Forgot your password?
typodupeerror

Submission Summary: 0 pending, 6 declined, 1 accepted (7 total, 14.29% accepted)

+ - Ask Slashdot: Are there any responsible security disclosures that ended well?->

Submitted by fulldecent
fulldecent (598482) writes "Technology online changes fast and large organizations often make poor implementations of this technology leading to security vulnerabilities. Some of the failures are egregious like websites that use a user ID in the URL to authenticate that user, and other take a little curiosity to find. Either way, they will be found. The people on Slashdot, I feel, are more likely to want to report this to the vendor and do these things for sport. Personally I take the smaller ones and mail a letter to the vendor and then post online in a few weeks. For bigger ones I wind up in high-pressure phone calls with "private public partnership" agencies, end up signing something unfavorable and the resolution still feels bad.

So, who out there is responsibly disclosing vulnerabilities? Are you getting public credit? Are you involved in (and getting paid for?) for a technical fix? Are you feeling good about the result? Do the rules still apply for state-protected industries like banks? And which lawyers provide advice to the finders, who are just normal people and don't have money and expertise dealing with lawyers?"

Link to Original Source

+ - NH Supreme Court hears case on anonymous sources->

Submitted by fulldecent
fulldecent (598482) writes "The New Hampshire Supreme Court heard oral arguments Wednesday in a lawsuit that calls into question the legal protections available to independent Web sites that cover news.

The case involves mortgage lender Implode-Explode, a Las Vegas-based site launched in 2007 that publishes stories about the meltdown of the mortgage industry. The court did not make a final decision on the case Wednesday, but one of its options could be to send the case back to the lower court for further review and litigation on specific points of law."

Link to Original Source
Media

+ - Using comics to demonstrate protocol interactions->

Submitted by
fulldecent
fulldecent writes "It is important to make your articles are reachable to non-technical audiences. This article uses a comic to demonstrate a simple HTTP interaction and why the technical details are important. The underlying post talks about TD Ameritrade and how they are selling users' financial information to News Corp via a cross-site image fetch."
Link to Original Source
Networking

+ - Verizon trails SiteFinder 2->

Submitted by
fulldecent
fulldecent writes "On June 11, 2007, Verizon Online will begin the trial of a new Advanced Web Search service designed to reduce the amount of dead-end, "no file exists" or similar error messages you see and to help you quickly find the destination web site you were seeking. If you type a nonexistent or unavailable URL (e.g., www.verizon.cmo), or enter a search term, into your browser address bar, Verizon may present you with an Advanced Web Search page containing suggested links based upon the query you entered. The Advanced Web Search page would be presented instead of your receiving an NXDOMAIN or similar error message. The Verizon Advanced Web Search page may impact applications that rely on an NXDOMAIN or similar error message and may override similar browser-based search results pages. If you would prefer not to receive Advanced Web Search pages from Verizon, you should follow the opt-out instructions that are available by clicking on the "About the Search Results Page" link on any Advanced Web Search page."
Link to Original Source

You see but you do not observe. Sir Arthur Conan Doyle, in "The Memoirs of Sherlock Holmes"

Working...