Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

6 Million Virgin Mobile Users Vulnerable To Brute-Force Attacks 80

An anonymous reader writes "'If you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn't like you.' The Hacker News describes how the username and password system used by Virgin Mobile to let users access their account information is inherently weak and open to abuse." Computerworld also describes the problem: essentially, hard-coded, brute-force guessable passwords, coupled with an inadequate mechanism for reacting to failed attempts to log on.

Microsoft Social Media Site Accidentally Revealed 134

BogenDorpher writes "Looks like Microsoft is trying to steal the spotlight from Google — a new social media site from the company was accidentally revealed. The site, branded 'Tulalip,' was not functional, and it was taken down shortly after its discovery. It appears to be a 'social search' service. Microsoft says it went live by accident, and was simply an 'internal design project.'"

Dropbox Password Goof Let Any Password Work For 4 Hours 185

tekgoblin writes "Dropbox confirmed today that for some time yesterday, any user's account was accessible without a password. The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST." "Only" is relative; as reader zonky puts it, "It took around 4 hours from deployment for Dropbox to notice they'd entirely broken their authentication scheme."

Apple Support Forums Suggest Malware Explosion 455

dotwhynot writes "According to ZDNet, the volume of in-the-wild malware reports on is truly exceptional. With the launch of the first malware DIY kit for OS X earlier this month, and now this, has the malware industry threat finally caught up with the growth of Apple, and what do Mac users need to do?"

77 Million Accounts Stolen From Playstation Network 645

Runaway1956 was one of many users to continue to update us about the intrusion we've been following this week. "Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts. Sony's stunning admission came six days after the PlayStation Network was taken down following what the company described as an 'external intrusion'. The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network."

Computer Opens Unmanned Store For Holiday Screenshot-sm 333

tomhudson writes "The Walkato Times in New Zealand is reporting that someone forgot to tell the computer not to unlock the supermarket on the Friday holiday. 'About half of the 24 people who came into the supermarket paid for their groceries using the self-scan service. The service stopped working after alcohol was scanned, requiring a staff member to check a customer's age before the system is unlocked.' The owner, Mr Miller, was quoted as saying 'I can certainly see the funny side of it... but I'd rather not have the publicity to be honest. It makes me look a bit of a dickhead.' Rather than take legal action, Mr Miller is hoping that the people who didn't pay will do the right thing."

Meth Dealer Faces Loss of His Comic Book Collection Screenshot-sm 317

cultiv8 writes "According to an article from The Smoking Gun: 'A large-scale methamphetamine dealer who allegedly laundered drug profits by purchasing valuable comic books is in danger of forfeiting his 18,753-volume collection to Uncle Sam, according to a new court filing. Federal prosecutors yesterday filed a US District Court complaint seeking ownership of the comic book holdings of Aaron Castro, 30, who is facing a May trial in Colorado on narcotics distribution and weapons charges. The comics are valued in excess of $500,000.'"

Windows Phone 7 Update Jams Some Phones 177

CWmike writes "Microsoft's first Windows Phone 7 update is apparently causing some users' phones to not work. Microsoft has advised at least one person to take his device into a store for a fix. The company's WindowsPhoneSupport Twitter account shows the responses to a variety of queries from users who have experienced problems over the last half-day. Microsoft released the update on Monday but played it down. The update was designed only 'to improve the software update process itself,' wrote Michael Stroh on the Windows Team Blog. One user, Alex Roebuck, wrote on Twitter that the update had bricked his Samsung Omnia 7. 'We're very sorry for the inconvenience,' Microsoft responded on Twitter. 'For this issue we would suggest taking it to a store.'"

Nokia Plan B Was Just a Hoax 142

suraj.sun writes "There's been a lot of chatter about a 'Nokia Plan B' over the past 48 hours — the site was put up by nine young investors who outlined an audacious plan to rally shareholders, get themselves elected onto Nokia's board, and radically change the company's direction by firing Stephen Elop and committing massive resources to MeeGo. There's just one problem, though: the nine young investors don't really exist — according to the last tweet on the @NokiaPlanB Twitter account, it was all a hoax perpetuated by 'one very bored engineer who really likes his iPhone.' Ouch. That explains why the now-defunct site abruptly gave up the cause this morning after just 36 hours of existence."

Security Patch Breaks VMware Users' Windows Desktops 80

jbrodkin writes "VMware is telling customers that two Windows 7 security patches have left VMware View users incapable of accessing their Windows desktops. Security updates issued on Patch Tuesday fixed Windows but broke the VMware View connection between users' PCs and remotely hosted Windows 7 desktops. Users will have to upgrade VMware View or uninstall the Microsoft patches in order to regain access to their desktops."

Australian Police Database Lacked Root Password 214

Concerned Citizen writes "The Australian Federal Police database has been hacked, although 'hacked' might be too strong a word for what happens when someone gains access to a MySQL database with no root password. Can you be charged with breaking and entering a house that has the door left wide open? Maybe digital trespassing is a better term for this situation. 'These dipshits are using an automatic digital forensics and incident response tool,' the hacker wrote. 'All of this [hacking] had been done within 30-40 minutes. Could of [sic] been faster if I didn't stop to laugh so much.'"

Facebook Faces the Canadian Privacy Commissioner 140

dakohli writes "Canwest's Sarah Schmidt writes that Facebook has until Monday to find a way to fix its 'serious privacy gaps.' And if the Canadian Privacy Commissioner isn't happy with the Web Company's response, then she has two weeks to push it to the Canadian Federal Court in Ottawa. 'A spokeswoman for the commission said it's premature to say whether the feud will end up in court. This would be an international first for Facebook, which has grown to more than 200 million users since its launch in 2004.'"

Local Privilege Escalation On All Linux Kernels 595

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

If you can't learn to do it well, learn to enjoy doing it badly.