Forgot your password?
typodupeerror
Security

Dan Bernstein Confirms Security Flaw In Djbdns 66

Posted by timothy
from the gets-yer-money-and-takes-yer-chances dept.
secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately." Reader emad contributes a link to the djbdns mailing list post containing both a patch and a sample exploit, and adds: "In the words of Dan Kaminsky (of recent DNS security fame): 'However, Dempsky's bug in djb's tinydns is way more surprising, if only because ... holy crap, he pulled an exploitable scenario out of THAT?!'"
Security

+ - djb awards $1000 for first djbdns security hole->

Submitted by emad
emad (4377) writes "Last week, a patch and sample exploit were posted to the djbdns mailing list concerning a bug that allowed subdomain administrators to take over parent domains when served from the same tinydns/axfrdns servers. Today, Dan Bernstein acknowledged the security hole, recommended users to install the patch, and awarded $1000 to Matthew Dempsky for publishing the first verifiable security hole in djbdns. In the words of Dan Kaminsky (of recent DNS security fame): "However, Dempsky's bug in djb's tinydns is way more surprising, if only because...holy crap, he pulled an exploitable scenario out of THAT?!""
Link to Original Source
Math

Old Islamic Tile Patterns Show Modern Math Insight 538

Posted by CowboyNeal
from the high-tech-tetris dept.
arbitraryaardvark writes "Reuters reports that medieval Muslims made a mega math marvel. Tile patterns on middle eastern mosques display a kind of quasicrystalline effect that was unknown in the west until rediscovered by Penrose in the 1970s. 'Quasicrystalline patterns comprise a set of interlocking units whose pattern never repeats, even when extended infinitely in all directions, and possess a special form of symmetry.' It isn't known if the mosque designers understood the math behind the patterns or not."
Microsoft

Confidential Microsoft Emails Posted Online 479

Posted by CowboyNeal
from the behind-the-curtain dept.
dos4who writes "From the class action 'Comes et al. v. Microsoft' suit, some very enlightening internal Microsoft emails are now made public. Emails to and from Bill Gates, Steve Ballmer, Jim Allchin, etc all make for some mind blowing reading. One of my favorites is from Jim Allchin to Bill Gates, entitled 'losing our way,' in which Allchin states 'I would buy a Mac today if I was not working at Microsoft.'"

Exploding Robots May Scout Hazardous Asteroids 120

Posted by ScuttleMonkey
from the things-that-asplode dept.
An anonymous reader writes to mention NewScientist is reporting that a small force of robots designed to explode could help reveal an asteroid's inner structure. This could in turn allow scientists a better understanding of how to divert a rogue asteroid on a collision course with Earth. From the article: "The main spacecraft would stay a few dozen kilometers away, perhaps nudging the probes towards the asteroid using springs. Once on the surface, the protective spherical shell of each probe would open to allow the probe to scan the surface nearby. To reduce complexity and costs, the probes lack solar panels and run on battery power, limiting their lifetime to a few days. But each probe could still cover a lot of ground in that time, as they could be fitted with small thrusters to let them hop across the surface. Eventually the probes could detonate onboard explosives, sacrificing themselves for science one by one. Probes that had not yet detonated would listen for any seismic waves sent rippling out from the explosion, and the main spacecraft could observe the craters left behind. That would tell scientists about the asteroid's strength and internal structure."

Comment: Homeowner's Insurance and Libel (Score 2, Informative) 643

by emad (#3287772) Attached to: PetsWarehouse vs. Mailing List
From what I understand, a number of homeowner's insurance policies provide coverage for slander and libel lawsuits.

quoting http://www.iii.org/individuals/homei/hbasics/whati sin/

"You can purchase an umbrella or excess liability policy which provides broader coverage, including claims against you for libel and slander, as well as higher liability limits. Generally, umbrella policies cost between $200 to $350 for $1 million of additional liability protection. "

Often times this coverage may already be included in the insurance policy. For those of you in a position to purchase these policies, I don't see a reason not to negotiate the libel protection. It sure would have helped these guys.

Help me, I'm a prisoner in a Fortune cookie file!

Working...