Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security

GMail Vulnerable To Contact List Hijacking 139

Posted by Hemos from the in-special-circumstances dept.
Anonymous Coward writes "By simply logging in to GMail and visiting a website, a malicious website can steal your contact list, and all their details. The problem occurs because Google stores the contact list data in a Javascript file. So far the attack only works on Firefox, and doesn't appear to work in Opera or Internet explorer 7. IE6 was un-tested as of now."
The Internet

Wikipedia Blocks Qatar [Updated] 204

Posted by Hemos from the the-law-of-unintended-consequenceas dept.
GrumpySimon writes "Wikipedia has blocked the entire country of Qatar from editing pages. Whilst the ban is due to spam-abuse coming from the IP address in question, the fact that this belongs to the country's sole high-speed internet provider has the unintended consequence of stopping Qataris from editing the wiki. The ban has raised concerns about impartiality — the majority of Al Jazeera journalists operate out of Qatar, for example. This raises a number of issues about internet connectivity in small countries — what other internet bottlenecks like this exist?" Update: 01/02 13:32 GMT by Z : Jim Wales wrote in the comments that the story is 'completely false'. Either way, the ban has been lifted and anonymous editing is once again possible from Qatar.
Microsoft

Submission + - A Cost Analysis of Windows Vista Content Protectio

Submitted by Anonymous Coward
An anonymous reader writes: Peter Gutmann's article featured in latest Risks digest. See http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_c ost.txt for review of Vista's DRM protection. Executive Summary — Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry.
Security

Submission + - Banks need to boost web-based security

Submitted by
oKAMi-InfoSec
oKAMi-InfoSec writes: "Banks will be instituting a variety of new identification and authorization methods in 2007. This article by Sherry Slater covers many of the ways and means that banks will be beefing up their security, apparently in response to guidelines issued by the Federal Financial Institutions Examination Council. Some methods of choice include:
  • Pictures and phrases chosen by the user and displayed when they login — to prevent phishing attacks
  • Identifying the user's computer(s) based on unique identifiers — to prove the user's identity
  • Use of an expanded selection of questions- to prove the user's identity
  • Use of transaction tracking software — to red flag suspicious activity
  • One-time passwords — to authorize especially large transactions
The second to last paragraph was probably the most pertinent: 'No amount of security and software on the bank’s part can make up for carelessness on customers’ parts, however.'"
Security

Submission + - InfoSec Spending Up AND Down by 2008

Submitted by
oKAMi-InfoSec
oKAMi-InfoSec writes: "Research firm Gartner, predicts, in this article by Sandra Rossi, that organizations with a high level of information security practice can reduce their spending on infosec to only 3 to 4 percent of their overall IT budget by 2008. Organizations that have underspent or inefficiently secured their systems, however, may need to spend over 8 percent of their IT budget on infosec.

Gartner goes on to explain that most information security problems have viable solutions available, but lack an efficient and effective implementation that would enable organizations to focus on emerging threats.

Rich Mogull of Gartner indicates that it is not merely about "security", it is about "security process", implying that security is not just a technology problem, it is a legitimate business issue and must be handled as such, including the requisite executive attention.

Where will this money be spent: Gartner predicts that some more mature technologies, such as spam filtering are moving toward broad usage and less mature technologies, such as biometrics are more than a decade away.
Compliance with government and industry regulations also take a big hit out of the infosec budget."
Spam

HTML Encoded Captchas 177

Posted by kdawson from the type-this dept.
rangeva writes to tell us about a twist he has developed on the common Captcha technique to discourage spam bots: HECs encode the Captcha image into HTML, thus presenting an unsolved challenge to the bots' programmers. From the writeup: "The Captcha is no longer an image and therefore not a resource they can download and process. The owner of the site can change the properties of the Captcha's HTML, making it unique,... add[ing] another layer of complication for the bot to crack." HECs are not exactly lightweight — the one on the linked page weighs in at 218K — but this GPL'd project seems like a nice advance on the state of the art.
Space

Submission + - Mars Rovers get software upgrade

Submitted by
cheros
cheros writes: "The Mars Rovers are unexpectedly working much longer than expected (well, they DO use Linux :-) so NASA has decided to give them revised software.

From the article:
The unexpected longevity of Spirit and Opportunity is giving the space agency a chance to field-test on Mars some new capabilities useful both to these missions and future rovers. Spirit will begin its fourth year on Mars on Jan. 3 (PST); Opportunity on Jan. 24. In addition to their continuing scientific observations, they are now testing four new skills included in revised flight software uploaded to their onboard computers.

Hats off to NASA for something that robust..

= Ch ="
Java

Submission + - Got MyEclipseIDE?

Submitted by
nfets
nfets writes: "I've been a Java/J2EE Consultant for over 8 years now and I've been a MyEclipse subscriber since approximately 1993. I am always impressed in how fast MyEclipse kept up with the version of Eclipse and Eclipse plugins being released. New technologies emerge all the time and before you could think about it, the tools you love to use is already integrated on their next beta and eventually GA release. more..."
Data Storage

Submission + - A file system best suited for archival storage?

Submitted by
Amir Ansari
Amir Ansari writes: "There have been many comparisons between various archival media (hard drive, tape, magneto-optical, CD/DVD, etc.). Of course, the most important characteristics are permanence and portability. But what about the file systems involved? For instance, I routinely archive my data onto an external hard drive: easy to update and mirror. But which file system provides the best combination of reliability, future-proofing, data recovery, and availability across multiple platforms? (In my case, Linux, OS X, BeOS/Zeta and Windows.) Open Source best guarantees the future availability of the standard and specification, but are file systems such as ext2 suitable for archival storage? Is journalling important, or do frequent write operations compromise the physical medium?"
It's funny. Laugh.

Submission + - New Years Resolutions

Submitted by NewToNix
NewToNix writes: It's gotta be a slow enough news day to get this accepted... all it needs to do is slip past the lameness filter...

So what are your new years resolutions?

Here's one of mine: Get Slashdot to add a 'Slow News Day' Section and Topic on the Slashdot Story Submissions page.

And here's one I saw over on Technocrat (from a BadVista post apparently).

New Year Resolutions:

1. Renew my FSF membership.

2. Get at least one new person to Join the FSF.

3. Help at least 2 people become 100% free from Microsoft software.

4. Explain what DRM and TC are to at least 4 people (and I mean really be effective at explaining how this affects them).

5. Give away at least 8 'Live' GNU/Linux Cd's — and take the time to sit with each person the first time they try it out (there is nothing like a personal bit of supplying 'helpful tips').

Now there are 5 really easy resolutions to keep. You can add more, and I'd encourage everyone to do even more to promote GNU/Linux and the FSF.

BUT, think what a change we all could make if each of us did just these 5 simple things in 2007.

I hope you will share my resolutions (and also keep them) in the coming year.

And to all, a very Happy New Year!


So OK, Slashdot, what are your big resolutions for 2007?
Microsoft

Submission + - Microsoft "in-car" deal with ford

Submitted by Anonymous Coward
An anonymous reader writes: Microsoft is teaming up with Ford to offer in-car connectivity. Apparently this will be based on Bluetooth allowing hook-up of "iPod[s] or cellular telephones" in a market Microsoft "has long wanted to enter". Yeah right. More me-too-ism from Seattle.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close