Slashdot

"Initially support is to use MySpace OpenIDs as providers only -- i.e. you cannot logon to MySpace with an OpenID created elsewhere" Ummm.... Doesn't that sortof defeat the purpose of a single username/password system? You have to create an OpenID for MySpace, and then you have to create a different OpenID for site XYZ. How many other sites are going to require that you create a new OpenID for their site?

pbhj writes "The Times [of London] are reporting, 23 July 2008. that a new trojan is now making waves in the UK having already hit US sites:

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks. [...] Last week, Asprox infected the Norfolk NHS website, used by thousands of people a day. Hackney Council's website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period. [...] In the US, the virus has successfully penetrated mainstream sites belonging to Sony's Playstation, the city of San Francisco and Snapple.

Asprox is an automated SQL injection attack that uses Google to find vulnerable sites and then injects an IFRAME which links to the malware file payload ("aspimgr.exe"). Of course, as The Times failed to report, the malware only infects Microsoft Windows computers — and what details could be found indicate injected attack code is targeted at pages created as ASP.

The Register gives some information, apparently from the same source. The security consultant mentioned claims that only half of current AV applications can catch Asprox; though VirusTotal report slightly better detection rates of 21/32 (giving details of variants and their names). As Avast seems very popular on Slashdot, you might like to see details from an Avast forum post concerning users who've acquired the trojan since June 2008."
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article4381034.ece?

coondoggie writes "Seems the Spam King is also an escape artist. Eddie Davidson this week just walked away from a federal prison camp in Colorado where he had been serving 21 months for his massive spamming activities. THE FBI is now looking for Davidson who was also to pay $714,139 in restitution to the IRS. As part of the restitution, Davidson agreed to forfeit property he purchased, including gold coins (which the IRS is selling today), with the ill gotten proceeds of his offense, the Department of Justice said. At the time of sentencing the judge ordered Davidson to report to a facility designated by the Bureau of Prisons on May 27, 2008. Davidson had made well over $3.5 million, court papers show. http://www.networkworld.com/community/node/30231"
http://www.networkworld.com/community/node/30231

nasor writes "Hubpages has an interesting writeup on the four greatest spaceships that were seriously worked on, but never built. The list includes Sea Dragon, a massive sea-launched rocket that could launch the entire mass of the ISS into orbit at once, the U.S. Air Force's failed X-20 space fighter, NASA's ill-fated VentureStar single-stage-to-orbit shuttle, and the Soviet Buran shuttle that managed a single unmanned orbital flight while only partly completed before being crushed by its own hanger."
http://hubpages.com/hub/Spaceships-That-Never-Were

snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."
http://www.infoworld.com/article/08/07/23/San_Franciscos_mayor_gets_back_keys_to_the_network_1.html

Thelasko writes "Time Magazine has an interesting article about a company that plans to give away textbooks for free. The company is called Flat World Knowledge and it's books are released under the Creative Commons license. http://www.time.com/time/nation/article/0,8599,1823395,00.html"
http://www.time.com/time/nation/article/0,8599,1823395,00.html

http://www.time.com/time/nation/article/0,8599,1823395,00.html

elrous0 writes "The Mythbusters are once again putting the much-disputed claim of Archimedes' famous "heat ray" to the test, and they're looking for 300 volunteers in the San Francisco area to help. As many of you may recall, the pair originally dispelled the ray as a myth, only to face a challenge from students at MIT, who claimed they could replicate the ancient superweapon. Unfortunately, the MIT students were unable to recreate the experiment under real-world conditions when the Mythbusters put them to the test in 2005. Now it looks like Adam and Jamie are back to the myth once again and need your help to put the issue to rest once and for all (or at least until the next group of would-be math geniuses comes along). Will you be one of the 300 to defend Greece?"
http://blog.wired.com/geekdad/2008/07/not-ready-the-m.html

spinoza15 writes "I'm looking for suggestions from the Slashdot community on the best way to host/serve video files from an XP machine. I need something quick and simple to setup so I can link a URL in an email to my aging parents to show off our new little boy. I've done it before to setup a Debian box with Gallery and my own domain name but we've moved since then and space is at a premium (not to mention time to setup!) so another box is not an option. I've looked into online hosting, Google, etc. but I'm leary of the privacy policies and, let's face it, there's a certain amount of candid video that only grandparents should see (bath time anyone? :) that I wouldn't feel comfortable on any other machines but my own. I've looked at VLC and I really like it however it streams and I'd rather the video get requested/started from the client side by clicking the URL. The other issue is that I purchased a lovely HD camcorder so I will probably have larger than normal files. My upload is rated at 1Mb/s so I'm not worried too much about bandwidth on my side. Any thoughts or suggestions?"

Ian Lamont writes "Microsoft executives are reportedly meeting with their AOL counterparts to discuss combining the two companies' online divisions. No one from either side is willing to comment, nor has the structure of the supposed deal been worked out. The original unconfirmed report comes from the Wall Street Journal (password-protected). A few months ago there was talk about AOL teaming up with Yahoo, but that never materialized." The free excerpt at the WSJ link above seems to say about as much as this Bloomberg wire report which refers to it, and the above-linked story at The Standard; this Reuters story indicates that AOL is still courting or being courted by Yahoo!, too.

lrohrer writes "Experimenters have figured out how to bag cow gas at both ends: http://www.physorg.com/news135003243.html So as we all know cows produce methane from both ends. In fact nearly as much comes out of the top as the bottom. I only wish these contraptions would be put on the "Global Warming" as a religion people."
http://www.physorg.com/news135003243.html

chromatic writes "Imagine managing a million lines of code to send over seven hundred pounds of equipment millions of miles through space to land safely on Mars and perform dozens of experiments. You have C, 128 MB of RAM, and very few opportunities to retry if you get it wrong. O'Reilly News interviewed Peter Gluck, project software engineer for NASA's Mars Phoenix Lander, about the process of writing software and managing these constraints — and why you're unlikely to see the source code to the project any time soon."

A group of researchers from the University of Arizona have released a study that takes a look at the security of ten popular package managers. They were able to show all ten were vulnerable to attacks from a mirror or man-in-the-middle that allow an attacker to (along with other things) crash the system or obtain root access. Furthermore, the researchers created a fictitious administrator and company name and were able to lease a server and get it listed as an official mirror for all the distributions they tried (Ubuntu, Debian, Fedora, CentOS, and OpenSUSE).

This begs the question, what keeps you up at night, the thought of attacks on your package manager or previously discussed and patched vulnerability in DNS.

Details of Dell's surreptitious collusion with RIAA (Record Industry Association of America) have emerged. Apparently, the computer manufacturer disabled the Stereo Mix/Mono Mix/Wave Out sound recording function on certain notebooks to assuage RIAA. The hardware functionality is being disabled without any prior notice and one blogger has even alleged that he was asked by Dell's customer support staff to shelve out $99 if he desired the stereo mix option. Gateway and Pac Bell are the other two manufacturers to have bowed to RIAA at the expense of their customers' satisfaction and disabled stereo mix without warning. The trade group, which comprises leading record labels, has a very controversial past. Although RIAA doesn't favor home audio recording and file sharing in an effort to prevent piracy, this same, ostensibly prudish organization was all for depriving several musicians of their own musical works by supporting a controversial "work made for hire" clause in a 1999 legislation, which unfairly transferred copyrights of musical works to record labels.
http://www.maximumpc.com/article/news/dell_colludes_with_riaa_disables_stereo_mix_without_forewarning