Slashdot Mirror

← Back to Domains

Domain: sans.edu

Stories and comments across the archive that link to sans.edu.

Comments · 323

  1. As to YOUR lies? LOL: #2/4 by Anonymous Coward · · Score: 0 · on West Virginia Offers Free Cybersecurity Training To the Elderly (axios.com)

    "classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.comnews/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.comarticle/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.comsn/sn-045.htm/

    Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.comcolumnists/491/

    APK

  2. As to YOUR lies? LOL: #2/4 by Anonymous Coward · · Score: -1 · on Britain Faces an AI Brain Drain as Tech Giants Raid Top Universities (telegraph.co.uk)

    "classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.comnews/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.comarticle/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.comsn/sn-045.htm/

    Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.comcolumnists/491/

    APK

  3. As to YOUR lies? LOL: #2/4 by Anonymous Coward · · Score: 0 · on Google To Nix All Tech Support Provider Ads (itnews.com.au)

    "classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.comnews/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.comarticle/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.comsn/sn-045.htm/

    Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.comcolumnists/491/

    APK

  4. As to YOUR lies? LOL: #1/3 by Anonymous Coward · · Score: 0 · on Chrome Browser Turns 10 (theverge.com)

    "classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.comnews/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. " hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.comarticle/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.comsn/sn-045.htm/

    Oliver Day http://www.securityfocus.comcolumnists/491/ "Host file browsing the Web - is actually faster

  5. Security pros say opposite of you #1/2 by Anonymous Coward · · Score: 0 · on Intel Discloses Three More Chip Flaws (reuters.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

    * MORE COMING IN PART #2...

    APK

    P.S.=> Sorry, but hosts DO do port filtering as I showed stupid... apk

  6. Security pros say opposite of you #1/2 by Anonymous Coward · · Score: 0 · on Intel Discloses Three More Chip Flaws (reuters.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

    * MORE COMING IN PART #2...

    APK

    P.S.=> Sorry, but hosts DO do port filtering as I showed stupid... apk

  7. Security pros say opposite of you #1/2 by Anonymous Coward · · Score: 0 · on Intel Discloses Three More Chip Flaws (reuters.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

    ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

    Steve Gibson on hosts https://www.grc.com/sn/sn-045.htm/

    * MORE COMING IN PART #2...

    APK

    P.S.=> Sorry, but hosts DO do port filtering as I showed stupid... apk

  8. SECURITY PROS #1/2 disagree w/ you troll by Anonymous Coward · · Score: 0 · on Firefox 61 Arrives With Better Search, Tab Warming, and Accessibility Tools Inspector (venturebeat.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> More are coming (to your PUBLIC dismay)... apk

  9. SECURITY PROS #1/2 disagree w/ you troll by Anonymous Coward · · Score: 0 · on Firefox 61 Arrives With Better Search, Tab Warming, and Accessibility Tools Inspector (venturebeat.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> More are coming (to your PUBLIC dismay)... apk

  10. SECURITY PROS #1/2 disagree w/ you troll by Anonymous Coward · · Score: 0 · on Firefox 61 Arrives With Better Search, Tab Warming, and Accessibility Tools Inspector (venturebeat.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> More are coming (to your PUBLIC dismay)... apk

  11. You FAIL to provide anything @ all, lol by Anonymous Coward · · Score: 0 · on VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices (bleepingcomputer.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> I also asked IF you wanted those too, funny you didn't reply so NOW you EAT YOUR WORDS, lol... apk

  12. You FAIL to provide anything @ all, lol by Anonymous Coward · · Score: 0 · on VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices (bleepingcomputer.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> I also asked IF you wanted those too, funny you didn't reply so NOW you EAT YOUR WORDS, lol... apk

  13. You FAIL to provide anything @ all, lol by Anonymous Coward · · Score: 0 · on VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices (bleepingcomputer.com)

    SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

    SANS (lists using hosts blocks) https://isc.sans.edu/forums/diary/Botnet+malware+defense/4138/

    BLOCKING (What hosts do) BEFORE SCANNING @ SANS https://isc.sans.edu/forums/di...

    APK

    P.S.=> I also asked IF you wanted those too, funny you didn't reply so NOW you EAT YOUR WORDS, lol... apk

  14. Re:Fuck off with this security bullshit. by metamatic · · Score: 4, Informative · on Wondering Why Your Internal .dev Web App Has Stopped Working? (theregister.co.uk)

    And CERT has warned against using your own internal made-up top level domains...

    https://isc.sans.edu/forums/di... ...which is why there's an RFC listing reserved top level domains you can safely use:

    https://tools.ietf.org/html/rf...

  15. Re:Jobs for coal miners by Dunavant · · Score: 1 · on World's First 'Negative Emissions' Plant Has Begun Operation (qz.com)

    First, no government would let its own satellite get modified by another entity.

    Much like any of their other computers. Especially not military computers. https://tech.slashdot.org/stor... https://www.sans.edu/cyber-res...

  16. Re:Petya = already defeated last year by Anonymous Coward · · Score: 5, Informative · on Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com)

    This appears to be a new variant. No confirmation yet as to whether or not the previous decrypter still works.

    https://isc.sans.edu/forums/diary/Widescale+Petya+variant+ransomware+attack+noted/22560/
    "According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap."

    https://twitter.com/craiu/status/879692523102511104
    The fast-spreading Petrwrap/Petya ransomware sample we have was compiled on June 18, 2017 according to its PE timestamp.

  17. Could you have submitted a worse link? by Pollux · · Score: 4, Informative · on Gmail, Google Docs Users Hit By Massive Email Phishing Scam (independent.co.uk)

    Comment to submitter... next time, please find an article that provides a much better summary without all the gratuitous clickbait links, please. Like this one, or this one.

    Anyways, in short, the doc makes an OAuth request for access to the user's e-mail and contacts. And since every user blindly accepts permissions such as these whenever they add an app to their phone, we had a lot of users at our district click "Accept".

    Mod points to anyone who can parse the source code and summarize what it does, besides mass-email everyone in the contact list a copy of itself.

  18. Wrong: No NSA malware & /.ers like + use it by Anonymous Coward · · Score: 0 · on Chrome 59 To Address Punycode Phishing Attack

    I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell

    his hosts program is actually pretty good by xenotransplant

    his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

    I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

    take a look at the APK hosts file engine by SuperKendall

    APK is kinda right. I've tried his hosts file generating software. It works by bmo

    I like your host file system by Karmashock

    I find your hosts file admirable by vel-ex-tech

    * My code's liked + recommended & hosted by Malwarebytes' hpHosts!

    APK

    P.S.=> See subject: It's no SMB1/2/3 (nothing to do w/ those) NSA malware either ala https://isc.sans.edu/forums/di...

  19. Has NOTHING to do w/ port 445 stupid by Anonymous Coward · · Score: -1 · on Chrome 59 To Address Punycode Phishing Attack

    See subject: My prog has NOTHING to do w/ port 445 or SMB1/2/3 exploit by the NSA ala https://isc.sans.edu/forums/di... dumbass!

    APK

    P.S.=> You UNIDENTIFIABLE anonymous trolls are REAL pieces of work (pieces of lying shit's more like it) - no class & NO shame... apk

  20. Re:Are two hashes better than one? by Artem+S.+Tashkinov · · Score: 1 · on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com)

    Perhaps I was completely wrong - skip to the Mysid's comment. My sincere apologies then. But this explanation just doesn't work/compute in my head - even today finding MD5 collisions is extremely computationally expensive, yet the person says SHA1 + MD5 is only slightly more computationally expensive.

    Let's put it in layman's terms: let's say your cluster made of a thousand GPUs finds MD5 collisions for given data every second. Now finding an SHA1 collision in Google's case required 9,223,372,036,854,775,808 computations based either on purely random data or data which needed to be fed to the SHA1 algorithm in succession both of which you cannot get using your already found MD5 collisions, because they are not random. I cannot see how your non random MD5 data could be used as a basis for cracking SHA-1 simultaneously. Again, maybe I'm totally wrong about that.

    I'd also love to hear someone with a good cryptography background rather than believe a random person on the net or my amateurish logic.

  21. SOAP Vulnerability added to Mirai by UnderAttack · · Score: 2 · on Deutsche Telekom Says 900,000 Fixed-Line Customers Suffer Outages (reuters.com)

    see https://isc.sans.edu/forums/di...

    looks like a new SOAP vulnerability was added to Mirai. Here come a few million more mirai bots.

  22. It's a TR-069 exploit in Deutsche Telekom routers by Anonymous Coward · · Score: 2, Informative · on Deutsche Telekom Says 900,000 Fixed-Line Customers Suffer Outages (reuters.com)

    and possibly other routers. There's a thorough article about the issue. Apparently the handler for a SOAP request doesn't sanitize untrusted input and executes backticked shell code.

  23. Find the device's online trail by beda · · Score: 4, Informative · on Ask Slashdot: Is My IoT Device Part of a Botnet?

    Infected devices usually try to spread the infection further and their scanning attempts on the Internet are often observed. There is for instance a dedicated website for IoT devices attacking Telnet ports or some more generic ones, such as the Internet Storm Center. If the IP address of your device is on the list, it is very likely that you have a problem.

  24. Test File from ISC by entropy01 · · Score: 1 · on Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com)

    Internet Storm Center has a writeup and a test file you can download: https://isc.sans.edu/forums/di...

  25. DNS ATTACKED & DOWNED con't. by Anonymous Coward · · Score: 0 · on Google Admits That Google.com Is Partially Dangerous (eweek.com)

    https://isc.sans.edu/diary/wor...
    http://www.theregister.co.uk/2...
    http://www.dshield.org/diary/W...
    http://www.theregister.co.uk/2...
    http://tech.slashdot.org/story...
    http://tech.slashdot.org/story...
    http://www.zdnet.com/au/optus-...
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2...
    http://www.dshield.org/diary/N...
    http://yro.slashdot.org/story/...
    http://nakedsecurity.sophos.co...
    http://www.crn.com/news/securi...
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2...

    APK

    P.S.=> Next is SECURITY BREACHES due to DNS failures... apk

  26. Re:Disable SSLv2 by AnthonySimpson · · Score: 2 · on A Third of All HTTPS Websites Vulnerable To DROWN Attack (drownattack.com)

    SSLv3 is vulnerable to the POODLE attack and other attacks. It doesn't seem like any version of SSL is truly safe. What are the alternatives? Documentation on SSL3 vulnerabilities- https://isc.sans.edu/forums/di...

  27. Routers alone = shit (here's proof #14/15) by Anonymous Coward · · Score: 0 · on Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org)

    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2..." ADD_DATE="1449501567" LAST_VISITED="0">Lock up your top-of-racks, says Cisco, theres a bug in the USB code â The Register
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/P...
    http://www.wired.com/threatlev...
    http://www.zdnet.com.au/cisco-...
    http://www.zdnet.com/cisco-fix...
    http://yro.slashdot.org/commen...
    http://yro.slashdot.org/story/...
    http://yro.slashdot.org/story/...
    http://yro.slashdot.org/story/...
    https://isc.sans.edu/forums/di...
    https://nakedsecurity.sophos.c...
    http://www.theregister.co.uk/2...

    APK

    P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

  28. Routers alone = shit (here's proof #14/15) by Anonymous Coward · · Score: 0 · on AdBlock Plus Updates Acceptable Ads Policy

    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2..." ADD_DATE="1449501567" LAST_VISITED="0">Lock up your top-of-racks, says Cisco, theres a bug in the USB code â The Register
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/2...
    http://www.theregister.co.uk/P...
    http://www.wired.com/threatlev...
    http://www.zdnet.com.au/cisco-...
    http://www.zdnet.com/cisco-fix...
    http://yro.slashdot.org/commen...
    http://yro.slashdot.org/story/...
    http://yro.slashdot.org/story/...
    http://yro.slashdot.org/story/...
    https://isc.sans.edu/forums/di...
    https://nakedsecurity.sophos.c...
    https://nakedsecurity.sophos.c...

    APK

    P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

  29. Re:Is there a list of IP ranges for this anywhere? by phantomfive · · Score: 1 · on Despite Promises, China Still Targeting US Firms (crowdstrike.com)

    Years ago it was true that if you took a brand new Windows machine, put it on the internet, it would probably be hacked within 30 minutes. I very much doubt that has changed for the better.

    It's generally less than 10 minutes.

  30. Re:suggestion to make slashdot useful again by Zocalo · · Score: 5, Informative · on Microsoft's Telemetry Additions To Windows 7 and 8 Raise Privacy Concerns

    The Internet Storm Centre (part of SANS) posts one of these fairly shortly after MS releases the patches. Here's their post for the August patch batch to give you an idea - they don't cover the optional updates at all though.

  31. Re:suggestion to make slashdot useful again by Zocalo · · Score: 5, Informative · on Microsoft's Telemetry Additions To Windows 7 and 8 Raise Privacy Concerns

    The Internet Storm Centre (part of SANS) posts one of these fairly shortly after MS releases the patches. Here's their post for the August patch batch to give you an idea - they don't cover the optional updates at all though.

  32. Re:Thanks, OpenSSL by __aabppq7737 · · Score: 1 · on Glitches: United Airlines Grounds All Flights, NYSE Suspends Trading

    https://isc.sans.edu/forums/di...

  33. Addendum #3/3: Partial list of DNS exploits... apk by Anonymous Coward · · Score: 0 · on European Internet Users Urged To Protect Themselves Against Facebook Tracking

    http://www.dshield.org/diary/D...

    http://tech.slashdot.org/story...

    http://www.dshield.org/diary/G...

    https://threatpost.com/en_us/b...

    https://threatpost.com/en_us/b...

    http://www.itnews.com.au/News/...

    http://plus.evozi.com/204/mala...

    http://tech.slashdot.org/comme...

    http://www.zdnet.com/linkedin-...

    http://www.zdnet.com/linkedin-...

    http://www.zdnet.com/au/optus-...

    http://www.zdnet.com/dutch-dns...

    http://www.computerworld.com/s...

    https://isc.sans.edu/forums/di...

    http://it.slashdot.org/story/1...

    http://www.dshield.org/diary/g...

    http://www.dshield.org/diary/N...

    http://www.dshield.org/diary/L...

    http://www.dshield.org/diary/D...

    http://www.networkworld.com/ne...

    * "Read 'em & weep" STILL more are coming (since that's only partial on my end, and the future WILL SHOW MORE without doubt)... & that's only SOME of the exploits DNS has experienced, I don't have them all but those will do!

    (Simply facts supporting my former posts on the subject of DNS issues -> http://tech.slashdot.org/comme... AND http://tech.slashdot.org/comme... as I promised in it, to show the RAMPANT EXPLOITABILITY of DNS vs. my program AND WINDOWS protecting hosts perfectly...)

    APK

    P.S.=> You can't win, accept it... apk

  34. Re:Good. +1 for Google. by mwvdlee · · Score: 1 · on Chinese Certificate Authority CNNIC Is Dropped From Google Products

    Google's web services may not be a player in China (irrelevant, so I didn't check), but their browsers (desktop and android) most certainly are: http://www.chinainternetwatch....

    I don't think "lessor" is a word, but if you meant "lesser" then you couldn't be more wrong: http://www.zdnet.com/article/n...

    I'm quite confident that most of these Google-browser users don't have a clue what digital certificates are.

    Verisign, Thawte and GeoTrust would probably be treated the same way, if they failed to act of known false certificates. This isn't just "negligently or willfully making bogus certificates", this is mostly about failing to fix the problem after having been informed of having created "bogus certificates". Matter of fact, these CA's regularly update their recovation lists (CRL): https://isc.sans.edu/crls.html

  35. Audit don't restrict by mysidia · · Score: 1 · on Ask Slashdot: Dealing With User Resignation From an IT Perspective?

    I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day.

    Most folks aren't going to be engaged in destructive behavior when they leave ----- especially if moving to a new job. Therefore marking folders 'read-only' shouldn't be the pertinent thing. The greater danger is, they steal information. Not they destroy or corrupt information, which should be backed up anyways. And if they were going to, they probably had all the time they needed already. Why would they engage in the suspicious activity AFTER giving notice; given that they may be able to reasonably expect being released on the spot (for security reasons)? If someone wanted to be naughty..... wouldn't it make more sense to do the naughty things, and then turn in their notice after they had been doing the naughty thing for 6 months in small bite-size pieces unlikely to be noticed, or explainable away in any one instance?

    I refer you to IT separation duties:

    Even if IT is the custodian of the information, employee's may be able to access sensitive information. Two classic examples are contact lists and contracts. If a salesperson is leaving an organization, it is a time honored tradition to try to leave with the entire customer contact list. Receiving and providing contracts give a clear picture of the revenue and cost structure of an organization. These should be protected not only with digital means, but also with physical security protections.

    Perhaps not the best idea.... unless these are permissions he wouldn't notice going away.

    I would firmly suggest instead: audit all activity.

    You do have file access auditing on your file server, and capture of audit logs to a safe location, right?

    You might adjust the auditing parameters for the user to audit all activity, even when normally not all is audited.

  36. Re:Fewer bug fixes? by f3rret · · Score: 5, Informative · on NTP's Fate Hinges On "Father Time"

    NTP doesn't just 'return a string of numbers'.

    No, sometimes it returns A lot of strings of numbers.

  37. Stay Informed by NuAngel · · Score: 1 · on Ask Slashdot - Breaking Into Penetration Testing At 30

    No matter what certifications you get (although you should get certified, for legal reasons as mentioned by others), it's critical that you keep abreast of what's going on in the field, otherwise you're not doing your job. Listen to podcasts on the way to, from, and while you're at work. Read all the websites you can. And learn the tools.

    This Week in Enterprise Tech: http://twit.tv/show/this-week-... - frequently mentions useful tools and products for testing or securing a business.

    Security Now: http://twit.tv/sn - hosted by one of the best known names in the business, Steve Gibson.

    Internet Storm Center: http://isc.sans.edu/ - Website has all kinds of detailed on latest vulnerabilities and security issues - podcast is also available in daily or monthly form.

    Kali Linux: http://kali.org/ - can be used as a bootable environment or installed on a partition as a portable pen testing "toy."

    Metasploit: http://www.metasploit.com/ - Widely used, frequently updated pen testing kit.

  38. It was known before.. by Anonymous Coward · · Score: 4, Informative · on Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies

    According to this article, Regin has been known for some time.

    Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom's website, didn't say anything about what it discovered because it "didn't want to interfere with NSA/GCHQ operations."

  39. Exploiting bug in Supermicro hardware by Anonymous Coward · · Score: -1 · on Test: Quantum Or Not, Controversial Computer No Faster Than Normal

    At least 32,000 servers broadcast admin passwords in the clear, advisory warns

    Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

    http://arstechnica.com/securit...

    http://blog.cari.net/carisirt-...

    https://isc.sans.edu/diary/New...

  40. LinkSys TheMoon worm? by NuAngel · · Score: 2 · on How the NSA Plans To Infect 'Millions' of Computers With Malware

    Anybody wonder if the plans in these documents (circa 2009?) have maybe adapted and become the recent Linksys worm?

  41. Re:OpenWrt? by Minwee · · Score: 1 · on Routers Pose Biggest Security Threat To Home Networks

    Forgive me if I'm wrong, but wasn't OpenWrt based on this same firmware? Or is this bug with the VxWorks-based firmware that Linksys later switched to?

    OpenWRT is a Linux distribution designed for routers. It often uses kernel modules provided by manufacturers such as Linksys, but is not a clone of the entire system.

    You could also follow the first link in the summary, which describes the bug and has this to say:

    "Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue."

  42. Better summary by Logic+and+Reason · · Score: 1 · on Linksys Routers Exploited By "TheMoon"

    https://isc.sans.edu/diary/Lin...

  43. Don't Encourage Them! by Anonymous Coward · · Score: 0 · on Linksys Routers Exploited By "TheMoon"

    no, it's just the default firmware. "Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue." from the comments on https://isc.sans.edu/forums/di...

    Hee hee, you knew that because you bothered to click on the article. Good!

    You comforted the lazy douchebaggery of another who couldn't be bothered. Bad!

  44. Re:Is dd-wrt affected? by CreamyG31337 · · Score: 4, Informative · on Linksys Routers Exploited By "TheMoon"

    no, it's just the default firmware.
    "Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue."
    from the comments on https://isc.sans.edu/forums/di...

  45. Re:Be different by Anonymous Coward · · Score: 1 · on Ask Slashdot: Do-It-Yourself Security Auditing Tools?

    The bots don't care how popular your site is. All they want an exploitable vulnerability on a host with reasonable bandwidth. You'll be scanned within minutes of going online. And exploited minutes later if you have a common vulnerability.

  46. Re:I saw this coming 5 years ago by Anonymous Coward · · Score: 0 · on 50 Million Potentially Vulnerable To UPnP Flaws

    Let any application open a port to the outside world on your router? Really? and nobody gave a damn about the consequences or even understood its power. Meanwhile I sat back and watched as millions of people enabled it by default on products shipped out worldwide and said nothing because NOBODY CARED they /wanted/ the convenience and turn-key solution that UPnP provided and didn't want to bother learning how to open their own ports manually.

    5 years ago?

    Dude, I remember this from 9 years ago.

    Any technology that purports to make a device accessible to every host on a network - UPnP, Bonjour/Zeroconf, what have you - is bound to have at least one remote exploit. And should be disabled by default.

    On a Windows box, I don't use a software firewall to keep an eye on potential malware, I use it to keep a lid on the software I pay for.

  47. Restricted Boot by definition insecure by Todd+Knarr · · Score: 5, Interesting · on FSF Does Want Secure Boot; They Just Want It Under User Control

    Think about it a moment. The ultimate piece of malware would be one that can make your computer run software of someone else's choice, prevent you from running software other than the malware, and block you from removing the malware from the system or preventing it from running. Every piece of malware out there tries to do this, with varying degrees of success. Look at the malware that tries to disable anti-virus/anti-malware software.

    Now, Restricted Boot would give someone else control over what software could boot on the machine, and prevent you from changing that list of authorized software. You cannot authorize software you want to run to run, nor can you remove authorization from software you do not want to run. You can't influence what runs at boot, you can't alter it's operation. In short, you've bought into every malware author's wet dream: a system where they can do anything they want and the user can't do a thing about it.

    And if you think "Oh, but all the system software would be signed by Microsoft, so how would the malware authors get the keys to authorize their software?", think about this: Microsoft certificates have already been compromised. The bad guys have already gotten access to what they need to sign software with legitimate Microsoft keys. The certificates used by the Flame malware were only some of the most recent. And I'd note this older bulletin describing a situation where Verisign issued legitimate certificates issued to Microsoft to black-hats with no association with Microsoft. The bad guys obtaining the private keys to sign software isn't a theoretical discussion, it's already actually happened.

  48. Re:Using a separate computer just for on-line bank by sneakyimp · · Score: 1 · on How Do YOU Establish a Secure Computing Environment?

    Unless I'm mistaken, the USB stick itself might present an exploit before you've written any data to it. I.E., it is not unheard of for USB memory sticks to arrive from the manufacturer already containing an exploit. There's another post somewhere in this thread about it. I seem to recall this happening frequently. E.g.,: https://isc.sans.edu/diary.html?storyid=4247

  49. Re:Can someone explain by Idaho · · Score: 1 · on Google Security Engineer Issues Sophos Warning

    Heh. I'm sure this recent incident didn't help either.

  50. Re:Hell no ... by Migraineman · · Score: 1 · on "Knitted" Wi-Fi Routers Create Failover Network For First Responders

    Unfortunately, your computer is being bombarded by remote attackers, while the likelihood that your residence is about to "burst into flames" is pretty remote. A couple of years ago, it was estimated that the Time to Survive for an unpatched Windows machine was about four minutes. Yes, four. The specter of network hacking attempts is orders of magnitude larger than you think it is.