Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Tortious interference (Score 3, Interesting) 407

by jkbull (#39542233) Attached to: Teacher's Aide Fired For Refusing To Hand Over Facebook Password
If, as the summary and the ZDNet article states*, the school administration asked for her password, they may have engaged in tortious interference -- interfering with a contract between two other parties (the teacher and Facebook).

The Facebook Facebook terms of use, section 4.8) says

You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

* (According to an earlier comment, that is not true, the administration asked only to view her pages.)

Comment: All the more reason to use a VPN (Score 2) 122

by jkbull (#37477724) Attached to: Google Prepares Fix To Stop SSL/TLS Attacks
If you use a VPN, you should be protected from "local" man-in-the-middle (MITM) attacks. By "local", I mean between your computer and the VPN server. A VPN doesn't protect you from a MITM attack between the VPN server and the webserver you are connecting to. But it does protect you to the VPN server if you are at an Internet cafe, hotel, or other untrusted network.

At least that's true for most VPNs that use software based on OpenVPN, which uses OpenSSL for encryption. A copy of an email from James Yonan was recently posted to the OpenVPN User's list. Bottom line of the email: OpenVPN uses OpenSSL for encryption, and OpenSSL has been patched since 2002 for the vulnerability which most people think is exploited by BEAST. As long as your VPN software uses a patched version of OpenSSL you should be covered, at least for the "local" MITM attack.

For example, VPNs based on Tunnelblick, a free and open source GUI for OpenVPN on Mac OS X is not vulnerable.

Comment: Why "authoritative source for the domain"? (Score 1) 122

by jkbull (#25973681) Attached to: The Backstory of the Kaminsky Bug

Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain.

If this were changed the problem would be considerably mitigated: foof.google.com would be compromised, but www.google.com wouldn't.

So why not do this?

Software

+ - .mac update shows danger of Software as a Service-> 1

Submitted by jkbull
jkbull (453632) writes "Apple recently updated its .mac service [macfixit.com] to accommodate upcoming Mac OS X Leopard's ability to sync additional items.

As part of the update, Apple changed the OS version requirements, removing (among other things) the existing ability to sync between systems running Mac OS 10.3 and 10.4.

If you have an older laptop running 10.3, and you used to be able to sync its calendar with your desktop running 10.4, you can't do it any more — even if you paid $99 last week for "full access to everything .Mac has to offer." Your $99 was wasted unless you upgrade your laptop's OS. (Oh, and you may not be able to upgrade it even if you are willing to pay — your older laptop may not meet Leopard's system requirements.)

Perhaps lawsuits are on the way (promising something then taking it away might be considered false advertising), but in the meantime, you can't sync your calendars."

Link to Original Source

Do you suffer painful illumination? -- Isaac Newton, "Optics"

Working...