Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Google Fixes Credit Card Security Hole, But Snubs Discoverer 127

Posted by timothy from the and-that's-the-thanks-I-get dept.
Frequent contributor Bennett Haselton writes: "Google has fixed a vulnerability, first discovered by researcher Gergely Kalman, which let users search for credit card numbers by using hex number ranges. However, Google should have acknowledged or at least responded to the original bug finder (and possibly even paid him a bounty for it), and should have been more transparent about the process in general." Read on for the rest of the story.
Advertising

SourceForge Appeals To Readers For Help Nixing Bad Ad Actors 198

Posted by timothy from the please-don't-punch-the-monkey dept.
Last week, we mentioned that the GIMP project had elected to leave SourceForge as its host, citing SourceForge's advertising policies. SourceForge (which shares a parent company with Slashdot) has released a statement about those policies, addressing in particular both ads that are confusing in themselves and their revenue-sharing system called DevShare, based on the provision of third-party software along with users' downloads. Among other things, the SF team is appealing to users to help them find and block misleading ads, and has this to say about the additional downloads: "The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps, all offers are fully disclosed, and the clear option to completely decline the offer is always available. All uninstallation procedures are exhaustively documented, and all third party offers go through a comprehensive compliance process to make sure they are virus and malware free."
United Kingdom

UK MPs: Google Blocks Child Abuse Images, It Should Block Piracy Too 348

Posted by timothy from the blacklist-provided-by-democracy dept.
nk497 writes "If Google can block child abuse images, it can also block piracy sites, according to a report from MPs, who said they were 'unimpressed' by Google's 'derisorily ineffective' efforts to battle online piracy, according to a Commons Select Committee report looking into protecting creative industries. John Whittingdale MP, the chair of the Committee — and also a non-executive director at Audio Network, an online music catalogue — noted that Google manages to remove other illegal content. 'Google and others already work with international law enforcement to block for example child porn from search results and it has provided no coherent, responsible reason why it can't do the same for illegal, pirated content,' he said."
IOS

Apple Starts Blocking Unauthorized Lightning Cables With iOS 7 663

Posted by timothy from the there-there's-smoke dept.
beltsbear writes "Your formerly working clone Lightning cable could stop working with the latest iOS update. Previously the beta version allowed these cables to charge with a warning message but the final release actually stops many cables from working. Apples Lightning connector system is locked with authentication chips that can verify if a cable is authorized by Apple. Many users with clone cables are now without the ability to charge their iPhones."
Privacy

Huffington: Trolls Uglier Than Ever, So We're Cutting Off Anonymous Commenting 582

Posted by samzenpus from the naming-names dept.
v3rgEz writes "The days of anonymous commenting on The Huffington Post are numbered. Founder Arianna Huffington said in a question-and-answer session with reporters in Boston Wednesday that the online news site plans to require users to comment on stories under their real names, beginning next month. 'Freedom of expression is given to people who stand up for what they’re saying and not hiding behind anonymity,' Huffington said."
Oracle

Oracle Sues Companies It Says Provide Solaris OS Support In Illegal Manner 154

Posted by timothy from the larry-may-I? dept.
alphadogg writes "Oracle is continuing to crack down on companies it claims are providing support services for its products in an illegal fashion. Last week, Oracle sued IT services providers Terix and Maintech, alleging they have 'engaged in a deliberate scheme to misappropriate and distribute copyrighted, proprietary Oracle software code' in the course of providing support for customers using Oracle's Solaris OS. Oracle's allegations are similar to ones it has made in lawsuits against other Solaris service providers, such as ServiceKey, as well as Rimini Street, which provides third-party support for Oracle and SAP applications."
News

Pepsi To Release New Breakfast Mountain Dew 362

Posted by samzenpus from the pretty-sure-it-was-already-a-morning-drink-for-many dept.
skade88 writes "Pepsi will release on Feb 28th a new breakfast Mountain Dew. The new drink called Kick Start is Mountain Dew mixed with fruit juice. It will come in two flavors, Citrus and Fruit Punch. 'Our consumers told us they are looking for an alternative to traditional morning beverages – one that tastes great, includes real fruit juice and has just the right amount of kick to help them start their days,' said Greg Lyons, Mountain Dew's vice president of marketing."
Games

Why Microsoft Got Into the Console Business 257

Posted by samzenpus from the origin-story dept.
An anonymous reader writes "Joachim Kempin, former vice president of Windows Sales, has explained how the original Xbox came to be. It turns out it was Sony's fault, simply because the Japanese company wasn't very friendly towards Microsoft, and Microsoft eventually decided they had to 'stop Sony.' Apparently, long before the Xbox was even an idea, Microsoft was trying to collaborate with Sony in a number of areas they thought there was overlap. That collaboration was sought before even Sony had a games console coming to market, and would have focused on products for the entertainment sector."

Comment Re:A more detailed proposal ... (Score 1) 336

by Frater 219 (#42393007) Attached to: You're Being DDOSed — What Do You Do? Name and Shame?

Sure, I know and like DNSBLs including Spamhaus's, but this is a distinct application from XBL. Specifically, removal needs to be rapid in order for it to be useful for rejecting customer Web traffic. That's an engineering requirement that email anti-spam systems don't have, since SMTP is designed to retry for days if necessary to get a message through. Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests; and even though email admins are frequently dense, unresponsive, or victim-blaming, they're still a level above typical users in knowing what the fuck is going on with their computer.

One approach would be to have each DDoS victim continually (e.g. every hour) assert which addresses were attacking it, and only list those addresses which are currently attacking. This way, as soon as a host stops attacking, it will drop off the list. This has weaknesses — for instance, an attacker can use your host all night while you're not using it, without you noticing — but it's still an improvement over what we have today. And it still depends on each subscribing site having a good enough backchannel to the listing service to stay open during the DDoS. Back in the day we'd do it with a dedicated modem line — the bandwidth requirements are really quite minimal — but nobody knows what that is any more.

Comment A more detailed proposal ... (Score 5, Interesting) 336

by Frater 219 (#42390849) Attached to: You're Being DDOSed — What Do You Do? Name and Shame?

Sites under DoS attack should publish (through a channel not congested by the attack) a list of the IP addresses attacking them, through some trustworthy third party. Then, other sites should subscribe to that list and refuse service to those addresses until they clean up and stop attacking.

For instance, consider your uncle who uses AOL. His computer is infected with botnet garbage and is participating in a DoS attack against (say) Slashdot. Slashdot sends a list of attacking IPs, including your uncle's, to Team Cymru (the third party). Cymru aggregates these and publishes a list, updated every three hours. AOL subscribes to that list. When your uncle goes to check his AOL email, he gets an error: "We regret to inform you, your computer has been hacked, and is being used by criminals to break the Internet. You can't get to your AOL email until you kick the criminals off by installing an antivirus program and running a full scan. Click here to install Kaspersky Antivirus for free. Thank you for helping keep criminals from breaking everyone's Internet. Sincerely, Tim Armstrong, CEO, AOL."

Then your uncle gets mad and calls up AOL and complains. They try walking him through using the antivirus program, but he just curses them out and says he'll go to Hotmail instead. He tries ... but Hotmail also subscribes to the same list and tells him the same thing: "Your computer is infected with malware and is being used to attack other sites on the Internet. You cannot obtain a Hotmail account until your computer is clean. Click here to install Microsoft Antivirus." He gives up and calls AOL back, and they help him get his computer cleaned up. Within half an hour, it's off the botnet; and within three hours, it's off the list of attacking hosts, and your uncle can get his AOL email again.
Piracy

App Auto-Tweets False Piracy Accusations 231

Posted by Soulskill from the i'm-spartacus dept.
An anonymous reader writes "Certain iPhone and iPad applications from a Japanese company have broken software piracy detection mechanisms that are sending out tweets on the user's own Twitter account, saying, 'How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession.' The trouble is, it's sending these out on accounts of users who actually paid up to $50 or more for the software and who are legally using it. The app is asking for access to users' Twitter accounts, but does not give the reason why it is asking, so the author of the article concluded (rightly) that things were being done deliberately. Would you want your legally purchased software to send out messages to all of your contacts on Twitter or on other social networks saying that you were a software pirate? Would you excuse the writers of the software if it was just an error in their piracy detection measures?"
The Internet

The Pirate Bay Launches Free VPN 359

Posted by samzenpus from the vpn-ahoy dept.
bs0d3 writes "The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service. PrivitizeVPN is available for free from The Pirate Bay. Instead of earning revenue through subscription as ipredator does, PrivitizeVPN comes packaged to install the Babylon search bar (adware). PrivitizeVPN appears to be available for Windows users only at the moment. The Pirate Bay staff has a long history of promoting services that have no logs; e.g. , you can't get in trouble if your anonymized IP is subpoenaed by government officials. Although PrivitizeVPN is being released silently, with no press coverage, no official statement, and no comments from The Pirate Bay of any kind, people are assuming that PrivitizeVPN will have the same familiar data protection policies. A backup download location has been setup here for people who have limited access to the Pirate Bay domain."
Math

A New Glider Found For Conway's Game of Life 50

Posted by timothy from the also-a-new-number-between-11-and-12 dept.
An anonymous reader writes "Conway's Game of Life is now forty two years old, but it continues to inspire as well as being the basis of an actively researched field, with computer scientists now announcing they have found a new form of the famous 'glider' pattern (once suggested by Eric S Raymond as the insignia of computer hackers) that runs over a so-called Penrose universe."

Slashdot Top Deals

On the eighth day, God created FORTRAN.

Close