mb0's comments

"i'm seeing two (obvious) bigger picture trends here that this story reinforces.

1. Digital authentication for purchasing is moving towards non-transferable biometrics ( i cant divulge my thumbprint like i can my pin )"

Unfortunately, your thumb print can be replicated and used. Check out this news story - police actually 3d printed a murder victim's finger to unlock their phone - http://www.theverge.com/2016/7/21/12247370/police-fingerprin...

I've heard that people with hyperhydrosis have a lot of trouble with biometrics devices as well as smart phones. If your skin is too moist it just kinda gums up the works.

I think you're being a bit over-dramatic with the "wretched hive of scum and villany" stuff. The commonality of this sort of behavior varies from forum to forum, depending on the mood of that forum. For instance, this sort of thing was not abnormal at all during the hey-day of Something Awful (One of the largest forums around some years ago, still #5 in membership numbers).

As far as the editing Spez did, if they were really out there calling him a pedophile, they should have expected some backlash. You can only push an authority figure so far before they're going to go on the defensive. This will definitely make things worse though.

What if you crafted a program that mimicked the functionality of an ntp server, and but it had a built in memory of what times have been given out to network clients? Couldn't you in theory send a series of NTP answers that quickly stepped back the clock of the target system, with the stepback value being whatever the maximum value the ntp client will handle? Answer one subtracts the time by 24 hours, the next by another 24 hours, the next by 24 hours? Is there a limit to how frequently the time can be stepped back?

Finally! Seagate has been dropping the ball on drive stability for a long time now, and the failure rates on these 3TB disks is completely unacceptable. Additionally, seagate's own RMA department has been failing terribly, with a lot of their "recertified" disks being returned to customers with serious conflicts, ranging from a high number of uncorrectable sectors to logic board problems that completely cripple systems they are installed in.

Nasdaq:STX is down 1.80 points (5.92%) right now. It was down around 6.76% about an hour ago. I hope, for the sake of their shareholders & customers, that seagate gets it together.

Shodan itself shows that all instances of this database are located in China, and there are 390 instances of it. Top organizations are:

China Telecom Yunnan 83 China Telecom xinjiang 80 China Telecom 60 China Unicom Shandong 11 China Telecom Chongqing 10

Connecting to one instance in particular, 183.221.158.220:

> show dbs; DrugSupervise 0.125GB local 0.03125GB > use DrugSupervise switched to db DrugSupervise > show collections DrugSupervise.Entity.Models.DictList.DictCodeList DrugSupervise.Entity.Models.DictList.DictCodeTypeList DrugSupervise.Entity.Models.DictRegion.DictRegionList DrugSupervise.Entity.Models.EntPartner.EntPartnerList DrugSupervise.Entity.Models.PhysicsName.PhysicNameList DrugSupervise.Entity.Models.RIOS.InOutStoreD`1[DrugSupervise.Entity.Models.PI.PurchaseInStore] DrugSupervise.Entity.Models.RIOS.InOutStoreD`1[DrugSupervise.Entity.Models.RG.GetDrugOutStore] system.indexes

Looking at the DrugSupervise.Entity.Models.PhysicsName.PhysicNameList collection, see a bunch of stuff like this:

{ "_id" : BinData(3,"s6CfpmQtDkG5Nh3lqDGOQQ=="), "physicName" : "磷酸可待因注射液", "physicInfo" : "磷酸可待因注射液 注射剂 15mg" } { "_id" : BinData(3,"3Aa7ZwXzy0ax2KRCFRhsSg=="), "physicName" : "硫酸吗啡口服溶液", "physicInfo" : "硫酸吗啡口服溶液 口服液 10ml：30mg" } { "_id" : BinData(3,"t9+GHfNq10eqqi2EaqhQKA=="), "physicName" : "枸橼酸舒芬太尼注射液", "physicInfo" : "枸橼酸舒芬太尼注射液 注射剂 2ml:100vg(以舒芬太尼计)" } { "_id" : BinData(3,"bFLxr6tN0kO8vso+BTjB5w=="), "physicName" : "硫酸吗啡片", "physicInfo" : "硫酸吗啡片 片剂 20mg" } { "_id" : BinData(3,"5FGsZIWsPE6L+UQSTEfVag=="), "physicName" : "盐酸吗啡片", "physicInfo" : "盐酸吗啡片 片剂 30mg" }

I have no idea what this is, but it looks like some kind of registry of prescriptions.

Yes. Both NTP and DNS operate over UDP. UDP is a connectionless protocol, which means no connection handshake needs to be made in order for a data to be delivered to a target IP address. What generally happens is, one attacker will send many requests to a many DNS and or NTP servers whilst spoofing their IP address to make it appear as if their victim is sending all of these requests. No connection handshake happens to verify that the victim is actually making these requests. So, every server that the attacker sent this request to will send the much-larger answer back to the victim. If DNS were to only operate over TCP (which uses a connection handshake), the internet would be much slower, because connection handshakes can take a while.

However, this isn't what happened on Monday. It seems like one attacker with a lot of systems used those systems to query someone's domain name whilst spoofing many IP addresses at once. This in turn overwhelmed many of the root servers, and possibly several authoritive DNS servers in the process. Sounds like a botnet owner was showing off how much power they have.

find / -type f -iname 'ASTERISKsublimeASTERISK' | grep -i settings | grep -v backup

hostname -i on cb.vu says the IP address is 78.31.70.238, but if you ping a host from the interface, the pings originate from 178.33.34.4 (according to tcpdump).

Did you experience major depression prior to taking the drug, or have you talked to any major depressive people who also tried the drug? Have you experienced any negative side effects from the drug, or talked to anyone who experienced negative side effects? I am pretty cautious about trying new drugs, as some currently legal drugs can carry dangerous side effects (ie: viibryd causing brain shocks in active patients).

The CVS in my neighborhood sells 24oz cans of 8.1% ABV malt liquor for $1.36/can. Have to wonder how those sales fit into their mission to improve public health.

Maybe. The IP address that is referenced in the subpoena (12.218.239.38) is the IP address of cookcountyboardofreview.com. Maybe that box got hacked and it had access to some big cook county DMZ?

To play devil's advocate, maybe they were only going to adjust the routing behavior of a certain netblock? Still very out-of-bounds if you ask me.

Couldn't it also be argued that the GNU limits user freedom by requiring users never use non-free software?

How will anyone verify that the information being sold is valid?

Depends on the cost, and the hardware & software components that are used. I currently run debian jessie on both my desktop (home-build), and on my cheap hp laptop that I bought a few years ago. I won't buy a new apple computer simply because they are well outside of my budget. I did buy a macbook refurb some years ago, and enjoyed it a lot, but I still stuck with my hp laptop for most work.

I would get some peace of mind knowing that all hardware components are going to be supported by the linux kernel. However, I'm probably going to rip the OS out of the system and install my own.

Here in Chicago, there are many problems. The most frequent complaint is that drivers purposely break their credit card machines so that payment via card is not possible. The reason being that drivers are forced to pay the card processing fee themselves, which is another problem.

Aside from that, cash transactions are not recorded, which in turn results in less of that Driver's income being taxed, taking money away from local municipalities. This is actually a great argument in favor of uber, as they send 1099s out to all of their drivers.

To clarify Grecy's statement, netflix offers openconnect[1] for to ISPs as a caching mechanism, and the box contains about 108TB of disk capacity[2]. The boxes are sent to ISPs instead of customers though.

[1] https://www.netflix.com/openconnect

[2] https://www.netflix.com/openconnect/hardware

Try and query anything.no-ip.biz. At the moment, I'm getting regular timeouts on queries to both ns7.microsoftinternetsafety.net and ns8.microsoftinternetsafety.net. It shouldn't take much for microsoft to log all incoming dns requests and put in an NS record to let traffic continue flowing down to no-ip's actual nameservers. A simple `dig whatever.no-ip.biz @a.root-servers.net +trace` will show you this.

In my opinion, the NTP reflection attacks are a result of a larger problem on the internet - large payloads being delivered without any sort of connection handshake. While it is easy to blame open ntp servers, dns resolvers, and snmp servers - these protocols wouldn't be as easy to abuse if the internet hadn't grown to rely on UDP. UDP is a connectionless protocol, so there is no handshake before data is thrown at the vulnerable target. Worse yet, there is no way to 'reset' function in these protocols, so there is no way for the victim to tell the remote host to shut up.

As for the targets of these attacks. They're still happening. It's honestly a pretty stupid attack. The connections from victim:80 to ntpserver:123. The attackers don't seem to understand that port 80 is not a commonly used UDP port. I'm seeing the following targets in my ntp server's logs:

37.187.133.51 (OVH) 216.33.93.214 (edline.com) 23.9.97.251 (akamai) 59.7.146.69 (Korea Telecom) 198.50.139.161 (OVH) 217.236.16.131 (Deutsche Telekom)