Panaqqa - Slashdot User

Comment: A revised CAPTCHA? (Score 4, Interesting) 303

by Panaqqa on Wednesday October 01 2008, @08:46PM (#25227959) Attached to: Spammers Targeting Microsoft's Revised CAPTCHA

I had played with this idea a bit a few months back and came up with an idea I think could work - but only ever got around to coding the most basic example of it. For those on /. who are interested, find it here. Each reload will produce the image of a new challenge.

In a closer to final version I had envisioned instructions in multiple fonts and colors involving shapes, letters, etc., and much more flexibility.

In the example I've shown above, pure random clicking will produce a correct response to the challenge 1 time in 30 approximately. So - make them solve three in a row and there you are - 1 chance in 27,000.

Sears at it again: burglar's reference-> 0

Submitted by

Anonymouse Coooward

on Friday January 04 2008, @08:02AM

Anonymouse Coooward writes "CA has another scoop on Sears:
http://community.ca.com/blogs/securityadvisor/archive/2008/01/03/managemyhome-com-another-privacy-issue-for-sears.aspx

Sears' managemyhome.com site allows any burglar to case a home from the comfort of their armchair and provide them with everything they'd need to bluff their way through picking it up for a "recall".

quotes from TFA:

Once you register, you can look up major purchases for ANY address. All you need to do is enter a name, address and phone number and if the person attached to that info has made a major purchase at sears you get that info!! They have no real controls in place — you have to enter an onscreen code and they say that keeps your info safe, but that does not stop someone from entering other people's contact info to see their product purchases.

I checked this out, and sure enough, in about 2 minutes I was looking at every purchase my parents had made since 1989. What's worse, I had used no more info than is publicly listed in the phone book: their name, address, and telephone number. Once you have an account at http://www.managemyhome.com/ and have logged in, select the first option (Home Profile) from the "Home" pull-down menu on the main page. In the upper right corner of the page, you should see a "Sears Purchase History", with a button labeled "Find my Products". The only information they asked for when I followed that button was a name, phone number, and address.

If you had major dealings with Sears, that information is now available to the public, from a television bought in 1978 to a stove which was purchased elsewhere but had been repaired by a Sears technician."
Link to Original Source

Facebook Widget Installs Zango Spyware -> 0

Submitted by BaCa on Friday January 04 2008, @07:32AM

BaCa writes "A malicious Facebook Widget actively spreading on the social networking site ultimately prompts users to install the infamous "Zango" adware/spyware. The tremendous success and lightning fast expansion of Facebook empowered the social networking giant with an impressive user base. Needless to say, in a digital world where web traffic equals money, such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies."
Link to Original Source

EFF Busts Bogus Online Testing Patent-> 0

Submitted by

Panaqqa

on Friday January 04 2008, @07:26AM

Panaqqa writes "It's taking a while, but the EFF's Patent Busting Project is making progress. In the latest news, the USPTO has now officially rejected one of the 10 awful patents targeted, making the world safe again for administering tests over the Internet. This joins the reexamination of a patent on automated remote access of a computer over a network and the revokation of a patent on recording live performances to CD as notable successes for the EFF."
Link to Original Source

EU Encouraging Standardized DRM, Licensing 153

Posted by Soulskill on Friday January 04 2008, @05:24AM
from the reply-hazy-try-again dept.

I Don't Believe in Imaginary Property writes "The European Commission is trying to encourage a standard licensing and DRM scheme for all of Europe, as well as 'cooperation procedures' and 'codes of conduct' for ISPs, copyright holders, and customers. No legislation has been proposed yet, but the 'cooperation procedures' sound like a push for an EU version of the DMCA Takedown Notices, which are already routinely sent to people outside the US. While simplified licensing might be nice, it's interesting that they don't appear to understand the inherent tension between standardization, interoperability and DRM — break once, copy everywhere."

Firefox spoofing bug puts your passwords at risk-> 1

Submitted by

hairyfeet

on Friday January 04 2008, @05:03AM

hairyfeet writes "Aviv Raff, an Israeli researcher known for his work in hunting browser bugs revealed Thursday a Firefox spoofing vulnerability which could allow Identity thieves to dupe users into giving up their password. According to Mr. Raff Firefox fails to sanitize single quotes and spaces in the "Realm" value of an authentication header. Raff was quoted as saying "This makes it possible for an attacker to create a specially crafted Realm value which will look as if the authentication dialog came from a trusted site."

Mr. Raff then outlined two possible attack vectors. One in which a malicious site that included a link to a trusted site — a well-known bank, say, or a Web e-mail service such as Gmail or Hotmail — that when clicked would display its usual log-on dialog. But in the the background, however, the attacker would have crafted a script that exploited the Firefox vulnerability to redirect the username and password entered by the user to the hacker's server instead of the real deal. The other involved a more classical rigged email image or one embedded in a blog or website which would then present the user when clicked with a legitimate looking login dialog.

This vulnerability was shown to be in the latest Firefox, version 2.0.0.11 and until Mozilla fixes this vulnerability Mr. Raff recommends in his blog "not to provide username and password to Web sites which show this dialog.""
Link to Original Source

Japanese envy Indian Schools? 0

Submitted by sas-dot on Wednesday January 02 2008, @04:34PM

sas-dot writes "Nytimes article writes that Japan is suffering a crisis of confidence these days about its ability to compete with its emerging Asian rivals, China and India. But even in this fad-obsessed nation, one result was never expected: a growing craze for Indian education..India's more demanding education standards are apparent at the Little Angels Kindergarten, and are its main selling point. Its 2-year-old pupils are taught to count to 20, 3-year-olds are introduced to computers, and 5-year-olds learn to multiply, solve math word problems and write one-page essays in English, tasks most Japanese schools do not teach until at least second grade. America has to learn something from this? or not?"

Sears Web "Community" is a Spyware Install-> 0

Submitted by

Panaqqa

on Wednesday January 02 2008, @03:49PM

Panaqqa writes "After several weeks of security alerts from CA and denials by Sears, spyware security researcher Ben Edelman has joined the chorus accusing Sears of surreptitiously installing Comscore tracking software on the PCs of people who join the Sears "community". Kmart (owned by Sears) is apparently involved also. After installation, the software sends details of all online activities — including secure sites such as banking — directly to Comscore, despite the Sears website's assertion that it does not share collected data with anyone. Various technology blogs are likening this breach of online privacy to the recent Facebook Beacon fiasco."
Link to Original Source

A Normal Day: $Millions In Infringement Liability-> 0

Submitted by

Panaqqa

on Tuesday November 20 2007, @09:54AM

Panaqqa writes "In simply going about a normal day, the average Internet user tallies up millions of dollars in potential statutory damages. A recent paper from John Tehranian [PDF] demonstrates how far out-of-whack current copyright laws are:

"In the morning, he checks his email ... following common practice, he has set his mail browser to automatically reproduce the text to which he is responding ... each unauthorized reproduction of someone else's copyrighted text — their email — represents a separate act of brazen infringement ... within an hour, the twenty reply and forward emails sent by John have exposed him to $3 million in statutory damages"
Perhaps this paper has an excessively theoretical bent, but perhaps this perspective is needed to demonstrate why concrete change must happen."
Link to Original Source

Anon. National Security Letter Plaintiff Speaks-> 0

Submitted by

Panaqqa

on Tuesday November 06 2007, @04:56PM

Panaqqa writes "On Monday, the US government appealed a ruling which struck down a controversial section of The Patriot Act as unconstitutional. The section permitted the FBI to send secret demands to ISPs (called "National Security Letters") for logs and email without first obtaining a judge's approval. The president of the small Plaintiff ISP, identified only as John Doe because of a gag order under the law, said the gag provisions make it "impossible for people ... to discuss their specific concerns with the public, the press and Congress". Given that cases of abuse of Department of Homeland Security data have already surfaced, can anyone give a good reason why these letters should be allowed?"
Link to Original Source