Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Encryption

Submission + - What Really Breaks SSL? (net-security.org)

Submitted by Orome1
Orome1 writes: For an average web site, the security of the communication channel is rarely compromised by attackers using advanced exploitation techniques. On the contrary, the compromises virtually always come from the flaws in the way SSL is deployed. These problems are created by those implementing and maintaining web sites. And, in most cases, they can relatively easily be fixed. In the most recent round of SSL research, SSL Labs focused on programming and deployment errors that compromise SSL security even when SSL is properly configured, with strong cryptographic primitives and up-to-date libraries.
Apple

Submission + - Macs More Vulnerable Than Windows for Enterprise (theregister.co.uk)

Submitted by sl4shd0rk
sl4shd0rk writes: At a Black Hat security conference in Las Vegas, researches presented exploits on Apples DHX authentication scheme which can compromise all connected Macs on the LAN within minutes. “If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes,” Stamos said. Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure.
Patents

Submission + - Patent Troll Lawyer Sanctioned: Extortion Tactics (techdirt.com)

Submitted by Anonymous Coward
An anonymous reader writes: For all the stories of patent trolls and copyright trolls, there haven't been too many stories of either being sanctioned for abusive or extortion-like practices... until now. The Court of Appeals for the Federal Circuit (one level below the Supreme Court) has approved over $600,000 in sanctions against a lawyer for a patent troll, saying that filing over a hundred lawsuits, each of which was followed up almost immediately with offers to settle at fees much cheaper than it would cost to fight, has the "indicia of extortion." Now if only judges started doing that more often.
Idle

Submission + - Drug Catapult Found at US-Mexico Border (foxnews.com) 2

Submitted by suraj.sun
suraj.sun writes: Drug smugglers trying to get marijuana across the Arizona-Mexico border apparently are trying a new approach — a medieval catapult, capable of launching 4.4 pounds of marijuana at a time.

National Guard troops operating a remote video surveillance system at the Naco Border Patrol Station say they observed several people preparing a catapult and launching packages over the International Border fence last Friday evening.

The 3-yard tall catapult was found about 20 yards from the U.S. border on a flatbed towed by a sports utility vehicle, according to a Mexican army officer with the 45th military zone in the border state of Sonora.

http://www.foxnews.com/us/2011/01/26/drug-catapult-mexico-border/

Submission + - 100 P2P users create 75% of BitTorrent traffic (thinq.co.uk)

Submitted by Stoobalou
Stoobalou writes: A study carried out at a university in Spain has discovered that just 100 hard-core users are responsible for three quarters of the traffic on popular file-sharing portals.

Researchers at the Carlos III University of Madrid say they have developed a tool which exposes "the name of the user who published the content, his/her IP address (which provides the user’s city, country and the service provider’s name) and the IP address of those users who later used the BitTorrent application to download the contents".

Perhaps the most surprising result of the research is that a hard core of around 100 regular users are responsible for 66 per cent of the uploads, or content published, as well as a whopping 75 per cent of all downloads.

Submission + - RIAA Threatens ICANN with lawsuit (icann.org)

Submitted by think_nix
think_nix writes: A letter from Victoria Sheckler, Deputy General Counsel the RIAA to ICANN threatens to sue ICANN over the future implementation of the .music gTLD if certain "measures" are not met by ICANN in compliance with the RIAA. The letter states and points out such concerns as 'Community Objections', 'Lack of Transparency' , and 'Malicious Conduct' the reasons of concern from the RIAA.

As noted above, we are concerned that a music themed gTLD will be used to enable wide scale copyright and trademark infringment
Google

The Ambiguity of "Open" and VP8 Vs. H.264 493

Posted by CmdrTaco from the devil-in-the-details dept.
An anonymous reader writes "With all the talk about WebM and H.264, how the move might be a step backwards for openness, and Google's intention to add 'plugins' for IE9 and Safari to support WebM, this article attempts to clear misconceptions about the VP8 and H.264 codecs and how browsers render video. Firefox, Opera and Google rely on their own media frameworks to decode video, whereas IE9 and Safari will hand over video processing to the operating system (Windows Media Player or QuickTime), the need for the web to establish a baseline codec for encoding videos, and how the Flash player is proprietary, but implementation and usage remain royalty free."
The Media

The Guardian's Complicated Relationship With Julian Assange 237

Posted by timothy from the it's-complicated dept.
Sonny Yatsen writes "Vanity Fair has published an interesting behind-the-scenes look at the unlikely and tumultuous working relationship between WikiLeaks' Julian Assange and The Guardian as the Iraq War Logs were being published. The piece highlights the differences and conflicts between the Guardian's journalistic standards and WikiLeaks' transparency. Particularly interesting is the revelation that Julian Assange threatened to sue The Guardian if they publish a portion of Iraq War Logs leaked to them by a disgruntled WikiLeaks volunteer, claiming 'he owned the information and had a financial interest in how and when it was released.'"
Communications

Why Creators Should Never Read Their Forums 221

Posted by Soulskill from the lalala-i-can't-hear-you dept.
spidweb writes "One full-time Indie developer writes about why he never goes to online forums discussing his work and why he advises other creators to do the same. It's possible to learn valuable things, but the time and the stress just don't justify the effort. From the article, 'Forums contain a cacophony of people telling you to do diametrically opposite things, very loudly, often for bad reasons. There will be plenty of good ideas, but picking them out from the bad ones is unreliable and a lot of work. If you try to make too many people happy at once, you will drive yourself mad. You have to be very, very careful who you let into your head.'"
Idle

Submission + - Kindergartens ordered to pay copyright for songs (dw-world.de)

Submitted by BBird
BBird writes: Deutsche Welle reports — up until this year, preschools could teach and produce any kind of song they wanted. But now they have to pay for a license if they want children to sing certain songs.
Security

4chan Has Been DDOSed 710

Posted by CmdrTaco from the happens-to-everyone dept.
An anonymous reader writes "According to the 4chan status page all of the 4chan boards have been DDOSed and are down."
Security

Submission + - d0z.me: The Evil URL Shortener (spareclockcycles.org)

Submitted by supernothing
supernothing writes: DDoS attacks seem to be in vogue today, especially considering the skirmishes over Wikileaks in the past few weeks. The size of a DDoS attacks, however, has historically been limited by how many computers one has managed to recruit into a botnet. These botnets almost universally require code to be executed on the participants' local systems, whether they be willing or unwilling. A new approach has been emerging recently, however, which uses some simple Javascript to achieve similar ends. d0z.me is a new service that utilizes these techniques, but provides a unique twist on the idea. Posing as a legitimate URL shortening service, it serves users the requested pages in an iframe, while simultaneously participating in a DDoS attack in the background. No interaction is required beyond clicking the link and staying on the page. This makes it relatively trivial to quickly mount large scale DDoS attacks, and affords willing participants plausible deniability in the assault. Full writeup here.

Slashdot Top Deals

All I ask is a chance to prove that money can't make me happy.

Close