Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Need new compiler features (Score 1) 470

by valderost (#45274671) Attached to: How Your Compiler Can Compromise Application Security
Compilers ought to have switches that deliberately branch to the error cases they're trying to optimize away. Getting rid of a divide by zero? Force the error instead so it gets attention. Coder forgot to declare volatile variables? Make local static shadow copies of static variables for comparison at every reference. And so on. Development environments ought to be helping with this stuff, not confounding developers.
Privacy

Skype Hands Teenager's Information To Private Firm 214

Posted by Unknown Lamer from the but-we-were-friends dept.
New submitter andrew3 writes "Skype has allegedly handed the information of a 16-year-old boy to a security firm. The information was later handed over to Dutch law enforcement. No court order was served for the disclosure. The teenager was suspected of being part of a DDoS packet flood as a part of the Anonymous 'Operation Payback'." According to the article, Skype voluntarily disclosed the information to the third party firm without any kind of police order, possibly violating a few privacy laws and their own policies.
Microsoft

Microsoft Office 2013 Not Compatible With Windows XP, Vista 711

Posted by samzenpus from the does-not-work-well-with-others dept.
hypnosec writes "The newly unveiled productivity suite from Microsoft, Office 2013, won't be running on older operating systems like Windows XP and Vista it has been revealed. Office 2013 is said to be only compatible with PCs, laptops or tablets that are running on the latest version of Windows i.e. either Windows 7 or not yet released Windows 8. According to a systems requirements page for Microsoft for Office 2013 customer preview, the Office 2010 successor is only compatible with Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012. This was confirmed by a Microsoft spokesperson. Further the minimum requirements states that systems need to be equipped with at least a 1 GHz processor and should have 1 GB of RAM for 32-bit systems or 2 GB for 64-bit hardware. The minimum storage space that should be available is 3 GB along with a DirectX 10-compatible graphics card for users wanting hardware acceleration."
Privacy

The Average Consumer Thinks Data Privacy Is Worth Around 65 Cents 128

Posted by samzenpus from the money-talks dept.
chicksdaddy writes "Threatpost is reporting today on the findings of an ENISA study that looked at whether consumers would pay more for goods in exchange for more privacy. The answer — 'Sure...just not much more.' The report (PDF): 'Study on Monetizing Privacy: An Economic Model for Pricing Personal Information' presents the findings of a laboratory study in which consumers were asked to buy identical goods from two online vendors: one that collected minimal customer information and another that required the customer to surrender more of their personal information to purchase the item, including phone number and a government ID number. The laboratory experiment showed that the majority of consumers value privacy protections. When the prices of the goods offered by both the privacy protecting and the privacy violating online retailers were equal, shoppers much preferred the privacy protecting vendor. But the preference for more privacy wasn't very strong, and didn't come close to equaling consumers' preference for lower prices. In fact, consumers readily switched to a more privacy-invasive provider if that provider charged a lower price for the same goods. How much lower? Not much, researchers discovered. A discount of just E0.50 ($0.65) was enough to sway consumers away from a vendor who would protect the privacy of their personal data."
Microsoft

Microsoft Issuing Unusual Out-of-Band Security Update 156

Posted by timothy from the rolls-downhill dept.
wiredmikey writes "In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'"

Comment This is Rachael from Card Services (Score 1) 228

by valderost (#38311098) Attached to: How many robocalls do you get each month?
Mostly from Rachael at Card Services, calling about my account. I press 1 to speak with an agent and ask which account, and they hang up on me. I'm glad the car extended warranty calls have stopped. Now if I could end Rachael's calls, the political surveys and Newt Gingrich's calls to my cell phone I'd be a pretty happy camper. Newt doesn't want to hear what I have to say anyway.
The Almighty Buck

UBS Rogue Trader Loses $2 Billion In Unauthorized Trades 360

Posted by timothy from the let's-give-it-to-a-nice-fiscally-responsible-government dept.
PolygamousRanchKid writes with this snippet from Reuters that sounds like a ready-made movie script: "Switzerland's UBS said on Thursday it had discovered unauthorized trading by a trader in its investment bank had caused a loss of some $2 billion. 'The matter is still being investigated, but UBS's current estimate of the loss on the trades is in the range of $2 billion,' the bank said in a brief statement just before the stock market opened." Asks the RanchKid: "I wonder how this will reopen the debate about the role of computer systems in the trading and the safeguards that are supposed to protect against these risks. But if microseconds mean millions in trading ... who has time for checks?"

Comment Untraceable = Unaccountable (Score 3, Informative) 68

by valderost (#36546974) Attached to: FCC Ups Penalties For Caller ID Spoofing
This is worthless pandering. The fact is that there is no way for the receiver of a spoofed CID call to complain. The number on the Caller ID doesn't identify the caller, and the caller won't identify themselves. If you can't identify the caller, you can't complain. If you can't complain, the callers can't be held accountable. The system is broken, and therefore so are all the laws that assume the system is working. Fix the system first, then write new laws if they're needed.
Crime

FCC Ups Penalties For Caller ID Spoofing 68

Posted by timothy from the spoofing-needs-no-scarequotes dept.
GovTechGuy writes "The FCC adopted new rules on Thursday that would significantly increase the penalties for individuals or organizations that alter their caller ID information to commit fraud or with other harmful intent. The new rules allow the FCC to fine violators $10,000 per violation plus more for every day it continues. Users can still change their caller ID info as long as it's not for fraud or harmful purposes."
Iphone

Fake GSM Base Station Trick Targets IPhones 64

Posted by CmdrTaco from the but-he-was-wearing-a-hat dept.
mvar writes "While his Black Hat DC Conference demonstration was not flawless, a University of Luxembourg student on Wednesday did show that it's possible to trick iPhone users into joining a fake GSM network. Ralf-Philipp Weinmann showed how to cobble together a laptop using open-source software OpenBTS and other low-cost gear to create a fake GSM transmitter base station to locate iPhones in order to send their owners a message. A number of iPhone users in the room expressed surprise that they had gotten a message asking them to join the network. 'You want to get phones not just used by the teenage crowd but executives,' said Weinmann, adding that it is possible to 'have complete control of the phone.' Part of the reason these fake GSM network attacks are possible is because the code base used in smartphones such as the iPhone, which is Infineon-based, goes back to the 1990s."
The Internet

Submission + - Will feds mandate Internet routing security? (networkworld.com)

Submitted by alphadogg
alphadogg writes: The Department of Homeland Security has spent $3 million over the past few years on research aimed at bolstering the security of the Internet's routing system.

Now, as this research is being deployed across the Internet, DHS wants government agencies and their carriers to be among the earliest adopters of the new Resource Public Key Infrastructure (RPKI) system that it helped create.

DHS considers the RPKI system to be a much-needed first step in securing the Internet's core routing protocol, which is called the Border Gateway Protocol (BGP). In addition to its support of RPKI, DHS also has spent around $1 million on research and software development aimed at adding security directly to BGP.

RPKI helps improve routing security by adding a layer of encryption to the communications between Internet registries and network operators. With RPKI, network operators can verify that they have the authority to route traffic for a block of IP addresses or routing prefixes known as Autonomous System Numbers.

RPKI is designed to prevent Internet routing attacks http://www.networkworld.com/news/2009/011509-bgp-attacks.html and accidents, such as the recent China Telecom Internet traffic hijacking incident http://www.networkworld.com/news/2010/111810-china-telecom-operator-denies-hijacking.htmlthat has received attention on Capitol Hill.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close