Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Re:How do IoT manufacturers... on OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices (hothardware.com) · · Score: 2, Insightful

    It is time to blacklist these devices and prevent insecure devices that participate in DDoS permanently. This may mean things like MAC-based blocking on ISP-level. In order to make ISPs do this, we may have to drop a few ISPs from global routing first though.

    Another option would be to make hacking them to take them down legal, but that is hugely problematic.

    Anyways, with the damage these idiots allow the DDoSers to do, terrorism begins to seem kind of irrelevant.

  2. No idea. Maybe you are missing some potentially hidden intermediate server that cashes an earlier error. I had access to the site as soon as this story was up.

    Incidentally, the TTLs on my own DNS servers are down to a max of 6h as well after I initially misconfigured something and then had to wait for 2 days for the cached errors to expire. Makes the principles of DNS-caching pretty clear to you ;-)
    Dynamic DNS is on 1 minute, same as dyndns.org uses (or used when I last checked).

  3. Re:How many of those... on Windows 10 Now On 400 Million Active Devices, Says Microsoft (thurrott.com) · · Score: 1

    You may have heard of the concept of a "reputation". Its value is derived from past actions and it can provide circumstantial evidence.
    But then, that idea may fly right over your head.

  4. 1. There is also no reason not to send them, as anything you can send instead does not provide any benefit.
    2. Please read up on this. This is a solved problem.

  5. Re:How many of those... on Windows 10 Now On 400 Million Active Devices, Says Microsoft (thurrott.com) · · Score: 0

    As this is MS, it will include anything they can stick in there without being too obvious. They need to have success with this one, so they are cheating, coercing and lying as far as they think they can go without being slapped down too hard. Better strategy would have been to actually make a good product, but hey, this is MS.

  6. Modders and cheaters are two different things on UK's Top Police Warn That Modding Games May Turn Kids into Hackers (vice.com) · · Score: 1

    Cheaters in online-games have already failed as human beings, because the do not understand the value of things like personal integrity, honesty or respecting your fellow human beings. They will go on to have a criminal career or one that is legal, but does massive damage to society for a comparable small personal gain. Whether they learn to code exploits or not is immaterial, these people are a massive problem because of personality-defects.

    Modders on the other hand are creative people that sometime create amazing works of art and entertainment and quite often generally useful modifications. None of them cause any harm to others by that activity. They do contribute positively to society and increase their skills.

    Putting these two in the same basket is about as ignorant it gets.

  7. Maybe there is a secret society that is dedicated to keeping old vulnerabilities alive. Would explain why the same tired old mistakes are made time and again.

  8. Indeed. Of course you should store the password salted and hashed a few 100'000 times on the server (better do it right and use pbkdf2 or Argon2) and you should dispose of that plain-text password immediately after you have compared it.

  9. And how, please tell us, are you supposed to do that login without sending the salted hash? And how do you do that salting and hashing on the client in the first place? Push some code to the client? Not smart at all.

  10. Indeed. Some people are really clueless. No, the plaintext-passwords can be sent, but the need to be sent over a secured channel and they need to never be stored and erased immediately after comparison.

    Incidentally, unless you iterate the hash an appropriate number of times (say at least 100'000 times at the moment, but better use pbkdf2 or far better Argon2 with a similar number of iterations) you will still be insecure.

  11. Re:Exposing those who store plaintext passwords on As We Speak, Teen Social Site Is Leaking Millions Of Plaintext Passwords (arstechnica.com) · · Score: 1

    They need to be found guilty of gross negligence and sent to prison. Before that happens, nothing will change.

  12. DNS-propagation can take several hours, and even longer under some circumstances.

  13. Re:i read this as.... on Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com) · · Score: 1

    too bad krebs didn't just start posting his blog to facebook instead.

    While I like the sentiment, I highly doubt anybody can bring them down via DDoS.

  14. Seems Google gets publicity better than Akamai on Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com) · · Score: 2

    I mean, what better opportunity to demonstrate the power of your solution and with free reporting on it as well? Nobody likes the DDoS terrorists (and yes, that is what they are for all practical purposes, because they are attacking critical infrastructure), so this can only go well.

  15. Re:ironically on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 1

    Maybe you are not able to _recognize_ Linux? Because that is not what other people experience...

  16. Re:Corporate suicide! on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 1

    So far it works for them. There are enough people that think Win10 is great. Of course, the corporate market is another story.

  17. Re:Workaround on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 1

    That we even have to consider such "solutions" shows how fundamentally broken both Windows and the relevant consumer-protection laws are.

  18. Re:the most common response was "I run Linux." on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 1

    Unfortunately, I am also a gamer, so that does not (yet) work well. But I am strongly thinking about a gaming-only PC and a separate one for working on things, surfing, email, etc. with Linux.

  19. Re:MS old and bloated on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 2

    You are lucky. I updated my Win7 laptop a few days ago (had not found updates for a while and suddenly found them when on the net for a day). Took something like 20h to find all updates and another 10h or so to install them. Talk about fundamentally broken technology.

  20. I take it we are going to get new spyware? on Tuesday Was Microsoft's Last Non-Cumulative Patch (helpnetsecurity.com) · · Score: 1

    I really see no other purpose to this than bundling spyware with security-updates. Seems running Windows securely and reliably is going to get even more difficult than, for example, Linux. (Although systemd is trying to change that...)

  21. Re:Also happens in CS research on Poor Scientific Research Is Disproportionately Rewarded (economist.com) · · Score: 1

    Nice one.

  22. Re:But not climate change research on Poor Scientific Research Is Disproportionately Rewarded (economist.com) · · Score: 1

    There is such a consensus and it is a strong one. It may need an actual scientist to see it though. You obviously do not qualify.

  23. Re:Commercial "education" generally fails on How ITT Tech Screwed Students and Made Millions (gizmodo.com) · · Score: 2

    Which is another drawback of education for commercial gain: The providers of this sort of "education" have strong motivation to allow anybody in that can pay. This is not a good idea, as it waters down skill levels and degrades grade quality. A society dependent on technology cannot afford that in the long run.

  24. Re:Commercial "education" generally fails on How ITT Tech Screwed Students and Made Millions (gizmodo.com) · · Score: 1

    I take it you have never actually taught anything, because your "ideas" have no relation to this world. Education beyond rote memorization (which barely qualifies as "education", if at all) cannot be provided cheaply, and, unless we get AI that is both as capable as a good human teacher and willing to work for free, this is not going to change.

  25. Commercial "education" generally fails on How ITT Tech Screwed Students and Made Millions (gizmodo.com) · · Score: 3, Insightful

    Education is one of the things that if done well requires a high level of skill and dedication from those doing the education. Hence if done well commercially, it becomes too expensive for almost all people.

    The solution is to have the state do it and to draw the teachers from qualified idealists and let them do it how they see fit. Sure, this has its own set of problems, but it is vastly better than the capitalist way of doing it, because that does not work at all. The authoritarian way (curricula specified in detail by the state) universally fails nicely as well.

    Incidentally, this is that standard situation in Europe and it works reasonably well. It does require a large enough supply of smart, capable, idealistic and non-greedy people though, and that may be hard to come by in the US, especially the "non-greedy" part as US society is pathologically focused on money. With a candidate that ran his own scam of this type (Trump "University") having a realistic chance of becoming the next president, I do not think the future is bright for US academic education.