Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Comments: 174 +-   A Look At the Safety of Google Public DNS on Friday December 04, @11:35AM

Posted by kdawson on Friday December 04, @11:35AM
from the random-enough-maybe dept.
security
darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"
Read More... 174 comments story

Comments: 240 +-   One Way To Save Digital Archives From File Corruption on Friday December 04, @07:50AM

Posted by timothy on Friday December 04, @07:50AM
from the don'tcha-love-finding-corrupted-files dept.
storage
storagedude points out this article about one of the perils of digital storage, the author of which "says massive digital archives are threatened by simple bit errors that can render whole files useless. The article notes that analog pictures and film can degrade and still be usable; why can't the same be true of digital files? The solution proposed by the author: two headers and error correction code (ECC) in every file."
Read More... 240 comments story

Comments: 117 +-   Malware Could Grab Data From Stock iPhones on Friday December 04, @01:20AM

Posted by timothy on Friday December 04, @01:20AM
from the swamp-of-bog-standard dept.
security
Ardisson writes "Swiss iPhone developer Nicolas Seriot presented last night a talk on iPhone Privacy in Geneva. He showed how a malicious application could harvest personal data on a non-jailbroken iPhone (PDF) and without using private APIs. It turns out that the email accounts, the keyboard cache content and the WiFi connection logs are fully accessible. The talk puts up several recommendations. There is also a demo project on github."
Read More... 117 comments story

Comments: 76 +-   Federal Appeals Court Tosses Spam Patent on Thursday December 03, @11:48AM

Posted by CmdrTaco on Thursday December 03, @11:48AM
from the no-way-that-was-my-idea dept.
patents
Zordak writes "US patent 6,631,400 claims a method of making sure enough people get your spam. A federal district court had overturned the patent as anticipated and obvious, and not drawn to patentable subject matter. The Federal Circuit, the appeals court which hears patent matters, upheld the finding of obviousness, thus invalidating the patent."
Read More... 76 comments story

Comments: 92 +-   Cameroon the New Hotbed of Malware on Wednesday December 02, @11:18PM

Posted by samzenpus on Wednesday December 02, @11:18PM
from the none-more-infected dept.
security
garg0yle writes "According to McAfee, more than a third of Cameroon domains (TLD of .cm) are infested with viruses or other not-so-fun party treats. Given that it's very easy to mis-type .com as .cm, this puts the computers of a lot of fat-fingered typists in peril. Second place on the most-infested domains list goes to China (.cn), while Hong Kong (last year's 'winner') is now comfortably middle-of-the-pack."
Read More... 92 comments story

Comments: 615 +-   SETI@Home Install Leads To School Tech Supervisor's Resignation on Wednesday December 02, @03:40PM

Posted by timothy on Wednesday December 02, @03:40PM
from the totally-worth-it dept.
space
An anonymous reader writes "Apparently the most prolific of users in the SETI@Home community has resigned his job as a school technology supervisor after it was revealed he had the software installed on some 5000 school machines. The school claims to have lost $1 million in upkeep on the affected machines."
Read More... 615 comments story

Comments: 579 +-   Black Screen of Death Not Microsoft's Fault on Wednesday December 02, @11:59AM

Posted by CmdrTaco on Wednesday December 02, @11:59AM
from the well-not-directly-anyway dept.
microsoft
Barence follows up to the ongoing Black Screen of Death Saga by saying "Microsoft says reports of 'Black Screen of Death' errors aren't caused by Windows Updates, as claimed by a British security firm. The software giant claims November's Windows Updates didn't alter registry keys in the way described by Prevx, which said that the Microsoft Patches caused PCs to boot with just a black screen and a Windows Explorer window. Microsoft is now blaming the problem on malware. Prevx has issued a grovelling apology on its own blog."
Read More... 579 comments story

Comments: 317 +-   The Voynich Manuscript May Have Been Decoded on Wednesday December 02, @08:17AM

Posted by kdawson on Wednesday December 02, @08:17AM
from the ask-a-navajo dept.
encryption
MBCook sends word on a possible solution to the mystery of the Voynich Manuscript, which we last visited nearly 6 years ago. "The Voynich Manuscript has confounded attempts to decode it for nearly 100 years. A person named Edith Sherwood, who has previously suggested a possible link to DaVinci, has a new idea: perhaps the text is simply anagrams of Italian words. There are three pages of examples from the herb section of the book, showing the original text, the plaintext Italian words, and the English equivalents. Has someone cracked the code?"
Read More... 317 comments story

Comments: 664 +-   Somali Pirates Open Up a "Stock Exchange" on Tuesday December 01, @11:29PM

Posted by kdawson on Tuesday December 01, @11:29PM
from the send-in-the-sba dept.
security
reginaldo writes to clue us that pirates in Somalia have opened up a cooperative in Haradheere, where investors can pay money or guns to help their favorite pirate crew for a share of the piracy profits. "'Four months ago, during the monsoon rains, we decided to set up this stock exchange. We started with 15 "maritime companies" and now we are hosting 72. Ten of them have so far been successful at hijacking,' Mohammed [a wealthy former pirate who took a Reuters reporter to the facility] said. ... Piracy investor Sahra Ibrahim, a 22-year-old divorcee, was lined up with others waiting for her cut of a ransom pay-out after one of the gangs freed a Spanish tuna fishing vessel. 'I am waiting for my share after I contributed a rocket-propelled grenade for the operation,' she said, adding that she got the weapon from her ex-husband in alimony. 'I am really happy and lucky. I have made $75,000 in only 38 days since I joined the "company."'"
Read More... 664 comments story

Comments: 123 +-   SarBox Lawsuit Could Rewrite IT Compliance Rules on Tuesday December 01, @03:45PM

Posted by kdawson on Tuesday December 01, @03:45PM
from the sluice-gate-to-security-spending dept.
security
dasButcher notes that the Supreme Court will hear arguments next week brought by a Nevada accounting firm that asserts the oversight board for the Sarbanes-Oxley Act is unconstitutional. If the plaintiffs are successful, it could force Congress to rewrite or abandon the law used by many companies to validate tech investments for security and compliance. "Many auditing firms have used [Sarbanes-Oxley Section] 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law."
Read More... 123 comments story

Comments: 351 +-   Microsoft Investigates Windows 7 "Black Screen of Death" on Tuesday December 01, @12:38PM

Posted by timothy on Tuesday December 01, @12:38PM
from the appropriate-namespace-overload dept.
bug
duguk writes "Microsoft has confirmed that it is investigating a problem described as the 'black screen of death,' which affects Windows 7 — and reports suggest it affects Vista and XP, too. The firm said it was looking into reports that suggest its latest security update, released on Tuesday 25 November, caused the problem. The error means that users of Windows 7 and earlier operating systems see a totally black screen after logging on to the system." Update: 12/01 22:35 GMT by KD : Microsoft now says that its November Windows updates are not causing the BlackSOD: "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."
Read More... 351 comments story

Comments: 100 +-   Spammer Lance Atkinson Fined $16 Million on Tuesday December 01, @11:57AM

Posted by timothy on Tuesday December 01, @11:57AM
from the jail-would-be-finer dept.
spam
Nashville Guy writes "According to Australia's The Age, 'A New Zealand man living in Queensland and believed to be behind the world's largest spam operation, has been ordered to pay more than $16 million for running the illegal enterprise. Lance Atkinson, 26, originally from Christchurch, was living in Pelican Waters on the Sunshine Coast when the US Federal Trade Commission (FTC) had his assets frozen last year. ... The FTC found Atkinson and American Jody Smith were at the centre of the world's largest internet spam operation, dubbed 'AffKing,' having recruited spammers from around the world.'"
Read More... 100 comments story

Comments: 305 +-   The Cloud Ate My Homework on Tuesday December 01, @09:46AM

Posted by timothy on Tuesday December 01, @09:46AM
from the low-hanging-clouds-are-fog dept.
google
theodp writes "Over at CNET, James Urquhart sings the praises of cloud computing, encouraging folks to 'really listen to what is being said, understand how the cloud is being used, and seriously evaluate how this disruptive model will change your projects, your organization, and even your career.' Fair enough. Over at the Google Docs Help Forum, some perplexed cloud computing users spent the month of November unsuccessfully trying to figure out why they've been zinged for inappropriate content. Among the items deemed inappropriate and unshareable include notes on Henry David Thoreau ('the published version of this item cannot be shared until a Google review finds that the content is appropriate'), homework assignments, high school yearbook plans, wishlists, documents containing botanical names for plants, a list of websites for an ecommerce class, and a list of companies that rent motorcycles in Canada. When it comes to support in the cloud, it kind of looks like you might get what you pay for."
Read More... 305 comments story

Comments: 7 +-   Serious Remote FreeBSD Exploit Posted, Patched on Tuesday December 01, @09:23AM

Posted by timothy on Tuesday December 01, @09:23AM
from the wait-thought-you-said-openbsd dept.
security
Trailrunner7 writes "A researcher has published an explanation of a new flaw in FreeBSD that allows a remote attacker to take control of a vulnerable machine. The vulnerability could give an attacker root access to the FreeBSD machine, and the FreeBSD developers have published a patch for the flaw early Tuesday. The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list. In a message to FreeBSD users, Colin Percival, the project's security officer, said that because of the severity of the flaw and the fact that exploit code already is available, he felt it was necessary to post the patch as soon as possible, without even publishing a security advisory."
Read More... 7 comments story

Comments: 396 +-   Harvard Says Computers Don't Save Hospitals Money on Tuesday December 01, @02:28AM

Posted by kdawson on Tuesday December 01, @02:28AM
from the always-jam-tomorrow dept.
money
Lucas123 writes "Researchers at Harvard Medical School pored over survey data from more than 4,000 'wired' hospitals and determined that computerization of those facilities not only didn't save them a dime, but the technology didn't improve administrative efficiency either. The study also showed most of the IT systems were aimed at improving efficiency for hospital management — not doctors, nurses, and medical technicians. 'For 45 years or so, people have been claiming computers are going to save vast amounts of money and that the payoff was just around the corner. So the first thing we need to do is stop claiming things there's no evidence for. It's based on vaporware and [hasn't been] shown to exist or shown to be true,' said Dr. David Himmelstein, the study's lead author."
Read More... 396 comments story

Comments: 593 +-   Ethics of Releasing Non-Malicious Linux Malware? on Monday November 30, @09:39PM

Posted by kdawson on Monday November 30, @09:39PM
from the what-would-schneier-do dept.
security
buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
Read More... 593 comments story

Comments: 313 +-   Dell Defect Turning 2.2GHz CPU Into 100MHz CPU? on Monday November 30, @04:04PM

Posted by ScuttleMonkey on Monday November 30, @04:04PM
from the making-the-pr-department-work-for-their-paycheck dept.
bug
jtavares2 writes "In what is being dubbed Throttlegate, scores of users on many message boards have been complaining about nexplicably aggressive throttling policies on their Dell Latitude E6500 and E6400 laptops which cause their CPUs to be throttled to less than 5% of their theoretical maximums even while at room temperatures. In many cases, the issue can be triggered just by playing a video or performing some other trivial, but CPU intensive, task. After being banned [PDF] from the Dell Forums for revealing 'non-public information,' one user went so far as to write and publish a 59-page report [PDF] explaining and diagnosing the throttling problem in incredible detail. Dell seems to be silent on the issue, but many users are hoping for a formal recall."
Read More... 313 comments story

Comments: 731 +-   Should You Be Paid For Being On Call? on Monday November 30, @02:37PM

Posted by ScuttleMonkey on Monday November 30, @02:37PM
from the then-i-want-hazard-pay dept.
money
theodp writes "Fortune's Dear Annie takes on the case of poor Dazed and Confused, an independent webmaster who's expected to be on call for his client at all hours of the day and night, but doesn't get paid for being on call, only for the 40 hours a week that he's in the office. Surprisingly, Annie throws cold water on the contractor's dreams of paid OT, citing these pearls of wisdom from an attorney who's apparently never had the 'privilege' of being a techie on call: 'Many companies see the on-call issue as analogous to a fire fighter's job. Most of the time, a fire fighter is off-duty but on call, hanging around the firehouse, cooking, sleeping, or whatever. What that person really gets paid for is the relatively small, but crucial, amount of time he spends walking into a burning building with an ax. A webmaster, likewise, has slow times and busy times.'" What on call policies are you used to working with and how should it work in an ideal world?
Read More... 731 comments story

Comments: 118 +-   Man Arrested For RuneScape MMORPG Online Robbery on Monday November 30, @08:41AM

Posted by CmdrTaco on Monday November 30, @08:41AM
from the doing-pretend-work-for-pretend-boots dept.
security
Unexpof writes "A man has been arrested by the British Police Central e-Crime Unit (PCeU), accused of stealing the usernames and passwords from players of the RuneScape MMORPG. Security experts report that this is one of the first occasions when a Brit has been apprehended for 'virtual robbery,' although incidents have happened in the past. For instance, the CEO of the sci-fi trading game EVE Online stole 200 billion 'kredits,' which he then used as a deposit on a real-world house, and in October last year a Japanese woman was arrested by police after allegedly hacking her virtual husband 'to death.'"
Read More... 118 comments story

Comments: 312 +-   Network Security While Traveling? on Sunday November 29, @04:08PM

Posted by kdawson on Sunday November 29, @04:08PM
from the moving-duck dept.
security
truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."
Read More... 312 comments story
Recent reviews from Slashdot readers:

Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus

Slashdot Login

Log In

Create Account  |  Retrieve Password

Search
There is no time like the present for postponing what you ought to be doing.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.