Slashdot Mirror


User: DarkOx

DarkOx's activity in the archive.

Stories
0
Comments
6,020
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,020

  1. Re:DIAF on The U.N.'s Push for Power Over the Internet · · Score: -1, Troll

    Screw the UN and anyone involved with it. Its just another corrupt organization. America would be better off if we ended our participation.

  2. Re:No way to enforce it? on The U.N.'s Push for Power Over the Internet · · Score: 2

    I think we should remind the UN that its our Internet, we designed the infrastructure and WE not THEY will control it. If they have a problem with it they can build their own Internet and disconnect it from ours.

    Their choices are be shut of US commerce or deal with us managing the Internet as we see fit. There is NO reason to negotiate here, we hold all the cards. Hopefully someone form our Government will have the courage to say "STFU".

  3. Re:Good luck with that. on Hacked Companies Fight Back With Controversial Steps · · Score: 1

    I can see both sides of this one. I think at some point you SHOULD have the right to take matters into your own hands.

    If its a more traditional attack and you are seeing a pattern of what appears to be breakin attempt obviously you should drop all traffic from that network and contact the authorities. End. What if its DOS though?

    I would say you should contact the administrator of whatever domain the attack appears to becoming form. Which is an excellent reason why proxy and anonymous registrations should be barred. If its just a SYN flood its probably spoofed but anything else means either they are behind it or one of their systems has been owned and they NEED to fix it.

    If they won't help you, I'd move on to their ISP who can see the traffic and verify what's happening, they should cut them off until they fix it.

    If the ISP won't help you I'd move on to law enforcement. If they still won't help you, having documents all this, I think its fair game for you to do your own take down. Hospital or not.

  4. Re:Stop playing the troll's game !! on Hacked Companies Fight Back With Controversial Steps · · Score: 3, Informative

    Lets call it MyCleanPc not mcpc, which is really close to the trade name MCPc; MCPc is a legitimate reseller and professional services organization. I am former employee of MCPc and I can tell you when I worked there they always treated me well, and did right by their customers too.

    Please don't conflate their name MyCleanPc which seems to have a somewhat dubious reputation and is a different company.

  5. Re:Problems? Really? on Torvalds Slams NVIDIA's Linux Support · · Score: 1

    Linus wants to have his cake and eat it too. If he really was worried about this issue the "right thing to do" would have been to work toward migrating the kernel to GPL3.

  6. Re:Controll of egress on Ask Slashdot: What's Your Take On HTTPS Snooping? · · Score: 1

    doesn't seem to be noticeable amounts of information leakage.

    So they don't know and they don't have the tools to know. I can tell you the organization I work for treats people pretty well. I have never seen internal people deliberately trying to leak data etc. What we do see because like you for various reasons lots of people are local Admins etc, is boot net traffic and back doors.

    Breaking into SSL and SSH let us stop that stuff from working. I can also assure you lots of the stuff gets there thru spear phishing! We do face advanced persistent threats. We have about 15% share of the market we are in globally. We have competitors large and small all over the world who love some insight into our operations.

    I don't just mean the trade secrets either. You can only do so much with them without making it painfully clear you were some way involved industrial espionage. I am talking about stuff like, who our suppliers are, what do they charge us, what kind of margin do we make, and similar soft information. It would difficult to quantify the harm of other companies getting that data; impossible to prove, and hard to spot. It certainly would not be to our advantage though. My guess would be your organization is bleeding data from ever seem.

    Here is a fun experiment for you. Download all the documentation on your public website; white papers, product sheets, service manuals, SEC filings, anything. Get some software to scrape the meta data from those documents. There are lots of free tools. I bet you get a nice list of names of internal people. Now sit back and imagine you are nefarious person with access to re-mailer or obfuscated telephone source.

  7. Re:Perspectives on Ask Slashdot: What's Your Take On HTTPS Snooping? · · Score: 2

    Not sure how you are doing but we do the SSL negation with the remote peer first than use the information from their certificate to generate and sign a CSR on the fly from our CA. No need for wild cards.

  8. Re:Perspectives on Ask Slashdot: What's Your Take On HTTPS Snooping? · · Score: 2

    We decrypt SSH as well. Our equipment will actually go up to several tunnels deep. Yes you do get hostkey warnings.

  9. Controll of egress on Ask Slashdot: What's Your Take On HTTPS Snooping? · · Score: 3, Informative

    You can't be secure unless you control your egress. If you just let https streams go anywhere with no visibility into their content you might as well just set the firewall to allow all out bound connections. If there is ANY concern about information as an asset, you must intercept and decrypt https.

    Your company more than likely has a policy that any use of their equipment is supposed to be for job related purposes, I don't think regular employees should have any expectation you are not watching everything they do on the PC provided by the company.

    Usually the certificates are pushed through group policy, anyone else who shows up with their own device or other companies property will get a certificate warning, if they look at the certificate its going to show it was signed by your company. They can make an informed decision about what they want to do knowing they are being watched. So I don't see a problem there.

    One thing that gets over looked with SSL intercept is YOU become responsible for the forward authentication and encryption between your proxy since the client now has no opportunity to verify the certificate itself. So you HAD BETTER BE DOING revocation checks and making sure the proxy has a sane list of trusted roots, and serve clients some kinda error page if you can't trust the certificate.

    Don't quit you job. Deal with the fact that with all the spy ware and things like flame going on this is what business must do to protect themselves. Do you banking/medical correspondence/etc at home.

  10. Ignores who is robbing the bank on Bank Robbing a Terrible Business, Statistically · · Score: 1

    The trouble is many criminals are criminals because they haven't got the good upstairs to support more gainful employment. Has anyone done a study to determine how the intelligence of those convicted of bank robbery and related crimes compares with society as a whole?

    My guess they are below average. So its no surprise they are not terribly successful at it. Its not likely they'd be terribly at anything that requires deep analysis. Its sorta like how robbers always love guns that use clips. If you going rob a bank for heaven's sake load up your belt with revolvers. You don't want be leaving cartridges behind everywhere.

  11. Re:Erm... on Aussie Online Retailer Impose IE7 Tax · · Score: 2

    From a security and performance stand point, IE is probably in the vanguard where the core browser is concerned. This is especially true on 64-bit platforms where you have ASLR and DEP; in that environment even if some does get out of the sandbox by some method its unlikely to get them anywhere. There is some weakness in Microsoft's ASLR implementation, in that the "low part" of the pointers remain predictable.

    IE does not have addons you mention. The lack of ability to modify IE without binary extensions is a drawback. Not having grease-monkey equivalent is keeping off IE on my Windows box.

  12. Here is a fact on Pro-ACTA Site Says 'Get the Facts' · · Score: 1

    If legislation and treaties have to be negotiated and drafted in secret, and then an attempt is made to quickly rush it to passage before anyone can really inspect it and debate it, it is inherently undemocratic. Its wrong for democracies to enact laws in such fashion, it is corruption of the political system and a violation of social contract.

    Based on this any legislation pushed in such a fashion should be opposed, always, even if you happen to support the idea behind it. Its the wrong way to do things. The harm to our societies freedom always out weighed by any potential good such legislation might do. Therefore the ATCA supporters are automatically in the wrong no matter what the other facts happen to be.

    ATCA should be rejected, without further discussion. They should start over in the day light with new legislation, where they are open about its content and their reasons for wanting it. The "Get the Facts" website should be online before the legislation is finalized not after.

  13. Re:Too complex on HSA Foundation Formed By AMD, ARM, Ti, Imagination, and MediaTek · · Score: 1

    Umm see the Nintendo Wii, its ARM and PPC, no x86 in there, but it is two disparit architectures strapped to the same bus.

  14. Re:1984 on Gamer Keeps Civilization II Game Going for 10 Years · · Score: 1

    Citizen we have always been at war with Eurasia. Now stop spreading nonsense and get to your junior anti sex meeting.

  15. So what? on Search Tracking Purports To Show Effect of Racism On '08 Election · · Score: 1

    No where is it written what criteria voters are supposed to evaluate their choice for President based on.

    If a votes want to make their selection based on race, who are the rest of us judge them for it. You an I might agree its a terrible criteria to use but that does not make the votes of those who don't think that any less valid.

  16. Re:Can you be bothered? on ICANN Draws Ire Over Batching For Dot.word Domains · · Score: 2

    My point: sometimes the only fair allocation/prioritization algorithm is to let the chance decide - if it's good for (sport) championships, why wouldn't it be good for deciding what processing batch the TDL will be included?

    Nothing wrong with that, and frankly nothing wrong with what ICANN is doing with regard to the batching. Sometime there are necessary reasons behind a policy technical or otherwise that some people won't like. When it comes to name registrations people signing up for names tend to want it yesterday, if you can't process requests instantly there will be some frustration.

    People will accept that to a degree, as "well that is just how it works" provided it seems for a lack of a better word professional. If ICANN had simply used a random number generator on the back end to assign requests to a batch, I bet there would have been little fuss.

    Putting this "game" on the website on the other hand makes people feel like the delay's are stupid and arbitrary.

  17. They want you to think tor has thwarted them on FBI Hunt For Child Porn Thwarted By Tor · · Score: 1

    My guess is its not Tor that is preventing them from finding the distributors and downloaders of CP. I would hazard its other priorities. There are well know vulnerabilities in Tor's secrecy all you need to do is run enough exit nodes.

    Tor does two things with regard to finding pedophiles.
    1. It makes it a little more complex than just setting up a honey pot collecting IP address and then phoning up the ISP. So not just any agent can do it, it has to be folks with real technical skills, and supply is no doubt limited.

    2. It creates a little chilling effect on actions against perps. If they can't make it look more likely they were discovered through other means, it exposes to what degree the three letter agencies actually monitor and have compromised Tor. That might lead to a loss of intelligence access about higher priority targets. Frankly if I were running a terror network or large organized crime ring I'd be very tempted to have some low level (expendable) gang members send each other CP. Knowing just obsessed our government is with finding anyone who has gone anywhere near it. Seeing if the expendables get picked up our not would be a good way to know if the, secrecy and to a lesser extent the integrity of my communications channel was solid.

  18. Re:Cant be done "right". on The Billions In Mobile Ad Money Nobody Can Grab · · Score: 4, Insightful

    What you don't understand is they want the ad to stick in your mind. Granted if you are so aggravated that you might select a competitors product out of spite that is a problem; but for the most you answering that question, even in the negative means the ad worked!

    They just got you to think consciously about the content of their ad enough for you to directly act on it. Most ads are more or less ignored. Before sn ad can accomplish anything else its got to get your attention. You answering the "was this relevant" question at all proves they did that much. The nature of the question requiring to think about what you just watched increases the likelihood you will remember it later as well, another win.

  19. Its not all about Don Drapper on The Billions In Mobile Ad Money Nobody Can Grab · · Score: 2, Informative

    which in many ways still resembles the Mad Men-era old boy's network, simply may not be equipped to cope."

    Citation please. Everyone I know working in advertising or even anywhere near it is obsessed with quantifying, measuring, targeting, and tailoring. Most of that is at least as high tech as developing any other kind of web application. I think they are "up to the challenge," and trust me I really wish they weren't.

    There are probably a good number of Don Drapper like dinosaurs still roaming the halls of ad agencies; possibly especially in "creative" but most of the industry is pretty scientific now and has been for quite some time.

  20. Re:Medical on Ask Slashdot: Ambitious Yet Ethical Software Jobs? · · Score: 1

    Well some testing to protect people is probably justifiable. I actually sorta get with PETA on this one thought because I see the source. They literally put hundreds of time the amount of shampoo and cosmetics into these poor critters eyes than its remotely conceivable that a human could even do by accident. This is abusive and wasteful!

    The cause is naturally our litigious society where nobody is responsible for anything that happens to them. Someone develops and eye issue and unless Shampoo Co can show that you can go swimming in a pool of their stuff eyes wide open when submerged for hours somehow a judge or jury is going to award they plaintiff a few 100K in damages.

    Animal Testing should be limited to direct analogs of "used as directed" IMHO

  21. Re:YAY the cracked the passwords on Lessons Learned From Cracking 2M LinkedIn Passwords · · Score: 1

    Somewhere a relation of password hashes to user names must be stored so that the system can check passwords; so the information exists. I think we have to assume who ever it was who crack the site in the first place has that information. They simply opted not to make it public for any number of reasons (few good for anyone with an account).

    So its more like they have 2M keys, to specific houses and are jingling them in front of you just to prove it.

  22. Re:Asymmetric warfare is a bad idea on Drones, Computer Viruses and Blowback · · Score: 1

    You might want to look at Syria. Unless and until somebody with more tanks and machine guns kicks eight shades of shite out of Asshat and his goons he totally will "sent[sic] tanks and machine guns", and it will work.

    Depends on your definition of *work*. I have little doubt he can keep sending tanks, guns, and goons until he has simply killed everyone in the opposition. Its also clear at this point the opposition is going to keep the fight going til they are dead, which is pretty much what the grandparent post describes. He also seems willing to do that. In the mean time he is destroying his own nation and the source of his personal wealth, to keep power. He will probably prevail, but Syria and his regime will be weaker. There are probably more optimal solution he could use to keep power at lower cost.

  23. Re:Asymmetric warfare is a bad idea on Drones, Computer Viruses and Blowback · · Score: 1

    Just make them responsible for the full damage caused if they miss their target.

    and how will you do that exactly unless you have force? This is why the government should NOT have a monopoly on force. Government and its agents should be kept in a perpetual state of fear that someone might *make* them responsible for their actions. I am starting to think Afghanistan may be more democratic than the USA.

  24. Re:or you could just... on The Next Arms Race: Cyberweapons · · Score: 1

    The entire computer 'security' industry that has sprouted up over night is headed by people who couldn't make it as network admins, but want the same rights and privileges. Whole corporations following the advice that is found on page 209 in most 'Welcome to {insert name} Operating Systems: An Administration Guide'

    Right the IT Sec community would do better to hold a few less 'Cons' and a few more Conventions; perhaps put on shirt with buttons in traditional locations. It really is time to grow up. Its one of the reasons the C[EIT]O is not taking you seriously. Trouble is the 'network admins' are not doing much better most places. Until someone does convince the C[EIT]O the sky is falling those guys don't generally have the political muscle to do it right.

    Users don't want to wait for the systems to be patched. Process engineers worry their applications may break. Middle management in other departments does not see the value in shutting down operations so that IT can implement the advice on page 209 which if followed would actually radically improve their security posture.

  25. Re:Interesting on Flame Malware Authors Hit Self-Destruct · · Score: 1

    It has been stated by antivirus folks that its large size and structure actually helped it hide for longer.

    I am aware of that. I still don't see a larger foot print as helping this thing to remain stealthy. I see that as more a failure of the AV vendors and the IT Sec Community (myself included there) to imagine this type of threat.

    Scanners need to get better at analyzing things beyond just matching signatures