you gracefully stated.

about a month and a half ago
top

Mathematical Proof That the Universe Could Come From Nothing

networkzombie I knew it (429 comments)

So, nothing does exist!

about a month and a half ago
top

The Airplane of the Future May Not Have Windows

networkzombie bright light and vomit (286 comments)

I can't get people to shut the dinky windows when I try to sleep on flights now. I hate those sleep masks. I hate flying and I am afraid of heights. For a few years now I joked about how they should make glass-bottom airplanes. I joked because it is ridiculous, just as this is.

about 2 months ago
top

ISPs Violating Net Neutrality To Block Encryption

networkzombie Re:No Carriers (149 comments)

Port 465 is for encrypted SMTP, and port 587 is for message submission. Port 25 is for server communications. No consumer grade line should allow outgoing port 25 unless you request to be white-listed and pass a technical competence test, you know, like knowing that non-business customers should not be using SMTP over port 25.

about 2 months ago
top

ISPs Violating Net Neutrality To Block Encryption

networkzombie Re:No Carriers (149 comments)

Uh, why not just block outgoing port 25? Do you have a reason for leaving it open to non-business customers?

about 2 months ago
top

Kmart Says Its Payment System Was Hacked

networkzombie Re:My shopping is becoming limited (101 comments)

As an IT security guy, I don't used my credit card at Target, Sears, Kmart, Walmart, Home Depot, or any of the large targets (no pun intended). I use cash at those places (and gas stations) because it is obvious they were employing on the cheap. Low paid employees+massive transactions=easy target. They are the low hanging fruit. I use my credit card at Newegg and my favorite small restaurant where I know the owner. At least if they get hacked I will get an apology. When I setup my customers/clients to accept credit cards, I fill out the mandatory PCI compliance form for them. What a joke! Half the time the never follow up, like they say they have to, and the form basically asks if you have antivirus on the computer. Can I get an audit please? Where does the tax money go?

about 2 months ago
top

Ask Slashdot: Designing a Telecom Configuration Center?

networkzombie Easy (52 comments)

Use fiber for everything, setup a pfsense box, set the switches to unmanaged, and use one collision domain. I suggest 10.0.0.0/8.

about 2 months ago
top

Google's Doubleclick Ad Servers Exposed Millions of Computers To Malware

networkzombie Re:edit host file (226 comments)

Not good enough. There are many:
0.0.0.0 ad.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ad.n2434.doubleclick.net
0.0.0.0 doubleclick.net
0.0.0.0 a.doubleclick.net
0.0.0.0 b.doubleclick.net
0.0.0.0 c.doubleclick.net
0.0.0.0 d.doubleclick.net
0.0.0.0 e.doubleclick.net
0.0.0.0 h.doubleclick.net
0.0.0.0 i.doubleclick.net
0.0.0.0 j.doubleclick.net
0.0.0.0 k.doubleclick.net
0.0.0.0 l.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 n.doubleclick.net
0.0.0.0 o.doubleclick.net
0.0.0.0 p.doubleclick.net
0.0.0.0 q.doubleclick.net
0.0.0.0 r.doubleclick.net
0.0.0.0 s.doubleclick.net
0.0.0.0 ad.ar.doubleclick.net
etc...

about 3 months ago
top

Google's Doubleclick Ad Servers Exposed Millions of Computers To Malware

networkzombie No surprise (226 comments)

I have been blocking doubleclick on the corporate firewall for years, and in every hosts file I come in contact with. No one ever complained, but now if they do, I have ammunition. If you serve up a web site, you should personally vouch for not only the product you are advertising, but the source of the advert as well. I blame Google for placing advertising dollars above their users (I know, they don't have users, they have sheep for fleecing).

about 3 months ago
top

Tinba Trojan Targets Major US Banks

networkzombie Adobe prophylactic? (61 comments)

Does EMET stop Tinba?

about 3 months ago

Submissions

networkzombie hasn't submitted any stories.

Journals

networkzombie has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?