8chan's supposed to be even worse in terms of content. I imagine part of the issue with ads is that 4chan's base is the kind of people savvy enough to run a lot of adblock, along with advertisers being very skittish about porn and shock-sites (and parts of 4chan can be either or both).
A few of their boards still have a good reputation, though. /co/ is fairly respected by western animation fans from what i've seen.
Well, the internet is pretty much down even though all the websites are still technically working
A combination of very short DNS TTL values and deep name hierarchies combine to make DNS attacks very effective these days. Even though your DNS server is up and running normally, an attack on a large authoritative server now means everybody's caches get flushed automatically quickly, and the deep naming hierarchy also helps to reduce the number of entries that get cached
https://www.dynstatus.com/incidents/nlr4yrr162t8 services were apparently restored at 13:20Z and it looks like the attack resumed around 15:xxZ? And a couple hours later DNS for many, many things (including PA at least for me) died. IMO that is way too short a time for DNS to be flushing itself out (and arguably, maybe we shouldn't flush caches even for expired records if we can't get a non-failure response from the authoritative server). DNS is probably the flimsiest piece of the link that the modern internet is built on
silence1186Character shields down!As a wingmanRegistered Userregular
edited October 2016
Yeah, today at work was weird. No one could figure out what was wrong until someone checked the news.
E: Actually, now that I think about it, it makes me think the American Elections themselves may be vulnerable to interference if someone can knock out vast swaths of the internet just like that.
silence1186 on
+1
Options
Captain Marcusnow arrives the hour of actionRegistered Userregular
E: Actually, now that I think about it, it makes me think the American Elections themselves may be vulnerable to interference if someone can knock out vast swaths of the internet just like that.
Definitely puts the lie to all the "we should all just vote online, man" arguments that crop up each election season
I'm always a bit torn when it comes to these attacks. They are obviously in no way to be praised, and it's always shitty as fuck when they happen, and they should ideally never happen, and there should be repercussions when they do.
On the other hand, there's hardly a better way to show that while the internet and the online phenomenon is amzing, maybe we shouldn't be putting our whole weight onto something any script kiddy can kick out from under us at any time and make us faceplant hard.
"The sausage of Green Earth explodes with flavor like the cannon of culinary delight."
+8
Options
Just_Bri_ThanksSeething with ragefrom a handbasket.Registered User, ClubPAregular
Internet outages don't endanger the electoral process. County supervisors of elections do not receive reports from polling stations via internet and also do not report to the state supervisors over the internet.
...and when you are done with that; take a folding
chair to Creation and then suplex the Void.
+1
Options
TraceGNU Terry Pratchett; GNU Gus; GNU Carrie Fisher; GNU Adam WeRegistered Userregular
AT&T Inc. has reached an agreement to buy Time Warner Inc. for $86 billion, according to a person familiar with the plans, in a deal that would transform the phone company into a media giant.
E: Actually, now that I think about it, it makes me think the American Elections themselves may be vulnerable to interference if someone can knock out vast swaths of the internet just like that.
Definitely puts the lie to all the "we should all just vote online, man" arguments that crop up each election season
Nah, you can build something to handle that, it just happens to be expensive to so so
AT&T Inc. has reached an agreement to buy Time Warner Inc. for $86 billion, according to a person familiar with the plans, in a deal that would transform the phone company into a media giant.
Whelp.
Megacorporations.
+12
Options
gavindelThe reason all your softwareis brokenRegistered Userregular
AT&T Inc. has reached an agreement to buy Time Warner Inc. for $86 billion, according to a person familiar with the plans, in a deal that would transform the phone company into a media giant.
I do not understand why our government continues to approve these mega-mergers, time after time.
AT&T Inc. has reached an agreement to buy Time Warner Inc. for $86 billion, according to a person familiar with the plans, in a deal that would transform the phone company into a media giant.
I do not understand why our government continues to approve these mega-mergers, time after time.
I think back in the 80s or so they switched merger rules from "promoting internal competitiveness" to "promoting international competitiveness" or something along those lines. Basically "is the consumer better off" never enters into it anymore aside from the most blatant of monopolies.
Remember that failed T-Mobile merger from a couple of years ago?
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Remember that failed T-Mobile merger from a couple of years ago?
Yeah, my understanding is that just because the companies have agreed to a deal does not mean the deal has been approved by the government.
But I'm not 100% on what the triggers are for governmental review of these sorts of acquisitions.
Market share is one of the big ones I think. If an acquisition would give a single company access to enough of the total market share without enough possibility for competition, it likely brushes up against various anti-trust laws.
Nah, you can build something to handle that, it just happens to be expensive to so so
It'd have to be absolutely un-hackable though, and I doubt there's anything on the planet that doesn't have vulnerabilities.
Sure you can, you just need to lock it down to the point where the machine becomes nearly useless for anything
Discard web 2.0/3.0 bullshit and you are simply serving a static page and proxying results to within a VPN
Nope, can still be hacked.
If it's taking input, that's an attack vector. And if it's reachable via the internet it's taking input.
The internet's infrastructure desperately needs hardening, but I can't see it happening until something catastrophic occurs (or is barely averted).
To be honest, the only "unhackable" machine is one with no external inputs sitting in a Faraday cage under armed guard 24/7. And at that point fuck it just get pen and paper, it's cheaper.
AT&T Inc. has reached an agreement to buy Time Warner Inc. for $86 billion, according to a person familiar with the plans, in a deal that would transform the phone company into a media giant.
It's worth noting that Time Warner Inc. and Time Warner Cable (soon to be Charter, thanks to a previous merger) are not the same thing.
Time Warner Inc. is mostly content-related, most notably Warner Bros.
Nah, you can build something to handle that, it just happens to be expensive to so so
It'd have to be absolutely un-hackable though, and I doubt there's anything on the planet that doesn't have vulnerabilities.
Sure you can, you just need to lock it down to the point where the machine becomes nearly useless for anything
Discard web 2.0/3.0 bullshit and you are simply serving a static page and proxying results to within a VPN
Nope, can still be hacked.
If it's taking input, that's an attack vector. And if it's reachable via the internet it's taking input.
The internet's infrastructure desperately needs hardening, but I can't see it happening until something catastrophic occurs (or is barely averted).
To be honest, the only "unhackable" machine is one with no external inputs sitting in a Faraday cage under armed guard 24/7. And at that point fuck it just get pen and paper, it's cheaper.
Out of curiosity, why do you need the faraday cage if it doesn't have any external connection?
e:
In case someone gets past the armed guards to plant a transmitter on it?
Nah, you can build something to handle that, it just happens to be expensive to so so
It'd have to be absolutely un-hackable though, and I doubt there's anything on the planet that doesn't have vulnerabilities.
Sure you can, you just need to lock it down to the point where the machine becomes nearly useless for anything
Discard web 2.0/3.0 bullshit and you are simply serving a static page and proxying results to within a VPN
Nope, can still be hacked.
If it's taking input, that's an attack vector. And if it's reachable via the internet it's taking input.
The internet's infrastructure desperately needs hardening, but I can't see it happening until something catastrophic occurs (or is barely averted).
To be honest, the only "unhackable" machine is one with no external inputs sitting in a Faraday cage under armed guard 24/7. And at that point fuck it just get pen and paper, it's cheaper.
Out of curiosity, why do you need the faraday cage if it doesn't have any external connection?
e:
In case someone gets past the armed guards to plant a transmitter on it?
In case someone eventually finds a way to attack the hardware via induction (to be honest, I wouldn't be surprised at this point if someone had worked out a way to shoot a microwave/radio laser at a computer to flip bits)?
Yeah, without a reciever it's probably not needed. I'm just thinking "how do I completely and totally isolate this box from the outside world".
Didn't see this posted here. At least part of the DDOS attack against DNS services last week was perpetrated by a botnet that exists on Internet of Things hardware. They detected the code from a publicly available botnet called Mirai, which is mounted to unsecured IoT devices, in the attack. The malware targets internet connected objects like cameras, thermostats, fridges, and routers for infection.
Mirai looks for IoT devices and uses a table of publicly available default username and password combos to infect devices. Even when rebooted, the devices are able to be reinfected within minutes if the password isn't changed immediately.
As if this thread weren't cyberpunk dystopia enough already!
First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKERS
+6
Options
Just_Bri_ThanksSeething with ragefrom a handbasket.Registered User, ClubPAregular
Faraday cages are primarily if you are using bluetooth accessories for less cord clutter. There are theoretical situations where someone might be able to tell what your computer is doing by measuring difference in magnetic fields, but I am not aware of any situation where that has been done in the field.
The other situation is if you think it possible that someone could social engineer their way into your site and plant a usb wireless network adapter, but that is a rather inefficient way of dealing with it.
...and when you are done with that; take a folding
chair to Creation and then suplex the Void.
You can absolutely write an unhackable* web server, provided it doesn't have to do much
Just because an attack vector exists doesn't mean it's exploitable
* Assuming you trust your hardware
You can't trust the hardware. Rowhammer, etc.
Those types of attacks require physical access, arbitrary code execution, or both; neither of which are doable on a system you can barely even interact with
You can absolutely write an unhackable* web server, provided it doesn't have to do much
Just because an attack vector exists doesn't mean it's exploitable
* Assuming you trust your hardware
You can't trust the hardware. Rowhammer, etc.
Those types of attacks require physical access, arbitrary code execution, or both; neither of which are doable on a system you can barely even interact with
If it's on the internet, it is, minimum, servicing HTTP GET. If it's doing anything remotely interactive, it's doing POST as well.
Hello, buffer overflow, SQL injection, etc. etc. etc.
And, frankly... it's not unhackable because there's humans operating it - if we're talking something a nation-state would target... I direct your attention to Stuxnet.
Nothing is "unhackable" and to suggest otherwise seems irresponsible. Besides, the human element is often the weakest link.
The DDOS thing is very troubling. I've seen several security researcher people suggest that these attacks are tests for response time and to guage the strength of these networks and stuff, and that's worrying.
Nothing is "unhackable" and to suggest otherwise seems irresponsible. Besides, the human element is often the weakest link.
The DDOS thing is very troubling. I've seen several security researcher people suggest that these attacks are tests for response time and to guage the strength of these networks and stuff, and that's worrying.
Yeah, targeted removal of DNS nodes doesn't lead me down any happy trains of thought.
There's starting to be a conversation about whether white-hats have an ethical responsibility to counter-hack these devices and brick them to save the greater internet. So that's fun.
Ideally we'd at least get to the point where retailers would be forced (or voluntarily) to pull utterly insecure devices like these from the market, but that seems impossible to enforce in the developing world.
a5ehren on
0
Options
Andy JoeWe claim the land for the highlord!The AdirondacksRegistered Userregular
So they'll update the terms of service with minimal notification and just make it part of the standard contract for service.
Maybe. I hope the content of the new rule forbids making such permission a contract term, but we'll see.
Esspecially since most of the time you don't have much of a choice when it comes to providers
+6
Options
SurfpossumA nonentitytrying to preserve the anonymity he so richly deserves.Registered Userregular
So I figure this is worth resurrecting this thread for:
If Trump signs the resolution to eliminate privacy rules, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers.
The House vote was 215 to 205, with most Republicans voting to eliminate privacy rules. The Senate vote last week was 50-48, with lawmakers voting entirely along party lines.
Apparently ISPs will now be able to sell data even on a per person basis, which has led to at least a couple of people (Max Temkin, Misha Collins) declaring that they are going to purchase the browsing histories of Congresscritters.
So I figure this is worth resurrecting this thread for:
If Trump signs the resolution to eliminate privacy rules, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers.
The House vote was 215 to 205, with most Republicans voting to eliminate privacy rules. The Senate vote last week was 50-48, with lawmakers voting entirely along party lines.
Apparently ISPs will now be able to sell data even on a per person basis, which has led to at least a couple of people (Max Temkin, Misha Collins) declaring that they are going to purchase the browsing histories of Congresscritters.
Rep. Michael Burgess (R-Texas) said the FCC rules "unfairly skew the market" toward social networks and search engines, which would have more ability to collect and use customer information for personalized advertising.
"The Federal Communications Commission privacy rule arbitrarily treats Internet service providers differently from the rest of the Internet," he said, calling the rules an example of "government intervention in the free market."
YES. Because they're INTERNET SERVICE PROVIDERS. They're not the INTERNET. The INTERNET is not its own SERVICE PROVIDER, you silly goose. They're being treated differently because they are different!!!!
Posts
A few of their boards still have a good reputation, though. /co/ is fairly respected by western animation fans from what i've seen.
A combination of very short DNS TTL values and deep name hierarchies combine to make DNS attacks very effective these days. Even though your DNS server is up and running normally, an attack on a large authoritative server now means everybody's caches get flushed automatically quickly, and the deep naming hierarchy also helps to reduce the number of entries that get cached
https://www.dynstatus.com/incidents/nlr4yrr162t8 services were apparently restored at 13:20Z and it looks like the attack resumed around 15:xxZ? And a couple hours later DNS for many, many things (including PA at least for me) died. IMO that is way too short a time for DNS to be flushing itself out (and arguably, maybe we shouldn't flush caches even for expired records if we can't get a non-failure response from the authoritative server). DNS is probably the flimsiest piece of the link that the modern internet is built on
E: Actually, now that I think about it, it makes me think the American Elections themselves may be vulnerable to interference if someone can knock out vast swaths of the internet just like that.
On the other hand, there's hardly a better way to show that while the internet and the online phenomenon is amzing, maybe we shouldn't be putting our whole weight onto something any script kiddy can kick out from under us at any time and make us faceplant hard.
chair to Creation and then suplex the Void.
Nah, you can build something to handle that, it just happens to be expensive to so so
Whelp.
Megacorporations.
I do not understand why our government continues to approve these mega-mergers, time after time.
Remember that failed T-Mobile merger from a couple of years ago?
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Yeah, my understanding is that just because the companies have agreed to a deal does not mean the deal has been approved by the government.
But I'm not 100% on what the triggers are for governmental review of these sorts of acquisitions.
Market share is one of the big ones I think. If an acquisition would give a single company access to enough of the total market share without enough possibility for competition, it likely brushes up against various anti-trust laws.
Sure you can, you just need to lock it down to the point where the machine becomes nearly useless for anything
Discard web 2.0/3.0 bullshit and you are simply serving a static page and proxying results to within a VPN
Nope, can still be hacked.
If it's taking input, that's an attack vector. And if it's reachable via the internet it's taking input.
The internet's infrastructure desperately needs hardening, but I can't see it happening until something catastrophic occurs (or is barely averted).
To be honest, the only "unhackable" machine is one with no external inputs sitting in a Faraday cage under armed guard 24/7. And at that point fuck it just get pen and paper, it's cheaper.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
Just because an attack vector exists doesn't mean it's exploitable
* Assuming you trust your hardware
It's worth noting that Time Warner Inc. and Time Warner Cable (soon to be Charter, thanks to a previous merger) are not the same thing.
Time Warner Inc. is mostly content-related, most notably Warner Bros.
You can't trust the hardware. Rowhammer, etc.
Out of curiosity, why do you need the faraday cage if it doesn't have any external connection?
e:
In case someone gets past the armed guards to plant a transmitter on it?
In case someone eventually finds a way to attack the hardware via induction (to be honest, I wouldn't be surprised at this point if someone had worked out a way to shoot a microwave/radio laser at a computer to flip bits)?
Yeah, without a reciever it's probably not needed. I'm just thinking "how do I completely and totally isolate this box from the outside world".
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
Mirai looks for IoT devices and uses a table of publicly available default username and password combos to infect devices. Even when rebooted, the devices are able to be reinfected within minutes if the password isn't changed immediately.
http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/
https://www.webroot.com/blog/2016/10/10/source-code-mirai-iot-malware-released/
The other situation is if you think it possible that someone could social engineer their way into your site and plant a usb wireless network adapter, but that is a rather inefficient way of dealing with it.
chair to Creation and then suplex the Void.
Those types of attacks require physical access, arbitrary code execution, or both; neither of which are doable on a system you can barely even interact with
If it's on the internet, it is, minimum, servicing HTTP GET. If it's doing anything remotely interactive, it's doing POST as well.
Hello, buffer overflow, SQL injection, etc. etc. etc.
And, frankly... it's not unhackable because there's humans operating it - if we're talking something a nation-state would target... I direct your attention to Stuxnet.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
The DDOS thing is very troubling. I've seen several security researcher people suggest that these attacks are tests for response time and to guage the strength of these networks and stuff, and that's worrying.
Yeah, targeted removal of DNS nodes doesn't lead me down any happy trains of thought.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
Ideally we'd at least get to the point where retailers would be forced (or voluntarily) to pull utterly insecure devices like these from the market, but that seems impossible to enforce in the developing world.
So they'll update the terms of service with minimal notification and just make it part of the standard contract for service.
Hidden in some legal footnote that most people won't bother to read before signing anyway I'd imagine.
- Terence McKenna
Maybe. I hope the content of the new rule forbids making such permission a contract term, but we'll see.
Esspecially since most of the time you don't have much of a choice when it comes to providers
https://arstechnica.com/tech-policy/2017/03/for-sale-your-private-browsing-history/
Apparently ISPs will now be able to sell data even on a per person basis, which has led to at least a couple of people (Max Temkin, Misha Collins) declaring that they are going to purchase the browsing histories of Congresscritters.
And they might be able to?
%$#@%#$%
YES. Because they're INTERNET SERVICE PROVIDERS. They're not the INTERNET. The INTERNET is not its own SERVICE PROVIDER, you silly goose. They're being treated differently because they are different!!!!
^&%^&%^*%&*%^*%^#$^*(*&)