Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Ask SD: How do you handle the discovery of a web site disclosing private data?

Submitted by Anonymous Coward
An anonymous reader writes "I recently discovered that a partner web site of a financial institution I do business with makes it trivially easy to view documents that do not belong to me. As in, change the document ID in a URL and view someone else's financial documents. This requires no authentication, only a document URL. (Think along the lines of an online rebate center where you upload documents including credit card statements.) I immediately called customer service and spoke with a perplexed agent who unsurprisingly didn't know what to do with my call. I asked to speak with a supervisor who took good notes and promised a follow-up internally. I asked for a return call but have not yet heard back. In the meantime, I still have private financial information I consider to be publicly available. I'm trying to be responsible and patient in my handling of this, but I am second guessing how to move forward if not quickly resolved. So, Slashdot, how would you handle this situation?"

Comment: Advice ... and best to you and your family. (Score 1) 687

Knowing of mortality; my daughter was murdered, my father died to cancer and my wife was recently diagnosed with cancer. The thought that comes to mind - and as a geek you might see it: What was done on Terminator. Record everything you can. Show her that - you were there for her as much as you can. There was a movie -- I watched as a child where a lady found out that had cancer, and wasn't going to live. She made tape recordings for her daughter (I wish I could remember the name)

You might also consider gifts and/or recordings for her -- example 16th birthday, 18th birthday, graduation and so on. Start now, learn to become comfortable with your recordings. The recordings might be video, audio both ... what you feel comfortable with. What little I have of my father are songs that he had song to my mother, and very little of photographs.

As you make the recordings -- I believe that you will think more in terms of what legacy you can provide her. Telling her that she seems to have the same geek that you have, that you were hoping to guild her when she got older. Tell her about going out and getting her that gift for her 16th birthday, how hard it is for you now, and wishing that you were there with her. Much good advise is here on /.

Comment: Re:Software testing ... what a novel concept (Score 1) 108

by Bomarc (#49095849) Attached to: Scotland's Police Lose Data Because of Programmer's Error
... and management failed to implement policies and practices in place to prevent development from having direct access to production DB's (without oversight). (It did appear that backups were maintained)

Even some thing as simple as "database cleanup" can be a problem when not properly tested. In once instance I was testing a server/database migration/upgrade. In the Test Plan, I called out that permission issues could not be tested (security wouldn't allow it) and failure to test could result in data loss. As predicted - there was a problem that came to permissions that I was disallowed from testing -- that resulted in data loss (Self defense: I tested as best as I could around the known permission issue).

Comment: Re:Software testing ... what a novel concept (Score 1) 108

by Bomarc (#49094885) Attached to: Scotland's Police Lose Data Because of Programmer's Error
Some highlights:
o Worked for large co; found several "Sev 1" bugs on a product was was proposed to be released soon. I was put on inventorying computers; product became one of the larges failures in company's history due to -- bugs.
o Same co, later: needed to make a code drop to another business. My job: To make sure that the code worked as expected, and could compile. (they got a "special" version of the code.) I told the PM that we shouldn't have the code on a given storage server -- it (the code) could accidentally be "compiled" causing problems. PM said that would not happen. A few days later, someone compiled the coded on the storage server. PM required that I had to find a way to 'fix it'. At the same time I looked into 'who' compiled the code: The same PM. (This PM was also was responsible for a lawsuit that cost the company millions... and was promoted.) o Worked for a local utility. Was told that we were going to use a copy of "live customer data" for dev/testing. Objected, was told that "test" customer data could NEVER be visible to "real world". Two weeks into testing: Customer Service contact us -- customer billings were off. Sure enough: "test" was crossed over with "production". (My contract was suddenly "ended" shortly after I reported the security error - that was EXACTLY as I had predicted). About six months later, the state Attorney General was looking into the utility for using ... live customer data for testing.
o Worked for an aerospace co. Spend a week creating a detailed functional spec on a report needed by the business department. The developed report (delivered a month late) looked NOTHING like the spec. The totals didn't add up to anything, the columns were out of sequence, the colors were wild (not random -- just not anywhere near the spec.) Three days later, my contract suddenly ended.
o Worked for a company that managed big data. Found out that they had single point of failure ("fail-over"), and I had experience with fail-over situations. Was told that the data center could never be down for very long, and that this risk was minimal. About three months later, the data center suffered a catastrophic failure that took over a week to get minimal power restored. People involved with the failure were promoted.

So many, many, many more times: Like when development released product to production without consulting testing and caused customer data errors, like development removing all permissions on a SQL table to get their dev work done (when the permissions were re-applied, the code didn't work any more)

A good QA / Tester need to know all of the jobs: Development, PM, customer service and Testing to get the job done. Unfortunately QA never gets paid the level of knowledge that it has, the risk that it assumes, and - it's not unusual for bad management to (FREQUENTLY) have QA reporting to development; for bad management frequently blame the messenger. Interesting all the years that I've worked in QA -- I've never seen bad management get the blame.

Comment: Software testing ... what a novel concept (Score 4, Insightful) 108

by Bomarc (#49093159) Attached to: Scotland's Police Lose Data Because of Programmer's Error
At least this article admits to a level of "programmer error". However --- like most "computer error" news articles, this one misses a key point: This (like many others) is actually management error. Management failed to oversee programmers. Management failed implement test. Management failed.
I just wonder how much longer before software testing will get the respect it deserves.

+ - Star Trek Continues is meeting their Kickstarter stretch goals-> 2

Submitted by jdavidb
jdavidb (449077) writes "A couple of months ago on Slashdot, I learned about Star Trek Continues, a faithful continuation of the Star Trek original series five year mission, lovingly recreated by Vic Mignogna and a dedicated cast and crew. The original Enterprise set from Desilu has been recreated, great scripts have been written, fantastic guest stars have been enlisted including stars from the original series and other Star Trek voyages, and the three episodes filmed so far look like they genuinely came right of the era that produced the original series. Continues has now turned my children on to original series Star Trek, and we eagerly await more episodes.

Continues has two more days to go with a Kickstarter campaign. They have already raised enough money to produce two more episodes and meet their first stretch goal: creating a set for Engineering. Now they are within sight of their next stretch goal: creating a planet set so the Continues Enterprise team can visit strange new worlds and experience the tragic loss of nameless redshirts."

Link to Original Source

+ - FBI can't find its drone privacy reports->

Submitted by v3rgEz
v3rgEz (125380) writes "Programs run by the federal government are typically required to undergo a Privacy Impact Assessment if there's a chance they'll veer into monitoring the activities of citizens: The assessments help balance the risks and benefits of the program, and help guide any oversight to prevent abuse.

But despite being legally mandated, the FBI and Justice Department have had a tough time producing the assessments done in conjunction with the Bureau's domestic surveillance drone program, first telling privacy advocates to file a FOIA request, and then rejecting that request, before ultimately claiming they now simply can't find the documents altogether."

Link to Original Source

Comment: Re:The fail of this article... (Score 1) 14

by Bomarc (#49042511) Attached to: Samsung: WHAT is my SmartTV reporting? To whom?
for the fun of it... started looking at the first item. It is used to get/send data to other parties (usatoday) appears to be looking for news to display.

Suggestion: Take this info (including what /. won't let you display) and post it. Take some key items, with the original posting -- shake/stir and re-post.
I realize that some data is encrypted, but (as noted above) some is not.
I WOULD like to see this posted on /. -- with as much detail can be generated for the article.
Definite /. fail.. can't have list(s) of URL's in the posting.

Comment: The fail of this article... (Score 1) 14

by Bomarc (#49041883) Attached to: Samsung: WHAT is my SmartTV reporting? To whom?
Though this article does not have an "link" article, NetAlien -- using Wireshark has the means to view the data being shared. NetAlien does not indicate what that data was/is. Also - a list of what (exactly) URL's are being accessed (including the IP addresses) would be helpful form a complete article. All this info would be of interest for a complete posting here for consideration. Good start, needs a LOT more info before it is /. ready.

+ - Why Farmers Can't Repair Tractors->

Submitted by retroworks
retroworks (652802) writes "First we had "planned obsolescence", the term coined by Vance Packard in 1960's bestseller "The Waste Makers". Next we had EULA agreements. Today, even farm tractor owners are not allowed to fix their agricultural equipment with wire and duct tape. Maker/Fixer Kyle Wiens of IFIXIT writes about trying to hack a neighbor's harvester, without success, in Wired News."
Link to Original Source

+ - DMCA Exemption Would Let Fans Run Abandoned Games->

Submitted by Anonymous Coward
An anonymous reader writes "Games that rely on remote servers became the norm many years ago, and as those games age, it's becoming more and more common for the publisher to shut them down when they're no longer popular. This is a huge problem for the remaining fans of the games, and the Digital Millennium Copyright Act forbids the kind of hacks and DRM circumvention that would be required for the players to host their own servers. Fortunately, the EFF and law student Kendra Albert are on the case. They've asked the Copyright Office for an exemption in the case of players who want to keep abandoned games alive. It's another important step in efforts to whittle away at overreaching copyright laws."
Link to Original Source

+ - No big bang after all ->

Submitted by cyberspittle
cyberspittle (519754) writes ""The universe may have existed forever, according to a new model that applies quantum correction terms to complement Einstein's theory of general relativity. The model may also account for dark matter and dark energy, resolving multiple problems at once.""
Link to Original Source

+ - Hidden Apollo 11 artefacts found in Neil Armstrong's closet after over 40 years->

Submitted by hypnosec
hypnosec (2231454) writes "Over 40 years after Neil Armstrong’s Apollo 11 space travel, a hidden bag full of artefacts has been discovered by his widow Carol Armstrong. Carol found the bag after Neil’s death in 2012 shortly after he underwent a heart surgery. The bag contains a total of 20 items including the priceless 16mm movie camera that recorded Apollo 11’s descent to the surface of the moon, optical alignment sight used by crew for docking manoeuvres, and Waist tether among other things. The purse and the contents are now on loan at the National Air and Space Museum for preservation, research and eventual public display."
Link to Original Source

The less time planning, the more time programming.

Working...