Slashdot videos: Now with more Slashdot!
Dino Dai Zovi, the New York-based security researcher who took home $10,000 in a highly-publicized MacBook Pro hijack on April 20, has been at the center of a week's worth of controversy about the security of Apple's operating system. In an e-mail interview with Computerworld, Dai Zovi talked about how finding vulnerabilities is like fishing, the chances that someone else will stumble on the still-unpatched bug, and what operating system — Windows Vista or Mac OS X — is the sturdiest when it comes to security.
The crux of the article is the following comment: "I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code.""
It seems to me this case highlights flaws inherent in the way law enforcement agencies handle evidence that only a small minority of front line officers fully understand. Is this what you take from it?"
I began testing outside of the affected server and found that my entire netblock was being filtered in some way by Microsoft. Mail from some hosts would land in the "Junk Mail" folder others just never showed up. Identical messages to GMail, Yahoo or any other client were received just fine.
I contacted MSN/Hotmail and received only a canned response that, yes the IP I submitted the issue under was in fact blocked, but they are "not able to go into any specific details about what these filters specifically entail, as this would render them useless."
Microsofts response: "Hotmail has created the Smart Network Data Services program. This is a service that helps legitimate email senders work with their customers and partners to reduce spam originating from their IP. http://postmaster.msn.com/snds/. This program allows a sender to monitor the health of their IPs."
I recently found on the qmail-ldap mailing list that someone else is seeing the same issues. I posting to see who else is having the same issues. As you can imagine, dealing with Microsoft is like taking a banana from a 4,000lb gorilla. This obviously affects a large client base with the size of hotmail/msn.
I can understand that Microsoft wants to cut back on spam, who doesn't! Not giving any response, or just dropping messages that contain normal daily chatter doesn't seem like a good way to go about it. Not only that, they are more than unwilling to resolve the issue.
I have contacted various Microsoft reps via various channels and all give the same canned response to go check here and have a nice day!"
and later in the same article:This time the target was the Xbox 360 HD DVD add on. Geremia on Doom9 forums has started a thread on how he has obtained the Volume ID without AACS authentication. With the aid of others like Arnezami they have managed to patch the Xbox 360 HD DVD add on.
"It appears that XT5 has released a application that allows the Volume ID to be read without the need to rewrite the firmware. This would mean that anyone could simply plug in the HD DVD drive and obtain the Volume ID from any HD DVD without the hassle of flashing it.
Physicists at Dresden University of Technology in Germany studied video recordings of the 2006 stampede, and wrote visual-recognition software to track and measure the motion of individuals in the crowd. Borrowing from the physics of fluids, the scientists have now analyzed the stampede and have recommendations that could make this year's pilgrimage go smoothly."