Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Yahoo!

Submission + - Security flaw in Yahoo mail exposes auth info

tdalek writes: After patching its plaintext authentication gaffe, Yahoo! Zimbra Desktop has fumbled the security and privacy ball once again. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed.
Security

Submission + - Yahoo! Zimbra Desktop vulnerable to MiTM

holdenkarau writes: "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
Privacy

Submission + - Yahoo! exposes user passwords (uwaterloo.ca) 3

kingofthehobos writes: In a move hearkening back to the days of telnet, Yahoo!'s newest addition to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. Both CNET news & Wired's Webmonkey are reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop getting them to switch back to the web interface and change there password (until the issues are fixed) would be ++good.
Cellphones

Submission + - Developement begins to ramp up OpenMoko/FreeRunner

tiliko writes: Commercial software developers are starting to get on board with the OpenMoko. So far, the commercial developers appear to be DeviceScape and Koolu (booth Canadian) who are porting existing applications. Now that the platform has stabilized enough to provide a usable development image, it seems likely that more commercial players will get on board as time progresses. Hopefully, without the restrictiveness of mother Google or the cell-phone carriers we can star to see some truely innovative mobile applications.
Cellphones

Submission + - Devicescape comes to the OpenMoko

An anonymous reader writes: Devicescape, which makes a program for automatic Wi-Fi logins to networks like Starbucks, is going to be getting on the OpenMoko bandwagon, with what looks like the first commercial application. Devicescape is already on other Linux based platforms (such as the Nokia N800). Are more commercial applications going to move to the OpenMoko platform because of its open platform? Is the restrictiveness of other platforms help push applications to the OpenMoko?
Portables

Submission + - Commercial applications come to the OpenMoko 1

spamcakes writes: "The development of the first commercial application for the OpenMoko is apparently getting underway. Devicescape, which makes a program for automatic Wi-Fi logins to networks like Starbucks, is going to be getting on the OpenMoko bandwagon. Are more commercial applications going to move to the OpenMoko platform because of its open platform? Is the restrictiveness of other platforms help push applications to the OpenMoko?"
Cellphones

Submission + - Canadian spectrum auction ends with new carrier

vivalarevoluation writes: "The Canadian Wireless spectrum auction has just finished, with a entrant into the Canadian cellular market. Globalive Communications won spectrum accross all provinces, with the notable exception of Quebec, and they have issued plans for the development of a new Canadian wireless company. There press release cites a study showing that Canadian prices are about 60% higher than American prices, and I'm sure some of you will Canada being the second most expensive place to buy an iphone :~ Oddly enough, it would appear that one of the investors (Orascom) in this may be behind a large North Korean construction project. Canada's Wireless industry has always been a little odd, but I'm guessing things are about to get a lot more interesting (and hopefully less expensive :))."
Privacy

Submission + - Gaping whole in gmail / google calendar user priva 6

holdenkarau writes: "Depending on your view gmail has either a rather small or incredibly huge privacy flaw.This blog post about gmail's privacy flaw goes through the reproduction steps which can be used to get the registration name (first & last) of any gmail user (regardless of if they have Google Calendar's or not). For the majority of users, this probably isn't that important, but I know quite a few people who prefer to keep there online and personal lives seperated (and I'm guessing there are some slashdotters who also enjoy the separation)."
Security

Submission + - Leading researcher Ian Goldberg on IM security 9

metaoink writes: "Ian Goldberg, leading security researcher, professor and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk in which he discusses OTR and its importance in today's world. With OTR users benefit from being able to have truly private conversations over IM, by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An XVID avi of the talk is available by http as well as by bittorrent and some other formats."
Security

Submission + - World Famous research Ian Goldberg talks on OTR

metaoink writes: "World famous security researcher and professor Ian Goldberg recently gave a talk on securing instant messaging using his invention, OTR.Instant messaging (IM) is an increasingly popular mode of communication on the Internet. Although it is used for personal and private conversations, it is not at all a private medium. Not only are all of the messages unencrypted and unauthenticated, but they are all routed through a central server, forming a convenient interception point for an attacker. With OTR users benefit from being able to have truly private conversations over IM, by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. Many slashdot readers will have probably heard of OTR which is available for Gaim/Pidgin, and this talk outlines the motivation and implementation of OTR. An XVID avi by http of the talk is available as welll as by bittorrent and some other formats"
Math

Submission + - The history behind the first Faculty of Math 1

holden writes: "Ralph Stanton, the man behind the founding of the first faculty of math, recently gave a talk on its unique history. The group went on to spawn a large number of spin-offs, such as Watfor,Sybase, etc. His talk looks at the politics behind starting a faculty of math, as well as the benefits and freedoms it has allowed both Mathematicians and Computer Scientists."
Microsoft

Submission + - Bill Gates on software, from 1989 1

An anonymous reader writes: The University of Waterloo has uploaded a talk by Bill Gates, on software, that took place there in 1989. Available here, the talk was only recently digitized and contains many predictions from someone who was already starting to become an industry leader at that time. Many are surprisingly accurate and quite relevant today.
Privacy

Submission + - Protecting Privacy by Design 2

holdenkarau writes: "Linux.com has an article on a talk entitled Privacy By Design recentlly given by Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner.The talk starts of by covering the basics of privacy, and privacy law, and then moves onto the important component, how to design software that properly protects users privacy. The majourity of the time is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)."
GNU is Not Unix

Submission + - Has copyright gone too far? RMS' views

holdenkarau writes: "Richard M. Stallman (RMS) recently gave a talk entitled Copyright vs Community in the Age of Computer Networks to the University of Waterloo Computer Science Club. The talk looks at the origin of copyright, and how it has evolved overtime from something that originally served the benefit of the people to a tool used against them and answers the question of how copyright has gone to far, and how to fix it. In keeping with RMS' desire to use open formats, the talk and qa session are only available in ogg theora."

Slashdot Top Deals

Never buy what you do not want because it is cheap; it will be dear to you. -- Thomas Jefferson

Working...