I don't know of any company who's set up to allow random non-customers to call in and request that their credit card be placed on a do-not-accept list - or indeed any commercial software set up to accept those kind of restrictions.
Blizzard (now activision) will do exactly that. I know of someone who had their card compromised and whoever got the info used it to buy crap through World of Warcraft. They called Blizzard to say it wasn't them and Blizzard happily blacklisted the card number, permanently. It was a pretty simple act of showing that the person whose name was on the card was not the same as the person whose name was on the WoW account. There were other things their card was used for in the same round of fraud and many other vendors did the same.
Edward Snowden's disseminating of the information he took from the NSA is valuable information everyone needs to know about how our government spies on its own citizens. His running from the law has nothing whatsoever to do with that; that information is valuable to all Americans whether or not he broke the law, so why do we care if he "faces the music"?
I'm not sure why you brought up Snowden, he was not part of this discussion up to this point. We were talking about Swartz, who in now way was exposing any kind of government spying or great injustice.
I am well aware of who he was. He was someone who was more interested in making a name for himself than actually furthering the cause. Comparing him to scientists who dedicate their lives to doing actual work is like comparing the Underwear Bomber to Mother Theresa.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive.
So did the North American Colonies and their Continental Army.
Your comment should have been moderated (+1, funny) rather than the (+1, insightful) that it was given. Frankly I'm not sure if you could come up with a more absurdly disconnected example to compare him to than the continental army, unless you want to go full Auschwitz and claim he was in line for the gas chamber before he entered the library wiring closet.
I support the notion that the information should be free. However his methods were idiotic. He could have accomplished the same in only marginally more time from his own desk, rather than entering a wiring closet, disrupting the work of all the people in the library, and creating a physical safety hazard.
Furthermore your continental army comparison doesn't hold water as the members of the army were willing to stand trial for their efforts. Swartz was not, he took the coward's way out in his quest for martyrdom.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive.
Destructive? Not a single bit.
He entered a wiring closet in the library. In so doing he destroyed the access of other patrons to resources and created a physical safety hazard as well. He was destructive by choice.
So you just came here to troll me then, gotcha. Move along, have a nice day. You were very marginally successful in wasting my time but there are certainly less hackish ways to pull off that feat.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive. If he couldn't stand to represent himself in a court of law then he should have considered other ways to get his message out.
I've worked at several research universities over the years. The "official" way to get articles for journals you don't subscribe to is usually to make an interlibrary loan (ILL) request. In theory it works similarly to what was just described, in that the request is out to a large pool of libraries and then one will (usually) reply fairly quickly with the article.
The problem though is the inconsistent quality. The optimal method is for the library to download the article themselves and then send along the PDF unaltered; some do this. Others see this as a violation of the subscription terms and will only respond by scanning a print journal if they have it, and sending the scan, this is slightly worse. Even worse yet I have had some where the library "loaning" the article will download it, print it, then scan it in grey scale on some awful scanner from the 80s, add their cover page, then send that as a PDF. (Note that the libraries never need the article to come back from "loan" as it is all digital.) This process usually takes 1-3 working days depending on availability, motivation, trade winds, phases of the moon, etc.
If this system worked better there would be less need for researchers to directly circumvent the system through twitter. Even better of course would be if fewer journals were paywalled at all.
After anger comes laughter? Well, there are healthier ways to deal with the former than directing it randomly at people on slashdot, but there are worse options as well.
Really? You expect me to believe that your not angry when you come in lobbing insults and profanity? You haven't said a single word in this thread about the topic itself, instead you've been attacking me. If you are trying to act like a sane and non-angry person you are failing quite badly.
Again, I don't know what I did to you to warrant such anger from you. If you'd like to discuss the topic, feel free.
You bring a lot of bias in to this, but based on what? I seem to have angered you at some time but I don't recall a past interaction with you. You've made it clear that you don't like me but you have not done anything to explain why.
When I call a merchant directly and tell them my card has been used fraudulently they should be willing to take my information and - at the very least - blacklist my card number upon my request so that it is never used again.
Even though you're not their customer? Yeah, there's no way that that could ever be abused.
I have the card. It is in MY name. They took it and accepted it from someone else who is not me, and does not live at my address or have my phone number. I should be able to say "this is my card, do not ever accept it". Other vendors are more than happy to oblige to that request.
It's not like it would be useful for someone to call and start guessing card numbers randomly for such a request, and they would have almost no chance of matching card numbers to names if they did.
There are well-established procedures for handling these kind of situations, if you follow them then most everything "just works".
There are also well-established procedures for how vendors are supposed to accept credit cards for transactions, which this cell phone carrier did not follow. This left me on the hook for over $200 worth of transactions that were not mine while they put their heads in the sand.
I presume the answer to this is no, but I don't see an answer in the power shell blog post that this linked to. I expect I'm not the only admin who occasionally uses x-forwarding in ssh to tunnel applications from my work box to my home box, this could be useful for windows admin stuff as well (though certainly not a trivial matter).
You are so kind with your grammatical incoherence. May you have a great day, sir. Should you ever care to come back to actually discuss the topic, feel free to grace us again with your presence at that time.
What does the cell phone company have to do with it?
When I call a merchant directly and tell them my card has been used fraudulently they should be willing to take my information and - at the very least - blacklist my card number upon my request so that it is never used again. They offered to do exactly nothing for me as I did not know the phone number that was used for the transaction.
I've known other vendors - Blizzard comes to mind - who would go much further and reverse the charges over the phone.
Your dispute is with the bank that issued your credit card.
No, the dispute is with the merchant who was willing to accept stolen card data and couldn't be bothered to check the data against the thief using it.
If your bank is charging you to dispute a fraudulent credit card charge, you need to find a different bank.
The bank isn't charging me directly - as in with a fee - but they aren't doing it for free, either. No bank would do this for free, they have to be able to pay the employees whose job it is to deal with this.
I'm not the least bit sold on the security of these new cards. I had one issued to me by my bank a couple months ago, and the card was nonetheless compromised within a month. I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card.
Rather unsurprisingly said cell phone company didn't give a flying fuck about the fraud and refused to be the least bit helpful. Now I have to pay my bank to go after it.
If you have a remote IP address all that you can really say is that packets were routed to you with that as the identified source (in some attacks they don't even have to come from that IP address at all). Who was at the computer? Who was responsible for the packets? That takes a lot more than an IP address to determine.
As indeed the IP address that the attack is coming from could be in any of a variety of different states of use or misuse.
I will say though that much of the rest of what you said is assuming a certain degree of competence. I will argue that the behaviors I am seeing in my logs - thousands of failed ssh attempts as root in a 24 hour period from one address - negate any claims of competence. One would expect that "government" hackers would be more competent, but then again they have to learn somewhere, right?
I don't believe my system to be valuable. I wholeheartedly agree that my system is being attacked just because some script kiddie is pointing his script at a large range of IP addresses, and mine happens to be in there.
FWIW, just this morning I was attacked by address 117.27.152.55 which belongs to the ISP "Chinanet" (according to WHOIS). According to wikipedia, Chinanet is state-owned, so if we were to get conspiracy-ish I could postulate that this could be government-connected and not just some random customer.
I suspect they don't know or care the function of your machine. It's just a blanket "attack everything and see what happens".
I whole-heartedly agree - and apparently did not express that adequately. I don't expect that they give a shit what my server is doing, they just know that ssh is open so they try to get in. Frankly I think of the hackers as being like The Joker's line from The Dark Knight:
if they caught a car, they wouldn't know what to do with it!
So really what I'm wondering is, given a list of X different Chinese IP addresses that tried (and failed) to get in to my web server, can I tell if any of them are from the Chinese government? Obviously a WHOIS will give me some information, but these American firms seem to be reasonably confident which IPs from China are affiliated with these government-linked hacking groups even when the addresses themselves are not registered to the government.
While I don't view my personal website as being valuable to anyone, my server does get hit by a lot of script kiddie type attacks that are coming from Chinese IP addresses. It seems that these "hackers" (who always fail as the overwhelming majority of them do tens of thousands of attempts to ssh in as root) are just hitting my server by IP address without concern for its function (beyond running ssh [yeah, I know there are things I can do to prevent or slow down their attempts but I don't want to]). It would be interesting to know if maybe they're just honing their techniques by trying systems in my IP address range.
Slashdot Mirror
Not long a pizza chain local to the Minneapolis area raised their starting wage to $11/hour and they've seen tangible rewards from doing this.
Probably looked like some broken dune buggy project to them.
I would think even in Alabama an all-electric dune buggy with 5-foot wheels would stand out a bit.
I don't know of any company who's set up to allow random non-customers to call in and request that their credit card be placed on a do-not-accept list - or indeed any commercial software set up to accept those kind of restrictions.
Blizzard (now activision) will do exactly that. I know of someone who had their card compromised and whoever got the info used it to buy crap through World of Warcraft. They called Blizzard to say it wasn't them and Blizzard happily blacklisted the card number, permanently. It was a pretty simple act of showing that the person whose name was on the card was not the same as the person whose name was on the WoW account. There were other things their card was used for in the same round of fraud and many other vendors did the same.
Edward Snowden's disseminating of the information he took from the NSA is valuable information everyone needs to know about how our government spies on its own citizens. His running from the law has nothing whatsoever to do with that; that information is valuable to all Americans whether or not he broke the law, so why do we care if he "faces the music"?
I'm not sure why you brought up Snowden, he was not part of this discussion up to this point. We were talking about Swartz, who in now way was exposing any kind of government spying or great injustice.
Is there truly no limit to the depth of knowledge you share with slashdot? We are so greatly indebted to your awesomeness.
We already concluded that act doesn't work for you. It might be time for you to find a new hobby, or maybe study for your midterms.
Sorry kid, but I don't feel anywhere near bad enough for you to help you be a better troll.
I am well aware of who he was. He was someone who was more interested in making a name for himself than actually furthering the cause. Comparing him to scientists who dedicate their lives to doing actual work is like comparing the Underwear Bomber to Mother Theresa.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive.
So did the North American Colonies and their Continental Army.
Your comment should have been moderated (+1, funny) rather than the (+1, insightful) that it was given. Frankly I'm not sure if you could come up with a more absurdly disconnected example to compare him to than the continental army, unless you want to go full Auschwitz and claim he was in line for the gas chamber before he entered the library wiring closet.
I support the notion that the information should be free. However his methods were idiotic. He could have accomplished the same in only marginally more time from his own desk, rather than entering a wiring closet, disrupting the work of all the people in the library, and creating a physical safety hazard.
Furthermore your continental army comparison doesn't hold water as the members of the army were willing to stand trial for their efforts. Swartz was not, he took the coward's way out in his quest for martyrdom.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive.
Destructive? Not a single bit.
He entered a wiring closet in the library. In so doing he destroyed the access of other patrons to resources and created a physical safety hazard as well. He was destructive by choice.
So you just came here to troll me then, gotcha. Move along, have a nice day. You were very marginally successful in wasting my time but there are certainly less hackish ways to pull off that feat.
He broke the law very blatantly. He had other tools available to accomplish the same ends but opted for the one that was maximally disruptive and maximally destructive. If he couldn't stand to represent himself in a court of law then he should have considered other ways to get his message out.
I've worked at several research universities over the years. The "official" way to get articles for journals you don't subscribe to is usually to make an interlibrary loan (ILL) request. In theory it works similarly to what was just described, in that the request is out to a large pool of libraries and then one will (usually) reply fairly quickly with the article.
The problem though is the inconsistent quality. The optimal method is for the library to download the article themselves and then send along the PDF unaltered; some do this. Others see this as a violation of the subscription terms and will only respond by scanning a print journal if they have it, and sending the scan, this is slightly worse. Even worse yet I have had some where the library "loaning" the article will download it, print it, then scan it in grey scale on some awful scanner from the 80s, add their cover page, then send that as a PDF. (Note that the libraries never need the article to come back from "loan" as it is all digital.) This process usually takes 1-3 working days depending on availability, motivation, trade winds, phases of the moon, etc.
If this system worked better there would be less need for researchers to directly circumvent the system through twitter. Even better of course would be if fewer journals were paywalled at all.
After anger comes laughter? Well, there are healthier ways to deal with the former than directing it randomly at people on slashdot, but there are worse options as well.
Really? You expect me to believe that your not angry when you come in lobbing insults and profanity? You haven't said a single word in this thread about the topic itself, instead you've been attacking me. If you are trying to act like a sane and non-angry person you are failing quite badly.
Again, I don't know what I did to you to warrant such anger from you. If you'd like to discuss the topic, feel free.
You bring a lot of bias in to this, but based on what? I seem to have angered you at some time but I don't recall a past interaction with you. You've made it clear that you don't like me but you have not done anything to explain why.
When I call a merchant directly and tell them my card has been used fraudulently they should be willing to take my information and - at the very least - blacklist my card number upon my request so that it is never used again.
Even though you're not their customer? Yeah, there's no way that that could ever be abused.
I have the card. It is in MY name. They took it and accepted it from someone else who is not me, and does not live at my address or have my phone number. I should be able to say "this is my card, do not ever accept it". Other vendors are more than happy to oblige to that request.
It's not like it would be useful for someone to call and start guessing card numbers randomly for such a request, and they would have almost no chance of matching card numbers to names if they did.
There are well-established procedures for handling these kind of situations, if you follow them then most everything "just works".
There are also well-established procedures for how vendors are supposed to accept credit cards for transactions, which this cell phone carrier did not follow. This left me on the hook for over $200 worth of transactions that were not mine while they put their heads in the sand.
I presume the answer to this is no, but I don't see an answer in the power shell blog post that this linked to. I expect I'm not the only admin who occasionally uses x-forwarding in ssh to tunnel applications from my work box to my home box, this could be useful for windows admin stuff as well (though certainly not a trivial matter).
You are so kind with your grammatical incoherence. May you have a great day, sir. Should you ever care to come back to actually discuss the topic, feel free to grace us again with your presence at that time.
What does the cell phone company have to do with it?
When I call a merchant directly and tell them my card has been used fraudulently they should be willing to take my information and - at the very least - blacklist my card number upon my request so that it is never used again. They offered to do exactly nothing for me as I did not know the phone number that was used for the transaction.
I've known other vendors - Blizzard comes to mind - who would go much further and reverse the charges over the phone.
Your dispute is with the bank that issued your credit card.
No, the dispute is with the merchant who was willing to accept stolen card data and couldn't be bothered to check the data against the thief using it.
If your bank is charging you to dispute a fraudulent credit card charge, you need to find a different bank.
The bank isn't charging me directly - as in with a fee - but they aren't doing it for free, either. No bank would do this for free, they have to be able to pay the employees whose job it is to deal with this.
I'm not the least bit sold on the security of these new cards. I had one issued to me by my bank a couple months ago, and the card was nonetheless compromised within a month. I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card.
Rather unsurprisingly said cell phone company didn't give a flying fuck about the fraud and refused to be the least bit helpful. Now I have to pay my bank to go after it.
If you have a remote IP address all that you can really say is that packets were routed to you with that as the identified source (in some attacks they don't even have to come from that IP address at all). Who was at the computer? Who was responsible for the packets? That takes a lot more than an IP address to determine.
As indeed the IP address that the attack is coming from could be in any of a variety of different states of use or misuse.
I will say though that much of the rest of what you said is assuming a certain degree of competence. I will argue that the behaviors I am seeing in my logs - thousands of failed ssh attempts as root in a 24 hour period from one address - negate any claims of competence. One would expect that "government" hackers would be more competent, but then again they have to learn somewhere, right?
I don't believe my system to be valuable. I wholeheartedly agree that my system is being attacked just because some script kiddie is pointing his script at a large range of IP addresses, and mine happens to be in there.
FWIW, just this morning I was attacked by address 117.27.152.55 which belongs to the ISP "Chinanet" (according to WHOIS). According to wikipedia, Chinanet is state-owned, so if we were to get conspiracy-ish I could postulate that this could be government-connected and not just some random customer.
I suspect they don't know or care the function of your machine. It's just a blanket "attack everything and see what happens".
I whole-heartedly agree - and apparently did not express that adequately. I don't expect that they give a shit what my server is doing, they just know that ssh is open so they try to get in. Frankly I think of the hackers as being like The Joker's line from The Dark Knight:
if they caught a car, they wouldn't know what to do with it!
So really what I'm wondering is, given a list of X different Chinese IP addresses that tried (and failed) to get in to my web server, can I tell if any of them are from the Chinese government? Obviously a WHOIS will give me some information, but these American firms seem to be reasonably confident which IPs from China are affiliated with these government-linked hacking groups even when the addresses themselves are not registered to the government.
While I don't view my personal website as being valuable to anyone, my server does get hit by a lot of script kiddie type attacks that are coming from Chinese IP addresses. It seems that these "hackers" (who always fail as the overwhelming majority of them do tens of thousands of attempts to ssh in as root) are just hitting my server by IP address without concern for its function (beyond running ssh [yeah, I know there are things I can do to prevent or slow down their attempts but I don't want to]). It would be interesting to know if maybe they're just honing their techniques by trying systems in my IP address range.