Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Backdoor Discovered In Atlassian Crowd 133

Posted by timothy from the your-gate-is-up dept.
An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell: Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation 'invariably' results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems."

Submission + - Google converts links sent via Google Chat to referral links 1

Submitted by MotorMachineMercenar
MotorMachineMercenar writes: Google has apparently introduced a new feature to track user behavior in the revamped Google Chat, called Hangouts.

A friend of mine sent me a link, incidentally about an MIT study about the futility of folio hats in blocking the thought police. I use Chrome for Gmail, but being the folio-hat -wearing type, I do all my other browsing in a tightly locked down FF. I copy-pasted the link to FF, and noticed that there was flash of a Google URL before it went to the right URL.

After pasting the link to a note, I noticed it's a Google referral link, similar to the ones most (all?) links on Google search are — in case you weren't aware. So now Google knows who sent what link to whom. The only way around that is to select the entire link, and copy the text.

Now, I'm aware that by definition of me being on a Google platform they implicitly know our conversations. But the fact that they bother to make a referral link means there is even more datamining going on behind the scenes than what we already knew of.
The Military

Apple Mobile Devices Cleared For Use On US Military Networks 94

Posted by timothy from the siri-what's-the-best-way-to-launch-a-nuclear-missile? dept.
puddingebola writes with this excerpt from a Bloomberg report: "The Pentagon cleared Apple Inc. (AAPL) devices for use on its networks, setting the stage for the maker of iPhones and iPads to compete with Samsung Electronics Co. and BlackBerry for military sales. The Defense Department said in a statement [Friday] that it has approved the use of Cupertino, California-based Apple's products running a version of the iOS 6 mobile platform. The decision eventually may spur a three-way fight for a market long dominated by Waterloo, Ontario-based BlackBerry.'" Also, Apple devices are best for uploading viruses to alien craft.

Submission + - BlackBerry Q10 Review - The Return of the Qwerty Keyboard (ibtimes.co.uk)

Submitted by AlistairCharlton
AlistairCharlton writes: It might not be the Jack of all trades, but instead everything it does, it does brilliantly. BlackBerry World still needs more headline apps — Instagram, for a start — but otherwise if you are looking for a smartphone with a keyboard, or simply an impressive phone without the distractions and excess polish of a Samsung Galaxy or iPhone, the Q10 could be for you.
Blackberry

Pentagon Approval of iOS and Samsung KNOX Is Bad News for BlackBerry 49

Posted by Soulskill from the slicing-up-that-sweet-taxpayer-pie dept.
rjupstate writes "The Pentagon is quickly moving to approve the latest devices and platforms from BlackBerry, Samsung, and Apple. That's good news for two of those companies. It's not-so-good news for BlackBerry. 'The Pentagon currently has about 600,000 smartphone users – almost all using BlackBerrys – but ultimately aims to have as many as 8m smartphones and tablets, under the terms of a scheme made public last November.' 'In its effort to expand into the high security government niche, one that BlackBerry has enjoyed near singular control of for years, Samsung recently created a government advisory board made up of Samsung executives and security experts from various U.S. and foreign government security agencies. ... In the end, the program will likely elevate that status of both Apple and Samsung within military and civilian government agencies in the U.S. and other western countries.'"
DRM

New Console Always-Online Requirements and You 435

Posted by Soulskill from the only-you-can-prevent-forest-fires-and-terrible-DRM dept.
An anonymous reader writes "The new Xbox is almost here and the details appear to strongly suggest 'always on' is the way forward. We all know that this is an artificial requirement and certainly there are plenty of people on all sides of the table. To paraphrase the user 'tuffy' who commented on this issue at Ars Technica recently; if you're trying to sell 'always online' as a feature of the future, there needs to be some benefit for me the customer. There is not one. Or, rather, there is no sign yet of any actual clearly compelling reason why any end user would support this limitation to their purchase. So, what's the best way to express this? Spend your money on an Ouya? Contact the Xbox team? These are all valid options but they also lack visibility. What we need is a way that could help actually quantify the levels of discontent in the gamer community. Maybe E3 attendees could turn their backs in protest like some did during Thatcher's funeral procession. Or gamers could sign some useless petition. What do Slashdotters think? Is the upcoming Steam box a reasonable plan? As a gamer, I'm of two minds about the whole thing. I really don't like it but I may roll over eventually and join the herd because I could get used to it. Then again part of me is rankled by this slow erosion of access to me and my data."
Google

Eric Schmidt: Google Glass Critics 'Afraid of Change,' Society Will Adapt 331

Posted by Soulskill from the didn't-they-say-the-same-about-the-segway dept.
curtwoodward writes "Eric Schmidt came to Harvard this week to discuss his new book, but many students really wanted to know more about the implications for privacy and social interaction once Google Glass starts hitting the market. Schmidt cautioned against jumping to the worst conclusions, saying that society always tends to adapt to new technologies — and he's hoping for etiquette rather than government regulation. Of course, that's what you would say if you used to run a company that has been fined and paid settlements to regulators for the way it scoops up data and tracks users. But Schmidt also doesn't have much patience for critics: 'Criticisms are inevitably from people who are afraid of change, or who have not figured out that there will be an adaptation of society.'"
Security

Submission + - Password hacking 101 (arstechnica.com) 1

Submitted by RNLockwood
RNLockwood writes: Ars Technica published an article about password hackingin which the author explained how he learned to hack passwords using the most simple tools available to a neophyte. Hacker who do this for profit use lists of hashed passwords and user name that have been 'liberated' from companies and sold or posted at certain websites. Longer passwords grow exponentially harder to crack than short ones(it takes much, much, longer) but computing power increases much more slowly. At my work we have several passwords and the one with the most stringent requirements must be exactly 12 characters long, have upper and lower case, etc., must be changed every two months, and can't be repeated for a 24 password cycle. It's difficult to create acceptable passwords that both meet the requirements and can be remembered.
Communications

Russian FSB Can Reportedly Tap Skype Calls 136

Posted by Soulskill from the in-soviet-russia-skype-calls-on-you dept.
An anonymous reader writes "Previous reports of a Microsoft provided backdoor to Skype has been unconfirmed. However, there are now reports that Russian federal security service FSB is able to tap call and locate users. 'FSB and the Internal Affairs Ministry (MVD) have been capable to wiretap and locate Skype users for some years already, reported Vedomosti on Thursday [Google translation of Russian original]. The newspaper is citing experts on information security. "Special services have been capable for several years not only to wiretap but also to locate a Skype user. That's why, for instance, employees of our company are forbidden to discuss business-related topics on Skype," General Director of Group-IB, Ilya Sachkov, says to Vedomosti. "After Microsoft acquired Skype in May 2011, it updated the software with technology allowing legitimate wiretapping," says Maksim Emm, Director of Peak Systems.'"
Businesses

Why Do You Want To Kill My Pet? Zynga Shuts Down PetVille, 10 Others 377

Posted by timothy from the to-virtually-dissect-and-eat-it dept.
Dr Herbert West writes "Executing the cost-reduction plan CEO Mark Pincus announced in November, Zynga has shut down, pulled from the app stores, or stopped accepting new players to more than 10 games such as PetVille, Mafia Wars 2, FishVille, Vampire Wars, Treasure Isle, Indiana Jones Adventure World, Mafia Wars Shakedown, Forestville, Montopia, Mojitomo, and Word Scramble Challenge. Comments from gamers on the shutdown notices included things like 'my daughter is heartbroken' and 'Please don't remove petville. I been playing for 4 yrs. and I'M going to miss my pet Jaime.why do you want cause depression for me and others. Why do you want to kill my pet?' For players that have invested a lot of microtransactions and/or time, this comes as a heavy blow."
Google

YouTube Drops 2 Billion Fake Music Industry Views 167

Posted by samzenpus from the cure-for-bieber-fever dept.
An anonymous reader writes "YouTube has dropped 2 billion fake music industry views and their offending videos. From the article: 'Google made good on its promise to weed out views inflated by artificial means last week, according to Daily Dot. Record company sites impacted included titans like Universal Music Group, which reportedly lost 1 billion of its 7 billion views, and Sony, who lost 850 million views. The cuts affected marquee names like Rhianna, Beyonce and Justin Bieber. YouTube said in a statement that the figures had been deliberately, artificially inflated. 'This was not a bug or a security breach. This was an enforcement of our view count policy,' the company, which is owned by Google, wrote.'"
Databases

Ask Slashdot: Which OSS Database Project To Help? 287

Posted by Soulskill from the flip-a-coin-or-flip-a-table dept.
DoofusOfDeath writes "I've done a good bit of SQL development / tuning in the past. After being away from the database world for a while to finish grad school, I'm about ready to get back in the game. I want to start contributing to some OSS database project, both for fun and perhaps to help my employment prospects in western Europe. My problem is choosing which OSS DB to help with. MySQL is the most popular, so getting involved with it would be most helpful to my employment prospects. But its list of fundamental design flaws (video) seems so severe that I can't respect it as a database. I'm attracted to the robust correctness requirements of PostgreSQL, but there don't seem to be many prospective employers using it. So while I'd enjoy working on it, I don't think it would be very helpful to my employment prospects. Any suggestions?"

Slashdot Top Deals

To restore a sense of reality, I think Walt Disney should have a Hardluckland. -- Jack Paar

Close