Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Government

Submission + - Careful What You Post, the FBI has More of These (schneier.com)

jamie writes: "A comment posted to a website got its author's *friend's* car an unwanted aftermarket addon. The Orion Guardian ST820, a GPS tracking device, was attached to the underside of the car by the FBI. No warrant required. The bugged friend, a college student studying marketing, was apparently under suspicion because he's half-Egyptian. As Bruce Schneier says, 'If they're doing this to someone so tangentially connected to a vaguely bothersome post on an obscure blog, just how many of us have tracking devices on our cars right now...' The ACLU is investigating."
Security

Submission + - Cache on Delivery (slideshare.net)

jamie writes: "If you already know what memcached is, skim to slide #17. The jaw-drop will happen around slide #33. Turns out many websites expose their totally-non-protected memcached interface to the internet, including gowalla, bit.ly and PBS."
OS X

A Closer Look At Apple Leopard Security 267

Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."
Security

Asus.com Compromised With Exploit Code 117

Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.

Slashdot Top Deals

Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec

Working...