Now consider this: China and/or Russia might consider hacking their servers an act of war.
The question can now be rephrased to "Does FBI have the right to declare war on other nations."
Dealing internationally it could be wise to go through official channels that are legal in all involved countries. Failing to do so can have ramifications far beyond your internal politics.
Assuming that other nations won't react to anything your government does to them is naive.
I'm sure they have always considered it an act of war. It's a cyberwar and it's been going on for 30 years.
they can hack me without warrants, can I hack them without warrants?
point being, they're breaking the law in the country where the servers were in... they're going to slip up some day and hack someone that sues them abroad and in usa...
the way usa runs it's justice spying system, it's a wonder any country still hands over any suspects to usa..
How would you sue them if you're breaking the law in the first place?
It's very hard to find affordable routers, with the latest-gen tech (802.11ac, USB 3.0, etc) which support flashing and have decent driver support on Linux or *WRT, though. Many routers have such anemic SoCs that they barely run with the built-in firmware, let alone something custom that isn't hand-optimized for the device.
I'm close to resigning to the fact that every router I have going forward is gonna have to be an Intel NUC. Even a Celery processor is many times faster than those MIPS pieces of crap they ship in most routers that cost under $1000.
The latest Cisco ones work great. Interface is very friendly (mac like) and you can configure everything under the sun. Not to mention it comes built in with a guest wireless network which is firewalled off your primary lan.
NEVER use a router that you haven't loaded third party firmware onto.
Which leads to not buying hardware that won't run OpenWRT.....
Which means, nobody but you controls with the router upgrades its firmware or decides to phone home. ALWAYS be the master of your own network.
That's a GREAT idea. Now please provide a dummy proof guide that will hold the hand of every person in the world at doing this process? You'll also support this yourself for anyone having problems. Oh wait, you don't want to do that?
Keep advice like this to yourself. Router firmware works fine.
It depends on the state. In many states, an employer can fire you for any reason or no reason at all (with exception of legally protected statuses that cannot be used in hiring/firing decisions such as race, age, gender, etc).
If they give a reason for your dismissal then it opens it up for possible legal action. Which is why when a company fires you for something other than a RIF, or downsizing they collect historical data prior to termination. Otherwise you leave yourself wide open for legal action.
the reason windows needs AV protection to run safely is because one account can overwrite critical OS files replacing them with malware infested fake software, and everyone by default starts out with ability to install any program including malware that later will get the special administrator privileges (on a reboot) needed to permanently infect the machine.
heartbleed and shellshock are nasty but a well hardened install will not be a problem, as the users dumb enough to install bad software generally need to ask someone to do that for them. and yes i realize they can run any command and possibly as root with shellshock if your cgi-bin is running things as root. seems to me that with Apache needing to run things as user Apache or httpd it was quite the oversight to let cgi-bin run as root in the first place!
Windows 7 has reduced our helpdesk calls from 15-20 a week to 1-3. Just having UAC enabled goes a long way. This is on roughly 60k people.
I'm very curious. Can't we just delete the file, reboot and be in the clear? The only provided solution is to use DrD' antivirus product. That seems silly.
these are all really great questions and I would like to know the answers. Meanwhile, here's a bit of extra info from TFA: "The reddit.com search returns a web page containing the list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd."
so its clear that the user vtnhiaovyd is a 14yo minecraft fan who probably developed this extensive botnet as a way to farm gold or whatever you do in minecraft.
Windows machines don't count. They're designed to be backdoored. Apple's actually are supposed to be secure.
MacOS is only secure because it's less popular. Notice all these great opensource bugs being found like heartbleed and shellshock. These are in business applications which means it's worse than your home user not doing their windows updates.
The transmission vector has changed in the past. It will change in the future.
Consider...doctors who knew what they were doing, wore protective suits and underwent decontamination procedures regularly still contracted the virus and several have died.
So if you sat next to the guy on the plane, rode in the cab after he did, etc....No Worries! (cough cough...literally)
You mean the male doctor who hugged the victim without protective gear? The female doctor who re-used protective clothing that wasn't properly washed because it's Liberia?
> Didn't John Carmack of ID Software vanished voxel-based engines back in the 1990's as being technically inferior
/sarcasm That is why Mojang was bought for $2.5 billion dollars from Microsoft because it had an inferior voxel engine.:-)
Oh wait. Voxel engines are NOT the problem. It is the world interaction that either breaks or makes the games. Successful games are about FUN first, graphics second, regardless of what sequelitis EA & Ubisoft is trying to shovel this year.
Play control. It's been the defining factor of a good game since the NES days. Without good play control allowing you to interact in a game it will suck. That's why WoW does so well and COD. They are responsive to your actions. The Battlefield games on the other hand and are clunky and slow even if they look realistic.
I've been eating Subway 3 times a week. I started getting 6 inch subs with double meat versus the foot long and I've started losing weight. Bread results in massive weight gain over time. Flatbread is the worse offender of all.
I have lost 75lbs. Part of it was exercise, and the other part is cutting out Diet food from my Diet.
If I want something sweet, I eat something with Real Sugar.
If I want something fattening then I will eat something fattening, like with real butter.
I am not about organic and all natural. But you should focus more on foods that you know of. They will tend to fill you up and stop the craving.
Diet food, doesn't fill you up or solve your craving. So you eat more of it.
Foods with high protein give you the full feeling. That's the biggest key.
If artificial sweeteners are actually giving some people diabetes by disrupting their sugar absorption, then that is indirectly leading to their weight gain through the problems caused by diabetes or at least a diabetes-like state in their blood stream. It doesn't mean that the artificial sweetener itself is directly causing the weight gain.
Disappointed this submission didn't link to the article in New Scientist which does a better job explaining the paper.
There's been multiple studies on the issue and both sides claim there's no harm, there is harm. Many diabetes studies say the diet soda sugar passes right through you.
the deniers are saying "its not happening" when every piece of evidence in the world (literally, the world) says "yes it is".
in scientific debate, there are many places to have disagreement and debate.
but reality itself isnt one of them.
No one denies it's not happening. What's being denied is whether humans are playing a part in it. We actually don't know regardless of how many times you take measurements and record data. We have no idea what the temperature was one thousand or a million years ago. Dinosaurs were thought to have lived in much hotter climate so post ice age (asteroid theory) we could very well be returning to the original climate of our planet.
The only thing we can tell is the earth is slowly warming.
Apple always deny there is a problem, even after they fixed it. They denied the iPhone 4 antenna problems, but offered customers a free rubber bumper anyway. They denied problems with overheating MacBook Pros, but replaced the CPU boards anyway. They denied problems with moisture sensors but added exceptions to their warranty policies anyway. They denied iPod battery problems but reduced the replacement price from $250 to $50 anyway. They denied retina screen problems with their laptops but replaced ghosting ones anyway.
I imagine they will just quietly fix the problem and pretend it never existed. Probably their lawyers telling them to admit nothing, since most of these issues end up as lawsuits.
so only the stupidest dolts continue to 'sync to the cloud.'
And then your phone breaks and you lose all your data.
Because there's no other options than "lose everything" or "put it all on someone else's computer?"
I expect that sort of non-thinking response from the crowd over at Yahoo, but c'mon man - this is/., we expect more thinky from our community.
By storing it digitally there's a chance it be accessed either remotely or by having your property stolen. So the cloud is as good of a solution as any.
What does this have to do with a secure method of log-in? If I make my password "password", then it's my own fault, not the login system's fault. You could say that they could require a strong password, which is great. Require it to be 10 characters, including at least 1 upper-case, 1 lower-case, 1 number, and one symbol. You know what the password will be then?
"P@$$w0rd12"
If you want to do better than that, we need to be using a public key system, and create a secure, reliable, easy method of managing keys. Otherwise, if you're letting people set their own password, they're going to choose bad passwords.
The fact that you can successfully brute force their password system is completely Apple's fault. You should be locked out and be required to reset via email or call Apple after say 5 or more attempts. But this would also require Apple spending more money on tech support for password resets.
Having hundreds of different (auto-generated) passwords means you're screwed if you don't have access to the manager or the database is lost. Backing it up to "the cloud" means you're only a key logger away from being completely compromised. Passwords that stay in your head can't be stolen.
Your auto generated passwords can be victim of a keylogger as it records input as well as keystrokes.
The people that have their servers compromised in this way are amateurs and shouldn't have put their servers on the web, EVER. This is roughly equivalent to fielding IIS from 2001 on windows XP and not keeping your patch set up to date. You are going to be hacked.
Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.
So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.
Neither OS is secure unless it's behind a firewall.
Slashdot Mirror
So what they are saying is that anyone outside the US can freely hack US servers without a warrant too. Surely they don't expect special treatment?
Has not having a warrant ever stopped other countries from hacking the US? No. I don't see how this changes anything.
Now consider this: China and/or Russia might consider hacking their servers an act of war. The question can now be rephrased to "Does FBI have the right to declare war on other nations."
Dealing internationally it could be wise to go through official channels that are legal in all involved countries. Failing to do so can have ramifications far beyond your internal politics. Assuming that other nations won't react to anything your government does to them is naive.
I'm sure they have always considered it an act of war. It's a cyberwar and it's been going on for 30 years.
they can hack me without warrants, can I hack them without warrants?
point being, they're breaking the law in the country where the servers were in... they're going to slip up some day and hack someone that sues them abroad and in usa...
the way usa runs it's justice spying system, it's a wonder any country still hands over any suspects to usa..
How would you sue them if you're breaking the law in the first place?
It's very hard to find affordable routers, with the latest-gen tech (802.11ac, USB 3.0, etc) which support flashing and have decent driver support on Linux or *WRT, though. Many routers have such anemic SoCs that they barely run with the built-in firmware, let alone something custom that isn't hand-optimized for the device.
I'm close to resigning to the fact that every router I have going forward is gonna have to be an Intel NUC. Even a Celery processor is many times faster than those MIPS pieces of crap they ship in most routers that cost under $1000.
The latest Cisco ones work great. Interface is very friendly (mac like) and you can configure everything under the sun. Not to mention it comes built in with a guest wireless network which is firewalled off your primary lan.
NEVER use a router that you haven't loaded third party firmware onto.
Which leads to not buying hardware that won't run OpenWRT.....
Which means, nobody but you controls with the router upgrades its firmware or decides to phone home. ALWAYS be the master of your own network.
That's a GREAT idea. Now please provide a dummy proof guide that will hold the hand of every person in the world at doing this process? You'll also support this yourself for anyone having problems. Oh wait, you don't want to do that? Keep advice like this to yourself. Router firmware works fine.
It depends on the state. In many states, an employer can fire you for any reason or no reason at all (with exception of legally protected statuses that cannot be used in hiring/firing decisions such as race, age, gender, etc).
If they give a reason for your dismissal then it opens it up for possible legal action. Which is why when a company fires you for something other than a RIF, or downsizing they collect historical data prior to termination. Otherwise you leave yourself wide open for legal action.
Macs have never been immune to viruses.
the reason windows needs AV protection to run safely is because one account can overwrite critical OS files replacing them with malware infested fake software, and everyone by default starts out with ability to install any program including malware that later will get the special administrator privileges (on a reboot) needed to permanently infect the machine.
heartbleed and shellshock are nasty but a well hardened install will not be a problem, as the users dumb enough to install bad software generally need to ask someone to do that for them. and yes i realize they can run any command and possibly as root with shellshock if your cgi-bin is running things as root. seems to me that with Apache needing to run things as user Apache or httpd it was quite the oversight to let cgi-bin run as root in the first place!
Windows 7 has reduced our helpdesk calls from 15-20 a week to 1-3. Just having UAC enabled goes a long way. This is on roughly 60k people.
I'm very curious. Can't we just delete the file, reboot and be in the clear? The only provided solution is to use DrD' antivirus product. That seems silly.
these are all really great questions and I would like to know the answers. Meanwhile, here's a bit of extra info from TFA: "The reddit.com search returns a web page containing the list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd." so its clear that the user vtnhiaovyd is a 14yo minecraft fan who probably developed this extensive botnet as a way to farm gold or whatever you do in minecraft.
They could just delete that Reddit post.
Windows machines don't count. They're designed to be backdoored. Apple's actually are supposed to be secure.
MacOS is only secure because it's less popular. Notice all these great opensource bugs being found like heartbleed and shellshock. These are in business applications which means it's worse than your home user not doing their windows updates.
Wait? This is a 2 year old story...
The transmission vector has changed in the past. It will change in the future.
Consider...doctors who knew what they were doing, wore protective suits and underwent decontamination procedures regularly still contracted the virus and several have died.
So if you sat next to the guy on the plane, rode in the cab after he did, etc....No Worries! (cough cough...literally)
You mean the male doctor who hugged the victim without protective gear? The female doctor who re-used protective clothing that wasn't properly washed because it's Liberia?
> Didn't John Carmack of ID Software vanished voxel-based engines back in the 1990's as being technically inferior
Oh wait. Voxel engines are NOT the problem. It is the world interaction that either breaks or makes the games. Successful games are about FUN first, graphics second, regardless of what sequelitis EA & Ubisoft is trying to shovel this year.
Play control. It's been the defining factor of a good game since the NES days. Without good play control allowing you to interact in a game it will suck. That's why WoW does so well and COD. They are responsive to your actions. The Battlefield games on the other hand and are clunky and slow even if they look realistic.
It might reverse the climate change if all of Africa dies.
I've been eating Subway 3 times a week. I started getting 6 inch subs with double meat versus the foot long and I've started losing weight. Bread results in massive weight gain over time. Flatbread is the worse offender of all.
I have lost 75lbs. Part of it was exercise, and the other part is cutting out Diet food from my Diet. If I want something sweet, I eat something with Real Sugar. If I want something fattening then I will eat something fattening, like with real butter.
I am not about organic and all natural. But you should focus more on foods that you know of. They will tend to fill you up and stop the craving. Diet food, doesn't fill you up or solve your craving. So you eat more of it.
Foods with high protein give you the full feeling. That's the biggest key.
If artificial sweeteners are actually giving some people diabetes by disrupting their sugar absorption, then that is indirectly leading to their weight gain through the problems caused by diabetes or at least a diabetes-like state in their blood stream. It doesn't mean that the artificial sweetener itself is directly causing the weight gain.
Disappointed this submission didn't link to the article in New Scientist which does a better job explaining the paper.
There's been multiple studies on the issue and both sides claim there's no harm, there is harm. Many diabetes studies say the diet soda sugar passes right through you.
the deniers are saying "its not happening" when every piece of evidence in the world (literally, the world) says "yes it is".
in scientific debate, there are many places to have disagreement and debate. but reality itself isnt one of them.
No one denies it's not happening. What's being denied is whether humans are playing a part in it. We actually don't know regardless of how many times you take measurements and record data. We have no idea what the temperature was one thousand or a million years ago. Dinosaurs were thought to have lived in much hotter climate so post ice age (asteroid theory) we could very well be returning to the original climate of our planet. The only thing we can tell is the earth is slowly warming.
Who cares about a bunch of rocks being destroyed in the desert anyways?
Apple always deny there is a problem, even after they fixed it. They denied the iPhone 4 antenna problems, but offered customers a free rubber bumper anyway. They denied problems with overheating MacBook Pros, but replaced the CPU boards anyway. They denied problems with moisture sensors but added exceptions to their warranty policies anyway. They denied iPod battery problems but reduced the replacement price from $250 to $50 anyway. They denied retina screen problems with their laptops but replaced ghosting ones anyway.
I imagine they will just quietly fix the problem and pretend it never existed. Probably their lawyers telling them to admit nothing, since most of these issues end up as lawsuits.
You forget Apple maps. :)
And then your phone breaks and you lose all your data.
Because there's no other options than "lose everything" or "put it all on someone else's computer?"
I expect that sort of non-thinking response from the crowd over at Yahoo, but c'mon man - this is /., we expect more thinky from our community.
By storing it digitally there's a chance it be accessed either remotely or by having your property stolen. So the cloud is as good of a solution as any.
You can buy RSA tokens, the same that governments and militaries around the world rely on, for $10 a piece.
With an Apple logo stamped on them they will still be $595 like the above poster said.
What does this have to do with a secure method of log-in? If I make my password "password", then it's my own fault, not the login system's fault. You could say that they could require a strong password, which is great. Require it to be 10 characters, including at least 1 upper-case, 1 lower-case, 1 number, and one symbol. You know what the password will be then?
"P@$$w0rd12"
If you want to do better than that, we need to be using a public key system, and create a secure, reliable, easy method of managing keys. Otherwise, if you're letting people set their own password, they're going to choose bad passwords.
The fact that you can successfully brute force their password system is completely Apple's fault. You should be locked out and be required to reset via email or call Apple after say 5 or more attempts. But this would also require Apple spending more money on tech support for password resets.
Having hundreds of different (auto-generated) passwords means you're screwed if you don't have access to the manager or the database is lost. Backing it up to "the cloud" means you're only a key logger away from being completely compromised. Passwords that stay in your head can't be stolen.
Your auto generated passwords can be victim of a keylogger as it records input as well as keystrokes.
The people that have their servers compromised in this way are amateurs and shouldn't have put their servers on the web, EVER. This is roughly equivalent to fielding IIS from 2001 on windows XP and not keeping your patch set up to date. You are going to be hacked.
Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.
So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.
Neither OS is secure unless it's behind a firewall.