Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Login

Log In

[ Create a new account ]

Slashdot is powered by your submissions, so send in your scoop

      Slashdot Firehose

      The Slashdot Firehose is a collaborative system designed to allow users to assist our editors in the story selection process. The hose contains submissions, RSS Feeds, journals and Slashdot stories, each color-coded along the color spectrum to indicate popularity. Red is hot, violet is not. Try tagging and voting on the entries below, and by using the 'feedback' menus. Please send comments to hose at cmdrtaco dot net but be forgiving of beta code!

      Posted by kdawson on Tuesday August 19, @09:54PM
      from the poisoning-the-ad-pool dept.
      bullyBEEF writes "Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks. In the Web attacks, which affect Mac, Windows, and Linux users running Firefox, IE, and Safari, bad guys are seizing control of the machine's clipboard (probably using the Flash command setClipboard) and inserting a hard-to-delete URL that points to a fake anti-virus program. A number of legitimate sites have been seen to host ads carrying the attack — including Newsweek, Digg, and MSNBC.com. Researcher Aviv Raff offers a harmless demo of how it's done."
      + -
       [+] story, it, security, flashblock, adobe, flash, noscript
      Submitted by JagsLive on Tuesday August 19, @05:10PM
      JagsLive writes "http://blogs.msdn.com/e7/archive/2008/08/18/windows_5F00_7_5F00_team.aspx Microsoft Corp.'s head of engineering for the Windows 7 operating system said there are 25 "feature teams" of about 100 employees each working on the upcoming replacement to Windows Vista. Windows 7 teams work on anything from external features, such as user interfaces, to under-the-hood areas such as networking, according to Steven Sinofsky, Microsoft senior vice president for Windows and Windows Live engineering, in a Monday posting at the new "Engineering Windows 7" blog. "We create feature teams with n developers, n testers, and 1/2n program managers," Sinofsky wrote in a four-page blog that introduced his views on managing large-scale software development. "On average a feature team is about 40 developers across the Windows 7 project." Applets and Gadgets Assistance and Support Technologies Core User Experience Customer Engineering and Telemetry Deployment and Component Platform Desktop Graphics Devices and Media Devices and Storage Documents and Printing Engineering System and Tools File System Find and Organize Fundamentals Internet Explorer (including IE 8 down-level) International Kernel & VM Media Center Networking — Core Networking — Enterprise Networking — Wireless Security User Interface Platform Windows App Platform"
      http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=software_development&articleId=9112963&taxonomyId=63&intsrc=kc_top
      + -
       [+] submission, it, quickies
      Posted by timothy on Tuesday August 19, @11:26AM
      from the oh-that-hurts dept.
      Ashik Ratnani writes with this snippet from Hungry Hackers: "A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers' conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the tool, is planning to release it in two weeks."
      + -
       [+] story, it, security, google, communications, encryption, privacy
      Posted by CmdrTaco on Monday August 18, @05:11PM
      from the my-password-is-pass1234 dept.
      whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using certificates, instead of OTP tokens, for second-factor authentication can increase the security of your SSL VPN against these new types of attacks."
      + -
       [+] story, it, security,

        What Data Security Law Requires of IT[->] 2008-08-18 13:37 snydeq

      Submitted by snydeq on Monday August 18, @01:37PM
      snydeq writes "Data security law is fast shifting the blame for data breaches onto IT, codifying this shift with a complex blend of laws and regulations that could result in grave legal consequences should your organization suffer a breach. Data security lawyer Thomas J. Smedinghoff outlines the complex, evolving framework of regulations governing IT security, including emerging standards for defining IT's duty to provide security and its obligation to disclose data breaches to those whose information may have been compromised. Much of this framework is being shaped by 'IT negligence' court cases over 'reasonable' security — a constantly morphing yardstick that affects any organization that touches sensitive data, partners with other organizations, or represents privacy practices to the public in any form."
      http://www.infoworld.com/article/08/08/18/34FE-data-security-legal-obligations_1.html
      + -
       [+] submission, it, security
      Posted by kdawson on Saturday August 16, @08:31PM
      from the clear-program-take-note dept.
      rsk writes "Keyczar is an encryption toolkit born out of the Google Security Team and released under the Apache 2 license. Keyczar's purpose is to make managing encryption of secured data much easier than it has been, with the following features: a simple API; key rotation and versioning; safe default algorithms, modes, and key lengths; automated generation of initialization vectors and ciphertext signatures; Java and Python implementations (C++ coming soon); and international support in Java (Python coming soon). The example on the website is only 2 lines long, and a more fully worked out example is also provided for folks wanting to get started 'for reals.'"
      + -
       [+] story, it, encryption, programming, google, slashvertisement
      Posted by Soulskill on Saturday August 16, @02:03AM
      from the excellent-use-of-judicial-resources dept.
      jvatcw writes "The Boston subway hack case has exposed a familiar rift in the security industry over responsible disclosure standards. Many see the temporary restraining order preventing three MIT undergrads from publicly discussing vulnerabilities they discovered in Boston's mass transit system as a violation of their First Amendment rights. Others, though, see the entire episode as yet another example of irresponsible, publicity-hungry security researchers trying to grab a few headlines." We discussed the temporary restraining order last weekend, and later the EFF's plans to fight it. CNet reports that another judge has reviewed the order and left it intact. Reader canuck57 contributes a related story about recent comments by Linus Torvalds concerning his frustration over the issue of security disclosure.
      + -
       [+] story, it, security, censorship, court, disclosure, freeasinspeech
      Posted by ScuttleMonkey on Friday August 15, @02:47PM
      from the money-can't-buy-happiness-but-it-can-rent-it dept.
      snydeq writes "ISO and IEC gave OOXML the greenlight after organization leaders rejected appeals from four countries to protest the vote that approved OOXML as a standard. According to an ISO press statement, appeals by the national bodies of Brazil, India, South Africa and Venezuela did not garner support from two-thirds of the members of the ISO Technical Management Board and IEC Standardization Management Board, which is required by ISO/IEC rules to keep the appeals process alive."
      + -
       [+] story, it, microsoft, fail, greed, corruption

        IT: Where Has All My Spam Gone? 2008-08-15 10:10

      Posted by kdawson on Friday August 15, @10:10AM
      from the yesterday-upon-the-stair dept.
      An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"
      Posted by timothy on Thursday August 14, @07:42PM
      from the oxygen-delivery-plans-on-hold dept.
      Loopback writes "It appears that I'm not the only one waiting for my NetFlix movies. It seems they are being bitten in the rear by their home-grown proprietary inventory management system. 'Netflix has been facing shipping delays and outages in its distribution centers for the last two days and is fumbling to find a fix. The tab is roughly $1.8 million to $3.6 million in revenue a day.'"
      + -
       [+] story, it, bug, business, entertainment, money, misleading
      Posted by samzenpus on Thursday August 14, @07:59AM
      from the get-out-of-jail-free dept.
      Ashlynne9423 writes "A report by the Center for American Progress and the Center for Democracy and Technology has found there is too little action being taken against online criminals, despite rising consumer concern about online safety. The report found that state officials were spending only 40 per cent of case time investigating online fraudsters, preferring instead to concentrate on higher profile solicitation and pornography cases."
      + -
       [+] story, it, security, court, fraud, government, usa
      Posted by samzenpus on Wednesday August 13, @08:26PM
      from the one-password-when-you're-born dept.
      narramissic writes "We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"
      + -
       [+] story, it, security, !news, oldnews, noduh