Forgot your password?
typodupeerror
Government

+ - Obama edicts boost FOIA and .gov websites->

Submitted by
Ian Lamont
Ian Lamont writes "The Electronic Frontier Foundation and the National Security Archive are praising President Obama's executive orders to make the federal goverment more open. Yesterday, Obama issued two memos and one executive order instructing government agencies to err on the side of making information public and not to look for reasons to legally withhold it. The moves are expected to make it easier for people to file Freedom of Information Act requests, and should also boost the amount of information that agencies place on their websites. The general counsel for the National Security Archive (an NGO that publishes declassified documents obtained through the Freedom of Information Act) even predicts that agencies will use blogs to share information. Obama's directives reverse a 2001 memo from former U.S. Attorney General John Ashcroft instructing federal agencies to generally withhold information from citizens filing FOIA requests."
Link to Original Source

Comment: Re:Linus... (Score 1) 416

by Jeff Mahoney (#24218899) Attached to: Linus on Kernel Version Numbering

It's actually more than that. It means that the drivers should be both GPL *and* in the mainline kernel. The second part is often glossed over, but when a driver is included in the kernel the maintenance load on the original author drops significantly. If a vendor upstreams the driver, they don't need to track every single release anymore. One of the major rules of Linux kernel development is that if you change a global kernel API, then you have to change all of its consumers as well. Vendors would get that upkeep for free.

Hardware Hacking

Couple Bonding Through PC Building 465

Posted by kdawson
from the heads-and-hearts-together dept.
mikemuch writes "When his lovely girlfriend Glenda needed a new PC, Jason Cross, who spends much of the week assembling PCs with the latest gear to test for ExtremeTech, decided he would let her build it herself. She gave him her list of needs, he came up with a part list, and then watched as she did all the screwdriver wielding herself. Despite a DOA hard drive and some mis-connected wires, everyone was smiling when it was all finished. (Slide show here.)"
Security

Worm Threat Forces Apple To Disable Software? 201

Posted by Zonk
from the batten-down-the-hatches dept.
SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"

Comment: US System is Different (Score 1) 178

by Spudnuts (#15881828) Attached to: HSBC Online Banking Security Flaw Analyzed
As a US HSBC customer, the security that I see is different than the article describes.

The login process is fairly typical (username, password only), but in mid-July 2006, they changed the process so that they are entered on separate pages. I do not understand how this improves security, because the username is echoed back on the password-entry page. There are no additional interactive anti-replay attack features--the username/password form seems to have been simply split to two pages.

The biggest security feature that I have casually identified is that on the Online Bill Payment page, it is necessary to do a second authentication using a Java-based on-screen keyboard (which must be clicked with a mouse). This avoids a simple keystroke logger but is not beyond other attacks (for instance, it would be somewhat easier to shoulder-surf).

"Well, social relevance is a schtick, like mysteries, social relevance, science fiction..." -- Art Spiegelman

Working...