Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 6 declined, 1 accepted (7 total, 14.29% accepted)

+ - Kickstarter breached; personal information, password hashes stolen

Submitted by Kalriath
Kalriath (849904) writes "Crowdfunding site Kickstarter has admitted to a security breach on Wednesday in which personal information (name, address, email) and encrypted passwords were stolen.

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

Kickstarter further goes on to say that older passwords were uniquely salted and hashed with SHA-1, and newer passwords with bcrypt."

+ - Judge in Dotcom Case Steps Down->

Submitted by Kalriath
Kalriath (849904) writes "After calling the United States "the enemy" at the NetHui conference last week (reported on Slashdot), Judge David Harvey has stepped down from the Dotcom case citing beliefs that the comments could reflect on his impartiality. From the New Zealand Herald:

An internet law expert, Judge Harvey had been considered the perfect choice to hear arguments on whether Dotcom and his Megaupload colleagues should be extradited by the United States to face charges of criminal copyright violation. The district court's chief judge Jan-Marie Doogue said Judge Harvey had made the decision to step down from hearing the case. "He recognises that remarks made in the context of a paper he delivered on copyright law at a recent internet conference could reflect on his impartiality and that the appropriate response is for him to step down from the case.

No word on what this means for the extradition hearing, but it probably isn't good news for Dotcom."
Link to Original Source

+ - FBI ordered by NZ judge to start copying Dotcom data

Submitted by Kalriath
Kalriath (849904) writes "New Zealand High Court Justice Helen Winkelmann today ordered that the FBI begin copying the more than 150TB of information which was seized during the raid earlier this year, a month after another judge ordered that Dotcom's lawyers could get a copy of all the data held by the US government for his defense. The FBI claims that to give him this information, he must appear in a US court, creating quite a catch-22"

+ - US Company Hijacks OSS Project, Trademarks Name->

Submitted by Kalriath
Kalriath (849904) writes ""Horowhenua Library Trust is the birth place of Koha and the longest serving member of the Koha community. After over a year of battling against it, PTFS/Liblime have managed to have their application for a Trademark on Koha in New Zealand accepted. We now have 3 months to object, but to do so involves lawyers and money."

And some background courtesy of http://diligentroom.wordpress.com/2011/11/22/the-exemplar-of-stupid-koha-vs-liblime-trademark/:

"For those of you who don’t know [which can’t be many] the background, in the late nineties the Horowhenua Library Trust decided not to go down the traditional path of changing their LMS and developed open-source product called Koha. This was given to the world and is now used widely internationally. A few years ago a company in the US called PTFS/Liblime attempted to hijack Koha and turn it into their proprietary LMS. They have also sort [sic] to claim ownership of the name Koha.""

Link to Original Source
The Courts

+ - Blizzard Wins Bot Lawsuit, Validates EULAs->

Submitted by Kalriath
Kalriath (849904) writes "A story on ArsTechnica and discussed on Blizzards forums talks about the recent win in early January, where judge David G Campbell agreed with Blizzard that the use of a bot violates Blizzard's EULA, terminating a users license to use the software (and validating the belief that copying an application into memory to run it does indeed constitute copyright infringement without a valid license. From the story:

As we've noted before, Blizzard's legal arguments, which Judge David G. Campbell largely accepted, could have far-reaching and troubling implications for the software industry. Donnelly is not the most sympathetic defendant, and some users may cheer the demise of a software vendor that helps users break the rules of Blizzard's wildly popular role playing game. But the sweeping language of Judge Campbell's decision, combined with his equally troubling decision last summer, creates a lot of new uncertainty for software vendors seeking to enter software markets dominated by entrenched incumbents and achieve interoperability with legacy platforms.

Looks like a field day for lawyers everywhere."
Link to Original Source

Software

+ - Symantec: Vista "fairly secure, but full of ho

Submitted by Kalriath
Kalriath (849904) writes "Computerworld reports on Symantec's reports claiming that Windows Vista is "faily secure, but still full of holes". Symantec claims that in under a week, they have managed to disable PatchGuard and Code Integrity, which have hindered their antivirus and firewall product implementations on Vista, and also claim to be able to exploit UAC to masquerade untrusted code as part of the OS.

From the article at Computerworld:

The security vendor's Security Response Advanced Threat Research group has released four reports on the security implications of Vista — with two more to come next week — and found that while the underlying OS is more secure, there are still unplugged holes that will allow malicious code to penetrate a user's system, says Oliver Friedrichs, director of Symantec's Security Response Emerging Threats group.
It's really no surprise that Symantec has been researching ways to get around PatchGuard, and even they admit that their research is a little self serving. From the article:

Friedrichs acknowledges that it may be self-serving for Symantec, which offers add-on security products for Windows, to publish findings that the OS is not secure.
Unsurprisingly, Symantec claims that it's concerns are very legitimate, and Microsoft reiterates that Vista is the most secure Windows to date. Then, is that really all that hard?"
Music

+ - RIAA to Apple: Spread the DRM!

Submitted by Kalriath
Kalriath (849904) writes "Posted at The Register is the RIAA's official response to Steve Jobs open letter decrying DRM and asking the recording industry to seriously consider allowing DRM-free music. They have this to say about it:

The RIAA has seized on the weakest part of Steve Jobs' anti-DRM manifesto by banging on Apple to license its FairPlay technology to other companies.

"Apple's offer to license FairPlay to other technology companies is a welcome breakthrough and would be a real victory for fans, artists and labels," the RIAA (Recording Industry Association of America) said. "There have been many services seeking a licence to the Apple DRM. This would enable the interoperability that we have been urging for a very long time."
The section in question from Steves letter, which quite clearly states the problems with this approach reads:

The second alternative is for Apple to license its FairPlay DRM technology to current and future competitors with the goal of achieving interoperability between different company's players and music stores. On the surface, this seems like a good idea since it might offer customers increased choice now and in the future. And Apple might benefit by charging a small licensing fee for its FairPlay DRM.

However, when we look a bit deeper, problems begin to emerge. The most serious problem is that licensing a DRM involves disclosing some of its secrets to many people in many companies, and history tells us that inevitably these secrets will leak. The Internet has made such leaks far more damaging, since a single leak can be spread worldwide in less than a minute. Such leaks can rapidly result in software programs available as free downloads on the Internet which will disable the DRM protection so that formerly protected songs can be played on unauthorized players.
Jobs may be a smooth talker, but against such circular logic, even he can't win."

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...