Hacker Newsnew | comments | ask | jobs | submit | pixelcloud's commentslogin

Information gathering. Prelude to potential attacks against the exchanges that could result in actual losses.

Just my thoughts

-----


Their backend software is probably able to deal with it, but not a massive DDOS brute force attack to try to find holes in the exchanges. This is an information gather exercise by some organized hackers.

-----


I would say no.

http://en.wikipedia.org/wiki/DMA_attack

-----

ds9 93 days ago | link

Some servers used to have a resettable "case has been opened" flag in the BIOS - the pieces that was based on could be leveraged against the DMA attacks. Overwrite certain items in memory, or maybe just power off the system, when the box is opened, and obstruct opening of the box (a lot of glue? or somesuch) to extend the time past the "recover memory" window.

Yes, I realize this would still be susceptible to coercion of the humans involved, and other issues, but it could be a building block of some degree of NSA-proofing.

-----

dm2 93 days ago | link

I see this option in my bios switched every time I open my computer. I never thought it might be a security feature, just an flag that must be set for someone with mild OCD.

I'm still not sure how my motherboard detects if my case is open...

-----

frankHQ 93 days ago | link

Are there any instances of this being used in the field?

-----

jamedjo 93 days ago | link

Yes, very easy. In a mac you just plug in a Firewire/thunderbolt device[1]. More extreme measures involve freezing the RAM. Both require physical access to the machine, but a bit more scary that plugging your laptop into a public display/TV gives an attacker control of your computer and passwords.

Full disk encryption TrueCrypt/BitLocker/FileVault can act as countermeasures[2] and modern versions of OSX don't allow DMA from the login screen anymore.

[1] http://www.breaknenter.org/2012/02/adventures-with-daisy-in-...

[2] http://www.researchgate.net/publication/49277520_Cold_Boot_M...

-----


I really don't see the difference between doing this and using something like SCCM to handle updates.

You are simply deploying the MSI and/or applying MSTs to the file. Configurations can be done after the package install...

If ninite cant do it, i dont see why MS/Citrix/Wyze would be able to.

-----

pixelcloud 375 days ago | link | parent | on: Excel as a database

You can add many different data sources (any ODBC driver), access, sharepoint sites, etc. Its a pretty useful tool for people who are not programmers and rely on PivotTables and such.

Its surprising how effective excel can be for non-programmers.

-----

pixelcloud 394 days ago | link | parent | on: The PyCon Incident

pyCon clearly set their expectations for their guests during this event. I think if the "community" has such a large issue with it, they can stop attending conferences that don't adhere to their social expectations. (pyCon would not get any smaller though)

-----


Please ship this to Canada. I went to preorder and I cannot.

-----


Any f-stop below 1.0 is pretty incredible. Kubrick filmed that scnee with JUST candle light.

-----


Its basically an auto-tamper and automatic espresso machine. I've never heard of applying 500KGs of force to tamp down a shot though..

-----


Smart grenades?

-----

More

Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: