Forgot your password?
typodupeerror

Comment: A revised CAPTCHA? (Score 4, Interesting) 303

by Panaqqa (#25227959) Attached to: Spammers Targeting Microsoft's Revised CAPTCHA
I had played with this idea a bit a few months back and came up with an idea I think could work - but only ever got around to coding the most basic example of it. For those on /. who are interested, find it here. Each reload will produce the image of a new challenge.

In a closer to final version I had envisioned instructions in multiple fonts and colors involving shapes, letters, etc., and much more flexibility.

In the example I've shown above, pure random clicking will produce a correct response to the challenge 1 time in 30 approximately. So - make them solve three in a row and there you are - 1 chance in 27,000.
Privacy

+ - Sears at it again: burglar's reference->

Submitted by
Anonymouse Coooward
Anonymouse Coooward writes "CA has another scoop on Sears:
http://community.ca.com/blogs/securityadvisor/archive/2008/01/03/managemyhome-com-another-privacy-issue-for-sears.aspx

Sears' managemyhome.com site allows any burglar to case a home from the comfort of their armchair and provide them with everything they'd need to bluff their way through picking it up for a "recall".

quotes from TFA:

Once you register, you can look up major purchases for ANY address. All you need to do is enter a name, address and phone number and if the person attached to that info has made a major purchase at sears you get that info!! They have no real controls in place — you have to enter an onscreen code and they say that keeps your info safe, but that does not stop someone from entering other people's contact info to see their product purchases.

I checked this out, and sure enough, in about 2 minutes I was looking at every purchase my parents had made since 1989. What's worse, I had used no more info than is publicly listed in the phone book: their name, address, and telephone number. Once you have an account at http://www.managemyhome.com/ and have logged in, select the first option (Home Profile) from the "Home" pull-down menu on the main page. In the upper right corner of the page, you should see a "Sears Purchase History", with a button labeled "Find my Products". The only information they asked for when I followed that button was a name, phone number, and address.

If you had major dealings with Sears, that information is now available to the public, from a television bought in 1978 to a stove which was purchased elsewhere but had been repaired by a Sears technician."

Link to Original Source
Security

+ - Facebook Widget Installs Zango Spyware ->

Submitted by BaCa
BaCa (666) writes "A malicious Facebook Widget actively spreading on the social networking site ultimately prompts users to install the infamous "Zango" adware/spyware. The tremendous success and lightning fast expansion of Facebook empowered the social networking giant with an impressive user base. Needless to say, in a digital world where web traffic equals money, such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies."
Link to Original Source
Patents

+ - EFF Busts Bogus Online Testing Patent->

Submitted by
Panaqqa
Panaqqa writes "It's taking a while, but the EFF's Patent Busting Project is making progress. In the latest news, the USPTO has now officially rejected one of the 10 awful patents targeted, making the world safe again for administering tests over the Internet. This joins the reexamination of a patent on automated remote access of a computer over a network and the revokation of a patent on recording live performances to CD as notable successes for the EFF."
Link to Original Source
The Courts

EU Encouraging Standardized DRM, Licensing 153

Posted by Soulskill
from the reply-hazy-try-again dept.
I Don't Believe in Imaginary Property writes "The European Commission is trying to encourage a standard licensing and DRM scheme for all of Europe, as well as 'cooperation procedures' and 'codes of conduct' for ISPs, copyright holders, and customers. No legislation has been proposed yet, but the 'cooperation procedures' sound like a push for an EU version of the DMCA Takedown Notices, which are already routinely sent to people outside the US. While simplified licensing might be nice, it's interesting that they don't appear to understand the inherent tension between standardization, interoperability and DRM — break once, copy everywhere."
Mozilla

+ - Firefox spoofing bug puts your passwords at risk-> 1

Submitted by
hairyfeet
hairyfeet writes "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs revealed Thursday a Firefox spoofing vulnerability which could allow Identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the "Realm" value of an authentication header. Raff was quoted as saying "This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site."

Mr. Raff then outlined two possible attack vectors. One in which a malicious site that included a link to a trusted site — a well-known bank, say, or a Web e-mail service such as Gmail or Hotmail — that when clicked would display its usual log-on dialog. But in the the background, however, the attacker would have crafted a script that exploited the Firefox vulnerability to redirect the username and password entered by the user to the hacker's server instead of the real deal. The other involved a more classical rigged email image or one embedded in a blog or website which would then present the user when clicked with a legitimate looking login dialog.


This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog "not to provide username and password to Web sites which show this dialog.""

Link to Original Source
Education

+ - Japanese envy Indian Schools?

Submitted by sas-dot
sas-dot (873348) writes "Nytimes article writes that Japan is suffering a crisis of confidence these days about its ability to compete with its emerging Asian rivals, China and India. But even in this fad-obsessed nation, one result was never expected: a growing craze for Indian education..India's more demanding education standards are apparent at the Little Angels Kindergarten, and are its main selling point. Its 2-year-old pupils are taught to count to 20, 3-year-olds are introduced to computers, and 5-year-olds learn to multiply, solve math word problems and write one-page essays in English, tasks most Japanese schools do not teach until at least second grade. America has to learn something from this? or not?"
Security

+ - Sears Web "Community" is a Spyware Install->

Submitted by
Panaqqa
Panaqqa writes "After several weeks of security alerts from CA and denials by Sears, spyware security researcher Ben Edelman has joined the chorus accusing Sears of surreptitiously installing Comscore tracking software on the PCs of people who join the Sears "community". Kmart (owned by Sears) is apparently involved also. After installation, the software sends details of all online activities — including secure sites such as banking — directly to Comscore, despite the Sears website's assertion that it does not share collected data with anyone. Various technology blogs are likening this breach of online privacy to the recent Facebook Beacon fiasco."
Link to Original Source
The Courts

+ - A Normal Day: $Millions In Infringement Liability->

Submitted by
Panaqqa
Panaqqa writes "In simply going about a normal day, the average Internet user tallies up millions of dollars in potential statutory damages. A recent paper from John Tehranian [PDF] demonstrates how far out-of-whack current copyright laws are:

"In the morning, he checks his email ... following common practice, he has set his mail browser to automatically reproduce the text to which he is responding ... each unauthorized reproduction of someone else's copyrighted text — their email — represents a separate act of brazen infringement ... within an hour, the twenty reply and forward emails sent by John have exposed him to $3 million in statutory damages"
Perhaps this paper has an excessively theoretical bent, but perhaps this perspective is needed to demonstrate why concrete change must happen."

Link to Original Source
The Courts

+ - Anon. National Security Letter Plaintiff Speaks->

Submitted by
Panaqqa
Panaqqa writes "On Monday, the US government appealed a ruling which struck down a controversial section of The Patriot Act as unconstitutional. The section permitted the FBI to send secret demands to ISPs (called "National Security Letters") for logs and email without first obtaining a judge's approval. The president of the small Plaintiff ISP, identified only as John Doe because of a gag order under the law, said the gag provisions make it "impossible for people ... to discuss their specific concerns with the public, the press and Congress". Given that cases of abuse of Department of Homeland Security data have already surfaced, can anyone give a good reason why these letters should be allowed?"
Link to Original Source
Spam

+ - Is SpamHaus Dead? It's domain is an "unknown h-> 1

Submitted by
Panaqqa
Panaqqa writes "SpamHaus is not a service I use, but for some reason I decided to check into it yesterday — and it was offline. Again today, the same thing. They have been down for more than 24 hours. If you PING them you get "unknown host" back. This is quite mystifying. Has anyone on SlashDot noticed this also, and if so, is there any news about what has happened to them? All I can think of is that a major DDoS attack has taken them down. Inquiring minds want to know..."
Link to Original Source
Spam

+ - Did somebody kill SpamHaus?->

Submitted by
Panaqqa
Panaqqa writes "It looks as if the SpamHaus website has disappeared. No response to PINGing their server, DNS cannot find their host. Has anyone heard anything about this? Do they have a massive DDoS attack in progress against them, or have the spammers finally convinced someone they have the jurisdiction to kill the domain?"
Link to Original Source
The Courts

+ - French Court Slams Acer Over Preinstalled Crapware->

Submitted by
Panaqqa
Panaqqa writes "When Antoine Gutzwiller objected to all of the preinstalled software that came with his Acer notebook, including Windows XP, he was offered just 30 Euros as settlement. So he sued, and a French court agreed, ruling that he should be refunded 311.85 Euros to cover the full cost of unwanted software loaded on his machine. Additionally, the court slammed Acer by awarding an additional 500.00 Euros to cover abusive resistance and committed expenses. Good thing they didn't install Vista."
Link to Original Source
Patents

+ - Speeding Up the Broken Patent System->

Submitted by
Panaqqa
Panaqqa writes "If you think too many bad patents are approved now, then just wait until the Patent Prosecution Highway gets going full steam. Yes that's its real name, and under PPH once either the US or the UK patent office determine that at least one claim in an application is patentable, the applicant can request fast tracking at the other office. Other countries may get involved also. Anybody want to guess how long it will take for companies to apply for patents first in the country with the most lenient examiners?"
Link to Original Source
Spam

+ - Appeals Court Tosses Out $11M Spamhaus Judgement->

Submitted by
Panaqqa
Panaqqa writes "In a not unexpected move, the U.S. 7th Circuit Court of Appeals threw out the $11 million awarded to e360 Insight, and vacated a permanent injunction against Spamhaus requiring them to stop listing e360 Insight as a spammer. The ruling [PDF] does not, however, set aside the default judgement, meaning that Spamhaus has still lost its opportunity to argue the case. Unfortunate, considering a recent CDA 230(c)(2) ruling concerning spyware."
Link to Original Source

Heisenberg may have been here.

Working...