Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Yahoo! Mail Compromised - Users Urged to Change Passwords Immediately (tumblr.com) 1

Submitted by MAXOMENOS
MAXOMENOS writes: Today Yahoo! announced via their Tumblr page that Yahoo! Mail was hacked, and advised their users to change their passwords immediately. Quoting:

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

Comment Re:On the contrary: (Score 1) 276

I assume by "salt" you guys are referring to a different salt per session (a.k.a. a nonce).

If you really mean just an ordinary salted hash, then you still haven't changed anything - the salted hash is the "real" password, and any intermediary or eavesdropper can see it.

If you're talking about a nonce, then yes, now you're protected from eavesdropping - but the machine doing the verification needs to have your secret available in cleartext. This requires that you have a locked-down verification server probably separate from your application server.

Contrast this situation with a cryptographic system: The server stores your public key. When you attempt to connect, the server provides you with a nonce. You encrypt with your private key. The server can verify your connection, and your secret is never stored or seen by anyone except yourself. Nothing that the server has visiblity of, nor anything overheard in transit can be used to impersonate you in the future.

Comment Re:Approximately 10% of the votes (Score 1) 41

by stoborrobots (#46032275) Attached to: Data Analysts Attempt To Predict World's Largest Music Vote, Again

Yeah, I never knew myself. When I looked for the stats from last year, I found this article, claiming 187,975 voters casting 1,516,765 votes. Since I didn't know which number would reflect what they were collecting, I looked at #hottest100 on twitter to see what kind of images people were sharing. The ones I found looked like http://instagram.com/p/jX3m6pMTsy/, https://twitter.com/andrewyesterday/status/424445352557547520/, and https://twitter.com/Natalia_Cooper9/status/424770515027623936/, so I assumed the 187k number was the correct comparison...

Comment Re:Headline roundup? (Score 1) 47

by stoborrobots (#46010367) Attached to: Building An Uncensorable Course Guide At Yale

I think we're in agreement, where the issue you reference is the agenda I reference. There's every possibility that it's valid.

I guess you could be suggesting that there's an issue with the browser extension which does not apply to the infringing site - admittedly, that is a possiblity.

But if Yale goes after the browser extension, they have to give a reason for that. If it does not apply to site, then we simply repeat the process - create a method for browsing the Yale site in the manner we prefer, which does not trigger either of the known complaints, and then wait to see what complaint they bring against it, if any...

Submission + - Why are most spam reports from Yahoo Mail? (logdown.com)

Submitted by lulalala
lulalala writes: I manage my company's email activities. I have observed that 90% of the email spam reports comes from Yahoo Mail, and 80% of those are reported from registration emails. I have always thought this was due to the UI design leading people to click the spam button by accident. However recently I discovered that, my users were actually clicking the "not spam" button, but that generates a spam report instead. This Yahoo Mail bug has been there for months, but it's not fixed and there is no easy way to contact Yahoo dev team about it. Are you observing similar strange patterns in your company's spam mail reports?

Comment Re:similar (Score 1) 119

by stoborrobots (#46009461) Attached to: Nagios-Plugins Web Site Taken Over By Nagios

I agree with your perspective. Unfortunately, the other details muddy the water:

The Nagios project on sourceforge was set up in May 2001.

The Nagios Plugins project on sourceforge was set up in June 2001.

The owner of the Nagios project later went on to create Nagios Enterprises and register the trademark.

So while the enterprise didn't exist back then, it is the successor of the project which was using the name first...

Comment Re:Headline roundup? (Score 1) 47

by stoborrobots (#46008911) Attached to: Building An Uncensorable Course Guide At Yale

Could someone contribute an executive summary?

Yale had it's own ratemyprofessor implementation, which only displayed each course's scores separately, never comparing them.

Some students decided that it would be good to see the scores side-by-side, so they built a site that allowed comparisons of the data (by scraping the original site).

Two years later, Yale decided that they didn't like the comparison site, and blocked its IP so it couldn't scrape the data.

Although the reason for Yale not liking the site is alleged to be because it makes comparisons easy, Yale is claiming that the block is for protection of their copyright material.

So someone with suitable skills built the equivalent functionality as the banned site into a browser extension, which therefore has no copyright implications (since the data is never scraped/served by another server), and is harder to block (since the server doesn't know which students are using the extension).

The idea is that if the only issue was one of copyright, the browser extension is fine. And if Yale challenges the browser extension, then they clearly have some agenda which is not about copyright.

Submission + - Code.org: Give Us More H-1B Visas or The Kids Get Hurt

Submitted by theodp
theodp writes: Fresh off their wildly-hyped Hour of Code, Code.org headed to Washington last Thursday where H-1B visas were prescribed as the cure for U.S. kids' STEM ills. The availability of computer science to all kids is an issue that warrants immediate and aggressive action," Code.org told Congress. "Comprehensive immigration reform efforts that tie H-1B visa fees to a new STEM education fund,' suggested Code.org co-founder Hadi Partovi, is "among the policies that we feel can be changed to support the teaching and learning of more computer science in K-12 schools. We hope you can be allies in our endeavors on Capitol Hill." Also testifying with Partovi was inventor and US FIRST founder Dean Kamen, who also pitched the benefits of H-1B visas. "We strongly encourage Congress to pass legislation that directs H-1B visa fees to enable underserved inner-city and rural schools to participate in FIRST," Kamen testified. "Specifically, these fees should support efforts to enable underserved inner-city and rural schools to participate in FIRST."

Submission + - Canadian government trucking generations of scientific data to the dump (thestar.com)

Submitted by sandbagger
sandbagger writes: Canada's scientific libraries are literally being taken to the dump. The norther nation's scientific community has been up in arms over the holidays as local scientific libraries and records offices were closed and their shelves — some of which contained century old data — emptied into dumpsters. Stephen Harper's Tory government is claiming that the documents have been digitized. Where the Hell do we protest?

Slashdot Top Deals

Computers are useless. They can only give you answers. -- Pablo Picasso

Close