writes "Technology online changes fast and large organizations often make poor implementations of this technology leading to security vulnerabilities. Some of the failures are egregious like websites that use a user ID in the URL to authenticate that user, and other take a little curiosity to find. Either way, they will be found. The people on Slashdot, I feel, are more likely to want to report this to the vendor and do these things for sport. Personally I take the smaller ones and mail a letter to the vendor and then post online in a few weeks. For bigger ones I wind up in high-pressure phone calls with "private public partnership" agencies, end up signing something unfavorable and the resolution still feels bad.
So, who out there is responsibly disclosing vulnerabilities? Are you getting public credit? Are you involved in (and getting paid for?) for a technical fix? Are you feeling good about the result? Do the rules still apply for state-protected industries like banks? And which lawyers provide advice to the finders, who are just normal people and don't have money and expertise dealing with lawyers?"Link to Original Source
writes "The New Hampshire Supreme Court heard oral arguments Wednesday in a lawsuit that calls into question the legal protections available to independent Web sites that cover news.
The case involves mortgage lender Implode-Explode, a Las Vegas-based site launched in 2007 that publishes stories about the meltdown of the mortgage industry. The court did not make a final decision on the case Wednesday, but one of its options could be to send the case back to the lower court for further review and litigation on specific points of law."Link to Original Source
writes "A thin Canadian woman, who has made a career of renting out her body as a clothes horse for designer garments, has taken umbrage at an anonymous blogger's description of her as a skank, ho and whore."Link to Original Source