×
Security

New Zealand's Hackable Transport Card Grants Free Bus Rides 96

Posted by Unknown Lamer from the we'll-fix-that-tomorrow dept.
mask.of.sanity writes "Kiwis could have their names, addresses, dates of birth and phone numbers exposed by flaws in the Christchurch public transport system that could also allow locals to travel on buses for free. The flaws in the MiFare Classic system allow anyone to add limitless funds to their transport cards and also buy cheap grey market cards and add them to the system. The website fails to check users meaning attackers could look up details of residents and opens the potential for someone to write a script and erase all cards in existence. Several flaws have been known to the operator since 2009." There are two sets of problems: their website is not adequately secured, allowing identity harvesting attacks, and the transit cards themselves are easy to forge.
Bitcoin

Bitcoin (Probably) Isn't Broken 78

Posted by Unknown Lamer from the cheaters-cheating-on-cheaters dept.
Trailrunner7 writes "In the wake of the publication of a new academic paper that says there is a fundamental flaw in the Bitcoin protocol that could allow a small cartel of participants to become powerful enough that it could take over the mining process and gather a disproportionate amount of the value in the system, researchers are debating the potential value of the attack and whether it's actually practical in the real world. The paper, published this week by researchers at Cornell University, claims that Bitcoin is broken, but critics say there's a foundational flaw in the paper's assertions. ... The idea of a majority of Bitcoin miners joining together to dominate the system isn't new, but the Cornell researchers say that a smaller pool of one third of the miners could achieve the same result, and that once they have, there would be a snowball effect with other miners joining this cartel to increase their own piece of the pie. However, other researchers have taken issue with this analysis, saying that it wouldn't hold together in the real world. 'The most serious flaw, perhaps, is that, contrary to their claims, a coalition of ES-miners [selfish miners] would not be stable, because members of the coalition would have an incentive to cheat on their coalition partners, by using a strategy that I'll call fair-weather mining,' Ed Felten, a professor of computer science and public affairs at Princeton University and director of the Center for Information Technology Policy, wrote in an analysis of the paper."
Wikipedia

Wikimedia Launches Beta Program To Test Upcoming Features 25

Posted by timothy from the good-seats-are-still-available dept.
An anonymous reader writes "Wikimedia today announced the launch of a beta program simply called Beta Features. In short, the organization is offering a way for users to try out new features on Wikipedia and other Wikimedia sites before they are released for everyone. If you're reading this with bated breath, you'll be happy to know logged-in users can join the early testing right now on MediaWiki.org, meta.wikimedia.org and Wikimedia Commons. Wikimedia plans to release Beta Features on all wikis in two weeks, on November 21, although the date may shift depending on the feedback the organization receives."
Oracle

Oracle Kills Commercial Support For GlassFish: Was It Inevitable? 125

Posted by timothy from the allocation-of-resources dept.
An anonymous reader writes "Oracle acquired GlassFish when it acquired Sun Microsystems, and now — like OpenSolaris and OpenOffice — the company has announced it will no longer support a commercial version of the product. Mike Milinkovich, executive director of the Eclipse Foundation. said in an interview the decision wasn't exactly a surprise: "The only company that was putting any real investment in GlassFish was Oracle," Milinkovich said. "Nobody else was really stepping up to the plate to help. If you never contributed anything to it, you can't complain when something like this happens." An update to the open source version is still planned for 2014." GlassFish is an open source application server.

Slashdot Top Deals