Slashdot Mirror


User: LostCluster

LostCluster's activity in the archive.

Stories
0
Comments
5,986
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,986

  1. Re:Proof that publishing the fix enables crackers? on Microsoft Sits on Security Flaw for Six Months · · Score: 4, Insightful

    Yep. It's clear. If there's no public discussion of a flaw, the likelyhood of an exploit is lower because the would-be hacker has to discover the flaw on their own.

    Some of the worst viruses have come from already-patched flaws that users have just neglected to apply said patch.

  2. Re:MyDoom on Microsoft Sits on Security Flaw for Six Months · · Score: 1

    The dumb-user flaw. All MyDoom does is send an excutable file as an e-mail attachment. Doesn't matter what e-mail client is involved, if the user insists on running the program they're doomed.

  3. Alert the media... on Microsoft Sits on Security Flaw for Six Months · · Score: 5, Informative

    Fox News Channel reported that there was a serious flaw in Windows during their 4pm ET news burst. Mainstream media as usual leaves out tech details on stories like these, but this is just an indication of how serious this flaw is.

  4. Chain of custody on Worried about Digital Evidence Tampering? · · Score: 4, Insightful

    Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.

  5. Re:Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 1

    If you're behind a firewall, you likely have an admin who has cleaned your machine up by now. Its those who haven't been cleaned this late in the game who are the real problems.

  6. MOD PARENT UP! on MyDoom.C Making Its Way Across The Net · · Score: 1

    Netcraft is confirming this virus is having an impact on MS's website. However you feel about the company, that's news.

  7. Re:Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 1

    But you're cleaned up, so you're not one of the 50,000 to 75,000 zombies.

    If you are operating a zombie... what are you doing on /.?

  8. Re:Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 4, Insightful

    Anti-Virus software is great at catching yesterday's big virus... but now with a zombie-net that's so easily compromised, the "next big thing" will be able to go from 0 to 50,000 infected instantly.

    Things are about to get worse before they get better.

  9. Re:Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 2, Insightful

    MyDoom doesn't exploit any security hole beyond users double clicking an executable. There's nothing to patch, and the anti-viruses of the world are already catching MyDoom. The machines still infected at this point aren't going to run a fix... their "admins" don't even have an updated antivirus program there yet....

  10. Re:Hmm... on MyDoom.C Making Its Way Across The Net · · Score: 1

    I don't know if this is a script kiddie. It's somebody who very deeply understands the MyDoom code because they were able to exploit the security hole opened by the original virus.

  11. Re:Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 4, Funny

    contact sysadmins of appropriate networks

    Tech: Hello? Is this the system administrator of the house?
    Dad: Jimmy? It's a call for you.
    Tech: Hello, are you the system administrator of the hose?
    Jimmy: Yes, but my friends in school call me Jimmy.
    Tech: Okay, Jimmy. We've detected that your house has a computer that's infected by a virus.
    Jimmy: Comuputers can catch colds?
    Tech: ...

  12. Re:mydoom source on MyDoom.C Making Its Way Across The Net · · Score: -1, Offtopic

    I can't beleve for a moment now, that it got moded (Score:5, Funny). Someone really needs to get a sense of humor -_-

  13. Any legit use for 3127? on MyDoom.C Making Its Way Across The Net · · Score: 5, Interesting

    Are there any real applications that use port 3127, or can we safely block that port at our firewalls?

  14. Re:MyDoom on MyDoom.C Making Its Way Across The Net · · Score: 4, Interesting

    Virus-writers don't get to name their viruses, the anti-virus companies do that.

  15. Is it just getting started? on MyDoom.C Making Its Way Across The Net · · Score: 5, Insightful

    The original MyDoom proved that no matter how much we warn users not to run surprise executable attachments, they do any way. And also proved how many users aren't running any anti-virus at all.

    Therefore, it's not a far stretch to assume that the 50,000 to 75,000 machines that are still infected by MyDoom.A or MyDoom.B will catch DoomJuice with a 100% infection ratio. Those machines by definition do not have an anti-virus program that's been updated recently enough to capture the original MyDoom virus, so DoomJuice will be able to walk in through the backdoor at port 3127 with nobody gaurding that door.

    The author of MyDoom has basically created a network of zombies that he/she/it has full control of without the knowledge of any of the infected users. And now, this author has demonstrated the ability to send a patch-virus out with new updated instructions.

    Right now, this patch seems to not have much of a payload. But, we don't know if we've seen its full payload yet, and there's certainly the possible of DoomJuice2 coming out with a worse payload.

    To put it lightly... these 50,000 to 75,000 zombies need to be pulled from the Internet stat.

  16. Re:Cover of "Privacy" on Online Search Engines Lift Cover Of Privacy · · Score: 2, Interesting

    What "privacy"? The information is posted on the WORLD WIDE Web... One person's blog topic is another's secret sometimes. There's a big diference to information to give to your family and information you should be leaving within view of Google... but some people don't realize that yet.

  17. Re:Present them with your own contract rider... on Modifying Employment Agreements? · · Score: 1

    That's an interesting point. In order for the employer to take over a pre-existing one-person company, they have to buy it and all debts and problems that might come with it. They usually don't want to accidently own such a thing, and will gladly change their own contract when they realize it's not as one-sided in their favor as they thought.

  18. Re:3 words: HIRE A LAWYER. on Modifying Employment Agreements? · · Score: 2, Insightful

    Eh, that guy was stupid.

    The way I left the company was by e-mail the tech support address and flood the tech support voice mail with a ton of outside-my-area complaints about things that didn't work and impacted my workflow system. My boss couldn't stand that I had did that, and wanted to fire me... calling me late at night in rage just to upset me.

    However, it all boomeranged back at him, because documenting system failures to the accounts marked for system failure reports is in no way of a violation of company policy, it's exactly what policy says to do. There was no legit reason to fire me, just the standard excuse of letting go an at-will employee for no reason at all. However, that entitled me to full severance, a cash-out of the comp days I was awarded for being forced to work weekends and overnights, and full unemployment. A golden parachute worth at total of $10,000 that I wouldn't have gotten if I simply said "I quit." It pays to know the rules and play by them...

  19. Re:Kinda OT: Unemployment Benefits on Modifying Employment Agreements? · · Score: 1

    The reason why is because he got money for that family car, and under the law he was still a car dealer for having sold too many cars in too short of a time. Therefore, it was still a car sale buy his... another reason to incorperate your business as soon as it starts making a profit.

  20. Re:Never ever on Modifying Employment Agreements? · · Score: 1

    What is really needed is an contract that says that 1. The company knows that X already exists even though you haven't started and 2. The company knows that it doesn't own X, and won't own any improvements to it. That clears up any questions over who owns X.

  21. Re:I admire your sense of morality... on Modifying Employment Agreements? · · Score: 3, Insightful

    Any time there's an unspoken agreement, it's best to get it moved to paper. If it can't be moved to paper, there wasn't really an unspoken agreement to begin with.

  22. Re:Anything you create? on Modifying Employment Agreements? · · Score: 1

    I suspect that they really don't want to deal with this stuff and it just gets shipped offsite somewhere.

    Such as the local recycling center...

  23. Re:May be a bit underhanded, but... on Modifying Employment Agreements? · · Score: 2, Informative

    The cross-out indicates a non-approval of that clause. They can't enforce a contract both sides didn't agree to, so their options are to either accept the contract without the striken clauses, or to not accept the contract at all.

    It doesn't promise a win in a dispute, but it does make those clauses of that contract useless in such a dispute.

  24. Re:Kinda OT: Unemployment Benefits on Modifying Employment Agreements? · · Score: 1

    The same is true in MA. I started my own .com operation while collecting unemployment, and since it only made trace levels of revenue, I had very little to declare, and in no week did it ever reach the level that it had to in order to change the value of my checks. Even if it ever did cross that line, it would have simply postponed the payment to me and lengthen my unemployment claim. MA unemployment basically gives you 52 weeks to prove you can claim the 26 weeks worth of money in your account, if you work part-time you simply delay your payments, you don't kill them.

  25. Re:Mixed Luck on Modifying Employment Agreements? · · Score: 1

    Even if company is offering an unenforable contract clause, you still shouldn't sign it without an agreement that it doesn't apply to you. Afterall, if they sue you or your next employer, it's going to be a messy lawsuit that'd become a whole lot quicker with that invalid clase taken out of play immediately.