Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×
The Media

Murdoch's UK Paywall a Miserable Failure 428

David Gerard writes "As part of his war against free, Rupert Murdoch put the Times and Sunday Times of London behind a paywall. Michael Wolff of Newser asks how that's working out for him. You can guess: miserable failure: 'Not only is nobody subscribing to the website, but subscribers to the paper itself — who have free access to the site — are not going beyond the registration page. It's an empty world.' Not that this wasn't entirely predictable." Update: 07/17 01:41 GMT by T : Frequent contributor Peter Wayner writes skeptically that the Newsday numbers should be looked at with a grain of salt: "I believe they were charging $30/month for the electronic edition and $25/month for the dead tree edition which also offered free access to the electronic edition. In essence, you had to pay an extra $5 to avoid getting your lawn littered with paper. The dead tree edition gets much better ad rates and so it is worth pushing. It's a mistake to see the raw numbers and assume that the paywall failed."

BP Robot Seriously Hampers Oil Spill Containment 264

ChiefMonkeyGrinder writes "A high-tech effort by BP to slow the oil gushing from its ruptured well head led to a large accident yesterday that forced the company to remove a vital containment cap for 10 hours. Robots, known as remote operated vehicles, were performing multiple operations at the disaster site when one bumped into the 'top hat' cap and damaged one of the vents that removes excess fluid, according to the US Coast Guard. The robots weigh around four tons, and are controlled from vessels on the surface using advanced IT systems with both manual and automated functions. BP removed the cap for nearly 10 hours ... in order to assess it after a discharge of liquids was noted from a key valve. The cap's removal left the oil gushing out of the wellhead, largely uninterrupted. Admiral Thad Allen, US National Incident Commander for the response, told the media that part of the problem was the number of robots conducting simultaneous operations at an immense depth. A dozen robots are circulating the wellhead." Another factor that may hinder containment even more is the increasing potential for tropical storms in that area of the Gulf.

Fifth of Android Apps Expose Private Data 286

WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

Adobe Warns of Reader, Acrobat Attack 195

itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."

Bing Cashback Can Cost You Money 333

paltemalte writes "Microsoft and various retailers have teamed up to bring you cashback on purchases made via Bing's price comparison feature. There is a little snag, though — it seems that when you have a Bing cookie living in your browser, some retailers will quote you a higher price than if you come with no Bing cookie in your system."

"Side By Side Assemblies" Bring DLL Hell 2.0 433

neutrino38 writes "This is an alert for all developers using Microsoft Visual Studio 2005. At the beginning of January, Microsoft issued a security fix for Visual Studio 2005 forcing the use of new dynamic libraries (DLLs) by all applications compiled with this IDE. Basically, applications compiled with Visual Studio 2005 will not work anymore on an ordinary (non-dev) PC unless the newer DLLs are installed. And we found out that this is true on fully updated PCs. I just posted some details and some suggested fixes." Read below for some more background on Microsoft's so-called "side by side assemblies."

Microsoft Says No TCP/IP Patches For XP 759

CWmike writes "Microsoft says it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. 'We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,' said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP. 'An update for Windows XP will not be made available,' Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here). Last Tuesday, Microsoft said that it wouldn't be patching Windows 2000 because creating a fix was 'infeasible.'"

Windows 7 Reintroduces Remote BSoD 427

David Gerard writes "Remember the good old days of the 1990s, when you could teardrop attack any Windows user who'd annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks. Well done, guys! Another one for the Windows 7 Drinking Game."

Lawsuit Claims WGA Is Spyware 360

twitter writes "Windows Genuine Advantage (WGA), Microsoft's euphemistically named digital restrictions scheme, is the target of another spyware and false advertising lawsuit. 'Microsoft this week was sued in a Washington district court for allegedly violating privacy laws through Windows XP's Windows Genuine Advantage (WGA) copy protection scheme. Similar to cases filed in 2006, the new class action case accuses Microsoft of falsely representing what information WGA would send to verify the authenticity of Windows and that it would send back information [daily IP address and other details that could be used to trace information back to a home or user]. The complaint further argued that Microsoft portrayed WGA as a necessary security update rather than acknowledge its copy protection nature in the update. WGA's implementation also prevented users from purging the protection from their PCs without completely reformatting a computer's system drive.' There were at least two other lawsuits launched in 2006 over WGA. According to the Wikipedia article, none of them have been resolved. The system is built into Vista and Windows 7."

Behind the 4GB Memory Limit In 32-Bit Windows 756

An anonymous reader points us to a very detailed post by Geoff Chappell, first put up early this year, explaining how the 4GB memory limit commonly bandied about for 32-bit Windows (he is writing mainly about Vista) is more of a licensing preference than an architectural limit. The article outlines how Chappell unlocked his system to use all the memory that is present, but cautions that such hackery is ill-advised for several reasons, including legal ones. "If you want [to be able to use more than 4GB in Vista] without contrivance, then pester Microsoft for an upgrade of the license data or at least for a credible, detailed reasoning of its policy for licensing your use of your computer's memory. ... [C]onsider Windows Server 2008. For the loader and kernel in Windows Vista SP1 (and, by the way, for the overwhelming majority of all executables), the corresponding executable in Windows Server 2008 is exactly the same, byte for byte. Yet Microsoft sells 32-bit Windows Server 2008 for use with as much as 64GB of memory. Does Microsoft really mean to say that when it re-badges these same executables as Windows Vista SP1, they suddenly acquire an architectural limit of 4GB? Or is it that a driver for Windows Server 2008 is safe for using with memory above 4GB as long as you don't let it interact with the identical executables from Windows Vista SP1?"

Attacks Against Unpatched Microsoft Bug Multiply 122

CWmike writes "Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high." Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.

German Health Insurance Card CA Loses Secret Key 174

Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"

Seagate Hard Drive Fiasco Grows 452

AnInkle writes "Two months after acknowledging that their flagship 1.5TB Barracuda 7200.11s could hang while streaming video or during low-speed file transfers, Seagate again faces a swell of complaints about more drives failing just months after purchase. Again, The Tech Report pursued the matter until they received a response acknowledging the bricking issue. Seagate says they've isolated a 'potential firmware issue.' They say there's 'no data loss associated with this issue, and the data still resides on the drive;' however, 'the data on the hard drives may become inaccessible to the user when the host system is powered on.' If users don't like the idea of an expensive data-laden paperweight, Seagate is offering a firmware upgrade to address the matter, as well as data recovery services if needed. By offering free data recovery, Seagate seems to be trying to head off what could become a PR nightmare that may affect several models under both the Seagate and Maxtor brands."

British MoD Stunned By Massive Data Loss 166

Master of Transhuman writes "Seems like nobody can keep their data under wraps these days. On the heels of the World Bank piece about massive penetrations of their servers, the British Ministry of Defense has lost a hard drive with the personal details of 100,000 serving personnel in the British armed forces, and perhaps another 600,000 applicants. This comes on the heels of the MoD losing 658 of its laptops over the past four years and 26 flash drives holding confidential information. Apparently the MoD outsources this stuff to EDS, which is under fire for not being able to confirm that the data was or was not encrypted."

I've got a bad feeling about this.