Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:Quick, Close the Barn Door!!! on Air Force Blocks NY Times, WaPo, Other Media · · Score: 1

    (By "direct action", I'm leaving a loophole for K-12 public schools to pay a non-government vendor to maintain a block list.)

    Hm.. you could drive a truck through that particular loophole. Government agencies could hire a third party.

    Call the third party up and complain "Wikileaks is not blocked"

    Or write into the contract that anything critical of the gov't or news/other sites leaking classified info need to be blocked. All block actions indirect

  2. Re:Unclassified on Air Force Blocks NY Times, WaPo, Other Media · · Score: 1

    Suppose a copy of Playboy gets classified so it can be taken into a classified area.

    Sounds great... as long as it only applies to that one copy, and not the actual issue.

  3. Re:FEAR on Hidden Backdoor Discovered On HP MSA2000 Arrays · · Score: 1

    Interesting... well... one way to defeat it would be to actually be the guy whose job is to repair it.. :)

    Insider attacks are tough to defend against, assuming compromise of the correct individual

  4. Re:Unclassified on Air Force Blocks NY Times, WaPo, Other Media · · Score: 1

    Information is remains classified until someone with the proper authority de-classifies it. Just because it is released into the wild does not de-classify something. No more than if a thief sells your property to a third party it is no longer your property. You may not have physical possession or control of it, but you certainly would assume you still owned it.

    This yields an interesting idea... what Happens if the DoD decides to classify the US Constitution top secret?

    I suppose then... no members of the military will be allowed to read it; nobody will be allowed to discuss its content in public, for fear of arrest.

    Merely posting an excerpt, such as content of the 1st amendment could lead to a lifetime prison sentence

    Brilliant!

  5. Re:Quick, Close the Barn Door!!! on Air Force Blocks NY Times, WaPo, Other Media · · Score: 1

    There may be good reasons to do this, such as legal reasons. Just because they are public knowledge and everyone in the world has access to them, it doesn't mean all these documents are suddenly unclassified.

    I propose another possibility: leak detection.

    If military people are accessing these leaked documents on the equipment, how are the military supposed to know if a soldier learned about the information by reading the New York times, OR if the soldier read about the information through more direct privileged access?

    If the DoD need to investigate a leak, then it could be helpful to interrogate soldiers, use polygraph techniques, and other tactics.

    Anyone shown to know more about the documents than they are supposed to, could be involved in the leak.

    If the soldiers read documents through the New York times etc etc, it interferes with the ongoing investigation, by tainting the pool.... if soldiers can do that, then people interrogated might show to know about a lot of the documents leaked, and yet have nothing to do with it.

  6. This is like fixing a leaky roof on Air Force Blocks NY Times, WaPo, Other Media · · Score: 1

    By putting a bucket underneath one place where water was seen to have started to trickle

    Ignoring the fact that the floor and walls are already soaked, the room is already flooded, there are 1000 other places in the room where there are holes in the roof, and for now the rain has mostly abated anyways.

  7. Re:FEAR on Hidden Backdoor Discovered On HP MSA2000 Arrays · · Score: 1

    Um.. You mean all they have to do is put on a set of blue coveralls, carry a small tool box with some sticker from one of the Ma Bells or even a printer manufacturer on the side, and claim he is there is complete some order started a month ago and we are all doomed?

    While that trick might work against some server rooms; the ones most likely to have high end gear such as SANs are large enterprises, with their server parked in the major datacenters.

    Without an escort that had their body parts scanned and was added to the "authorized list" well in advance, and the bell tech themselves added 24 hours in advance with full background check, no bell tech or maintenance worker is getting in.

    Keep in mind... banks and other institutions with extremely valuable data can have equipment residing in the same facility as company Xyz with their MSA, and many of the front line security measures are shared by multiple tenants.

    The secretary isn't physically able to open the door with his/her hand scan and PIN number to the FIRST stage security screening area, let alone reach the server room door to "accidentally" let a poser in. Because no one security guard has the power to allow someone in from the outside.

    And of course there are other security measures at major enterprises' datacenters. Probably secret ones.

    If your "maintenance guy in blue" did get through the front gate... security would immediately notice them approaching and not authenticating themself to open the door to the company's cage they were doing maintenance on.

    Hell, it can take the legitimate engineers who were already pre-authorized through biometrics 20 minutes to get through the front door in such facilities.

    I wouldn't be surprised if they add full body scanners like at airports.

  8. FEAR on Hidden Backdoor Discovered On HP MSA2000 Arrays · · Score: 5, Insightful

    If someone disables the building's primary security system, defeats the lock on your front door, breaks in, when nobody's there, figures out where your MSA is, defeats your server room's dedicated primary alarm system, breaks through the steel fire door into your server room, defeating the ANSI GRADE 1 industrial access control locks, figures out the precise cage where your MSA2000 is located, defeats the cage locks, figures out the combination to open your cabinet, and somehow removes the faceplate without triggering the intrusion alarm, or motion detectors, noise sensors, and surveillance cameras attached to the server room's secondary security/environment monitoring system.

    Then yes... there is a small chance someone might be able to insert a serial connector into your MSA to login as this GUI-unavailable backdoor user without the perp getting caught pretty quickly.

    By the way, the 'password security' on many routers can be defeated by sending a BREAK via serial console during reboot, or by pushing a recessed RESET button. Where is the outrage?

  9. Re:Does it have to be a conspiracy? on Comcast Accused of Congestion By Choice · · Score: 2

    What makes Backdoor Santa think this is done to drive service providers to Comcast? Occam's razor has a much simpler explanation: Comcast doesn't want to spend more money upgrading their capacity.

    That makes sense.

    Their users don't necessarily have it that bad anyways. So Comcasts' links are just congested -- that means their users have some packet loss. Unfortunately, those graphs don't show discard rates, so it's not really known from those graphs just how badly things are congested.

    It could be a lot of customer high-speed transfers bursting to use the full link. As the link becomes more congested, transfer conditions will become slightly less conducive, and those "high speed transfers" will back off in transfer rate, as more customers get fair treatment.

    The TCP protocol is designed to deal with it by backing off trasmit speeds. So everyone's download/upload speed drops; your transfers still complete, unless drop rates get too high.

    Most traditional applications deal with it just fine; VoIP and streaming video do not fare so well.

    And protocols with very crappy congestion management, such as BitTorrent, are capable of causing some serious problems in such scenarios, without the ISP taking additional measures.

    However, I don't see there being an issue with Comcast allowing 100% of their links to be utilized when there is demand for it. And there is no immediate requirement to upgrade if any applicable SLAs are being met, and congestion is within reasonable limits based on packet drop rates and latency.

  10. I am sure the EPA will act swiftly on EPA Knowingly Allowed Pesticide That Kills Bees · · Score: 5, Insightful

    These leaks MUST be stopped immediately, and those responsible must go to jail for life, and execution may even be warranted. I am sure the EPA will be acting quickly to ensure those responsible for the leaks are rapidly brought to justice.

    This is a clear and dire threat to national security, and the leakers are traitors; think of what will happen when the Bees find out the nature of the pesticide, and the informants who formulated it!

    This will only serve to cause more incidents of bee attacks against us, costing precious human lives.

    Lives are at stake; and the leakers are enemy combatants performing an act of terrorism

    <sarcasm>

  11. Re:Meanwhile, in Britain on 68% of US Broadband Connections Aren't Broadband · · Score: 1

    More interestingly hardly anyone has1Mbps upstream in the UK. I haven't searched for figures but it would be much smaller than 68%.

    Seems to be a serious deficiency. High upstream throughput is crucial to certain peer to peer applications, especially streaming video, High-Definition Video Conferencing, and Peer to Peer content distribution.

  12. Re:Meanwhile, in Japan on 68% of US Broadband Connections Aren't Broadband · · Score: 1

    Not really. At the time of that definition, most people had Narrowband modems of 14k or 28k. So 256k was considered damn fast. In fact it was twice as fast as the fastest tech available (IDSN) for home users.

    "broad" used like they use it is a relative term, suggestive that "broad" is not "narrow". Relative terms lack staying power -- broad today narrow tomorrow.

    It is unfortunate that we have settled for such relative terms. You'd think by now the industry could have settled on some sort of logarithmic scale to tell users "Grade 3 internet service" meaning it meets some minimal characteristics that people care about. For example... peak downstream of at least 2^3 megabits per second; peak upstream of at least ((1.9)^3)^(1/2) - 1^(1/2) megabits per second, and "burst in available throughput available temporarily or during periods of low congestion" not allowed to count for more than 33% of that.

    And "Grade 4 internet service" would have at least 2^4 megabits per second down, ((1.9)^4)^(1/2) - 1^(1/2) mbps up. "Grade 4+ Internet with 10% downstream boost" would be a lot meaningful than "Broadband internet"

    This is the problem with the term "broadband" in being relative... it's no more specific naming the technology "fast data network connection" (FDNC) - 1990s that would be 64 - 128K full duplex.

    • "fast data internet connection" (FDIC) - 1990s that would be 128K - 256K down 64K or better up
    • "very fast network connection" (VFNC) - 1990s that would be 257K - 512K down 128K+ or better up
    • "super fast home/total internet connection" (SFTIC/SFHIC) - 1990s that would be 1.544mbps down 256K or better up
    • "high throughput internet connection" (HTIC) - 3.08mbps+ down 512K or better up
    • "very high throughput internet connection (VHTIC) - 6.16mbps+ down, 1mbps or better up
    • "super high throughput internet connection" (SHTIC) - 12.32mbps+. 2mbps or better up
    • "extreme throughput internet connection" (XTIC) - 24.32mbps+. 4mbps or better up
    • "very extreme throughput internet connection" (VXTIC) - 44.736mbps+ full duplex
    • "super very extreme throughput internet connection" (SVXTIC) - 149.76mbps+ down, 80mbps or better up
    • "ultra extreme throughput home internet connection" (UXTHIC) - 601.344mbps+ down, 300mbps or better up
    • "ultra wideband home internet connection" (UWHUC) - 1202mbps+ down, 1000mbps or better up
    • "ultra extreme wideband home internet connection" (UXWHUC) - 2400mbps+ down, 2000mbps or better up
    • "super ultra extreme wideband home internet connection (SUXWHUC) - 4800mbps+ down, 4000mbps or better up
    • "ultra super extreme ultra super extreme home internet connection" (USXUEHIC) - 9600mbps+ down, 8000mbps or better up
    • "otherworldly super ultra home internet connection" (OSUHIC) - 19200mbps+ down, 16000mbps or better up
    • "super otherworldly super ultra home internet connection" (SOSUHIC) - 38400mbps+ down, 3200mbps or better up
    • "ultra otherworldly super ultra home internet connection" (UOSUHIC) - 76800mbps+ down, 6400mbps or better up
    • "very ultra otherworldly super ultra home internet connection" (VUOSUHIC) - 150gbps+ down, 12.5gbps or better up
    • "ultra ultra otherworldly super ultra home internet connection" (UUOSUHIC) - 300gbps+ down, 25gbps or better up
    • "very ultra ultra otherworldly super ultra home internet connection" (VUOSUHIC) - 600gbps+ down, 50gbps or better up
    • "extreme ultra ultra otherworldly super ultra home internet connection" (XUOSUHIC) - 1.2tbps+ down, 100gbps or better up
    • "cool home internet connection" (CHIC) - 24tbps+ down, 4tbps or better up
    • "very cool home internet connection" (VCHIC) - 48tbps+ down, 8tbps or better up
    • "super cool home internet connection" (SCHIC) - 960tbps+ down, 160tbps or better up
    • "ultra cool home internet connection" (UCHIC) - 1.920pbps+ down, 320tbps or better up
    • "ultra cool home internet connection"
  13. Re:When the fuck will ad networks learn? on Two Major Ad Networks Found Serving Malware · · Score: 1

    That would break CDNs serving JS for the site owner and cookieless domains used for the same purpose

    As a security admin, I would think of this as an unexpected bonus. I would love to see CDN vhost madness go away, and CDNs go away for serving scripts, images, and especially videos.

    You wouldn't believe how horrible CDNs are for administrators monitoring networks, attempting to identify malware activity, and other shenanigans.

    IP address information would become useful again for tracking malicious websites, abuse, and people visiting inappropriate sites.

    With CDNs you block the IP address of one abusive site, and it turns out to be a CDN serving 500 other sites, 2 of which some of your people need legitimate access to.

  14. Re:Makes the rest of us suffer... on IT Worker's Revenge Lands Her In Jail · · Score: 1

    here is what the PHB said to the regional: "He has NO RIGHT to tell me who I am allowed to speak to! He is blocking my emails from Melissa and refusing to let me have them! He should be fired for insubordination!"

    Sounds like in that story the "regional" is the PHB. I'm not so sure the idiot counts as PHB in that story. A true PHB would have at least the power to discipline and/or fire the sysad on the spot, and would be more skilled at managing people anyways, so it would have happened differently. The fact the guy couldn't/didn't fire the sysad himself suggests he's a mere team leader/coworker, or supervisor, with little/no authority over the sysad, rather than a PHB.

    There's definitely a difference between the boss and such a person.

    But if that PHB had been given "the keys to the kingdom" as it were he would have happily unblocked the virus

    No, probably not... merely having the keys does not confer the abilities required to pilot the aircraft; he would be in for a crash landing, and yes, unfortunately the sysad would suffer too in that case.

    The pseudo-PHB on the other hand would not get that far, he could start the engine, perhaps, login, and then be clueless once presented with a bash prompt, his plane would never get off the ground.

    , brought down the whole damned network, and would HE have been fired? hell no! He would have blamed it on the IT guy for not "having a better security plan" or some shit.

    Realistically, he would've had to have found another person (a different technical person) to give the keys to.

    The person he handed the keys to and ordered him to unblock Melissa, probably would have advised him of the error of his ways, and if they proceeded with the unblocking anyways, particularly if the blocking was properly documented.

    After being advised by two people not to, someone would be taking the blame, but not the sysad who stated his objections, which he fully documented, and alerted corporate security to, but ultimately did was ordered, and documented that fact.

    The paper trail would point so clearly to one person, that I think the pseudo-PHB might actually have a lot of explaining to do to the real boss.

  15. When the fuck will ad networks learn? on Two Major Ad Networks Found Serving Malware · · Score: 2

    ad network should serve the images/text and a link URL, nothing more

    stop letting advertising providers provide custom HTML and remote-load scripts/images into ads

  16. Re:Solution on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    Buildings are a security risk; terrorists can blow them up.

    Same for bridges also.

    Trees, plants, caves, and tunnels are a security risk, terrorists can hide behind or in them.

  17. Re:How could they not progress against a known thr on Has Progress Been Made In Fighting DDoS Attacks? · · Score: 1

    How could they not progress against a known threat

    The threat is not of a static nature. DDoS attack methodology evolves, just like defenses evolve.

    It's kind of like asking "How could the US not have progress against the terrorist threat?". Or "How could one side of a war not have progress against the other side"

    If your opponent evolves faster than you do, then you have the opposite of progress. If they evolve at essentially the same speed as your defenses evolve, then you basically use a lot of energy and develop lots of new defenses, but are essentially standing still.

  18. Re:I got one on Protect Your Pre-1997 IP Address · · Score: 1

    I just checked. My 1994 class C is still allocated to me. I have no idea how to regain control over it though as every single contact detail, except my name, is outdated by 15 years.

    If I were you, i'd start digging through my files for documents... contracts, deeds, utility bills, old ID cards, just about any document that could prove you "used to have" those contact details.

    Then contact ARIN hostmaster and request to update to your contact information or return the IPs. If you will not need the IPs then I strongly suggest you return them. Otherwise a spammer is probably going to eventually find the unannounced block and start announcing it so they can use "your /24" to send spam.

    If you want to use the IPs, then I would strongly suggest applying for the Legacy RSA and get them redeemed.

    What ARIN chooses to do with the registration if the IP space appears abandoned or no legacy RSA is signed is ultimately going to be up to the community.

    It will probably not be revoked, but there might ultimately be a reduction in "service" such as rDNS. Since the legacy swamp is well known for being targets of spammers and other unsavory people hijacking IP space, either by simply announcing space that isn't theirs, or pretending to be the bonafide registrant.

    In the end i'm sure it will partly depend on who doesn't bother to bring their space's contact info and agreements up to modern RIR standards. If major organizations such as universities had refused to sign the LRSA, then turning off RDNS or revoking probably would have not gone far... if the organizations are large enough, internet community members could stop listening to IANA/ARIN, and start their own "wild west" IP registries, bypassing ARIN for routing RDNS and registry decisions, a worst case scenario

    But the large address space holders had probably been mostly willing, from what I heard.

    If the only people who don't opt to sign the legacy RSA were a couple hundred of /24 holders; my suggestion will probably be "Give them 6 months to apply for, justify the need for, and pay the fee for the /24 they are using, otherwise, revoke it."

  19. Re:"You won't be detecting that"?! on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    We are told that there's no point in racial profiling because "they'll start recruiting Swedish blondes. Or they'll get plastic surgery and look like Swedish blondes.

    I suppose this explains why they force Pilots to go through patdowns/full-body scanners / metal detectors as well.

    Who knows... the terrorist org might recruit one of the pilots; or get one of their people hired by an airline as a pilot. Practically limitless resources, right?

    Oh wait....

  20. Re:Solution on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    People themselves aren't transparent. They'll swallow their weapon.

    Much greater risk to the person; certain death if it blows up in them... hard to brandish to make demands with. I don't doubt that there might be someone willing to do it, but I doubt any terrorist is so convinced of its success to try that.

    I don't think terrorists are as interested in blowing up planes as you suggest. Traditionally what planes got were hijackers, who want to pull out a hidden weapon and start making demands.

    After 2001, the modus operandi for dealing with hijackers changed FROM "work to comply with their demands so nobody gets hurt, and arrest if an opportunity presents itself" TO "stop hijackers at all costs."

    If airplane crews properly implement, and cockpit doors are always kept sealed for the duration of flight, the risk of a hijacker getting to the controls of a plane dropped to practically zero.

    That leaves just a very very tiny portion of prospective bad guys who simply want to blow up the plane, not to get hostages / ransom.

    In other words... crashing aircraft into big buildings really isn't an option anymore, the potential reward for terrorists went down to a small fraction.

    They are probably likely to pick lower-risk targets on the ground, through other means besides commandeering commercial airliners.

  21. Re:"You won't be detecting that"?! on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    We are told that there's no point in racial profiling because "they'll start recruiting Swedish blondes. Or they'll get plastic surgery and look like Swedish blondes. They've got the money, they've got the resources".

    Because there's a reasonably similar amount of Swedish blondes available for possible recruitment?

    Sorry... less than 100% effective does not mean "no point to it".

    But profiling based on race alone would be a bit limited anyways; an appropriate level of profiling would be; standing in the community, awards, past criminal record(s), credit score, bank accounts, property owned, employment/occupation/position/job, age, country of origin, apparel, reason for travel, travel companions, marital status, location of home, how long lived there, income, clubs/organizations/church memberships, family, whether round-trip or multiple tickets or purchased (expected duration of trip/vacation), final destination

    And there are even more factors that could be considered, which private companies (information brokers) already have access to, such as what books or other items you bought last week. For example... did you, a neighbor, relative, or friend known to authorities, buy any raw chemicals, electronics components, or make any large cash withdrawls or other large unexplained transactions?

  22. Re:The next generation... on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    Thing is, we don't even really need "a better way of detecting terrorists". The incidence of terrorism against airlines is practically a rounding error

    The incidence of world war is practically a rounding error too. And yet major countries maintain large standing armies for protection and deterrant, and have emergency procedures to deal with war situations and recruit more soldiers rapidly if necessary. Why do you think that might be?

  23. Re:The next generation... on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    public reacts the first time someone gets a radiation burn from a broken or misconfigured machine.

    When they cry out in pain, TSA agents will come arrest them, and explain to the public present that the person was obviously carrying explosives that burned them when scanned

  24. Re:Better technology on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    This obviously means that we are going to need better technology. We'll need technology that will be able to give us a full color representation of your completely nude body, but only if you're a hot chick.

    "Attention passengers, please form 3 lines.

    All hot chicks, please line up to your far left, at ramp #1 to scanner, for full color internet/youtube-connected body scanner followed by enhanced patdown.

    All normal chicks, please line up at ramp #2 for enhanced pat down and quick scan

    All men, please line up at ramp #3, for metal detector.

  25. Re:Solution on Backscatter X-Ray Machines Easily Fooled · · Score: 1

    (Programmers writing the AIs are also a security risk. You know what? Scrap those planes, they're not carrying anything anyway.)

    Streets are a security risk; terrorists can use them to transport explosives and other harmful material to their target