Forgot your password?
typodupeerror

Comment: Re:Fishing for vulnerabilities (Score 1) 103

by kula.shinoda (#21784360) Attached to: Vulnerability Numerology - Defective by Design?

As author of GeSHi I can confirm this is basically how things played out. I sent Secunia a very irate e-mail asking them basically WTF they were smoking, and as far as I can tell they didn't publish a vulnerability for it.

They've tried on other projects I've been on, such as Mahara. They went trolling through the changelogs of old releases for the word 'security', and hit a git commit that fixed security being too tight on something - and sent an automated email saying they wanted more information about the vulnerability so they could put it in their database! They got another irate e-mail about that one.

Secunia, in my experience, are scum looking to justify their existence rather than actually help.

Announcements

+ - Inagural New Zealand Open Source Awards held->

Submitted by
Nigel McNie
Nigel McNie writes "The first ever New Zealand Open Source Awards have just been held in Wellington. These awards recognise achievement across many types of open source use, from government and business through to the project contributors and the communities built on open source technologies. Award winners include Zoomin/ProjectX for their use of OSS in business, VetLearn for OSS use in education and Chris Cormack for his role as a contributor to the Koha Integrated Library System."
Link to Original Source

If Not America, Then Where? 2349

Posted by Cliff
from the a-new-home-for-the-free-and-brave dept.
Wellington Grey asks: "Often during our heated political discussions on slashdot, several people will mention their desire to leave the country. As an American living in England, which sees much the same problems as the US, I often wonder where these Americans would go. So, I pose two questions for the restless: 1) Where would you live, if not in America and 2) What's stopping you from going?"

PowerPoint 0-Day Points to Corporate Espionage 111

Posted by Zonk
from the best-kind-of-warez dept.
Rakesgate writes "A second Trojan used in the latest zero-day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. This eWeek story walks through the attack, which uses a tainted 18-slide PowerPoint file, a Trojan dropper, 2 Trojans and a server in China that is used to communicate with compromised machines." From the article: "'Once this type of attack is out, it's very unusual for it to be limited to just one company. I think it's safe to assume that it's ongoing, especially since there is no patch for this vulnerability,' Huger added. Microsoft plans to issue a patch on August 8 for users of Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In the meantime, anti-virus experts are urging Microsoft Office users to be on the lookout for suspicious attachments, even those that appear to come from colleagues internally."

Data Theft and Corporate Irresponsibility? 352

Posted by Cliff
from the they-lose-we-pay dept.
cjsnell asks: "Today, I received a letter from a student loan provider notifying me that my name and social security number had been stolen along with a contractor's computer. This makes -four- agencies that have lost my personal information, in the last year. Today's letter was the most disappointing yet: the company, Texas Guaranteed, did not offer any credit report monitoring like the previous three had. Their advice? Send a letter to the credit bureaus. Gee, thanks. Clearly, mass identity theft is completely out of hand and there doesn't seem to be any government regulation for handling these situations, nor does there seem to be any punitive action against businesses that lose customers' data. Do we, as consumers, have any recourse against these businesses?"

Flickr to Grant Commercial API Key to Competitors 58

Posted by ScuttleMonkey
from the expanding-the-sandbox dept.
eobanb writes "The Yahoo-owned photo sharing site Flickr has come under fire recently for the perceived 'lock-in' that their API creates. Flickr's terms of service state clearly that all photos uploaded to Flickr by users are owned by their respective users, yet Flickr's API only allows uploading, not exporting. Surprisingly, Flickr developer Stewart Butterfield posted in the thread on Flickr: "I actually had a change of heart and was convinced by Eric's position that we definitely should approve requests from direct competitors as long as they do the same. That means (a) that they need to have a full and complete API and (b) be willing to give us access." This means that users will soon be able to freely move data between different photo-sharing sites, like Zooomr (which has already implemented the Flickr API), Google PicasaWeb, 23hq, or Tabblo."

Intel's 3D Transistors One Step Closer to Reality 69

Posted by ScuttleMonkey
from the closing-your-leaks dept.
An anonymous reader writes "Reducing power consumption is the name of the game in today's semiconductors and Intel today described its tri-gate transistor technology as one of the key technologies that could free the company from the trap of thinner gate insulators and increasing current leakage. Tri-gate (three gates instead of only one) could reduce the power consumption of transistors by 35% right now and drops off-voltage - one of the main sources of current leakage - by 50%. These results are the good news. The bad news is that tri-gate won't be available until 2009."

Definition of Planet to be Announced in September 200

Posted by Zonk
from the bigger-than-a-breadbox dept.
MasaMuneCyrus writes "After over seven years of debating, the International Astronomical Union announced that it expects to announce the official definition of a planet in September. After many-a-deadlock, they handed the task of deciding exactly what a planet is to a new committee, which includes historians and educators. 'They wanted a different perspective from that of planetary scientists,' said Edward Bowell, an astronomer at Lowell Observatory who is also vice president of the IAU's Division III-Planetary Systems Sciences group. If all goes according to plan, the wording will be proposed in their 12-day General Assembly meeting in Prague."

Previewing the Performance of the Intel Conroe 114

Posted by Zonk
from the speedy-little-chip dept.
pirate rtt writes "bit-tech has spent some time with an Intel Conroe system and has published a preview of its performance as compared to the current Intel flagship chip - the Presler 965. From the article: 'Core 2 Duo is clearly a very capable processor. We found that it was faster than the current 965 processor in most situations on the desktop, and far more proficient at gaming - an area where Intel has traditionally been weak. The added memory bandwidth that will come from having faster RAM enabled on the Core 2 Extreme chips will be an extra bonus for those looking to Conroe as a gaming platform.'"

X.Org Releases First Modular Source Roll-Up 176

Posted by ScuttleMonkey
from the not-to-be-confused-with-the-fruit-variety dept.
NewsForge is reporting that X.Org has released their first modular roll-up release. From the article: "All X11R7.0 derivative ("modularized") releases divide the source code into logically distinct modules, separately developed, built, and maintained by the community of X.Org developers. This concentrates and accelerates development time, supporting continuous modification, testing, and publication of each module.The new modular format offers focused development, and rapid and independent updates and distribution of tested modular components as they are ready, freed from the biennial maintenance release timetable."
NASA

NASA Hopes Discovery's Move Is Not The Last 81

Posted by Zonk
from the go-go-rocketship dept.
An anonymous reader wrote to mention the movement of the space shuttle Discovery. The upcoming mission, if it launches, is crucial to the future of American manned space flight. From the Washington Post article: "A successful flight will allow NASA to resume construction of the half-built International Space Station and possibly extend the life of the beloved Hubble Space Telescope, which has allowed humans to peer into far galaxies. But with the shuttle fleet due to retire in 2010, any serious problems during July's mission likely would bring a premature end to the shuttle program and disrupt NASA's plans to keep its skilled work force intact while a replacement spacecraft is being developed."

"Even if you're on the right track, you'll get run over if you just sit there." -- Will Rogers

Working...