Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Flickr's API (and many others) Signature Forgery V->

Submitted by Anonymous Coward
An anonymous reader writes "Flickr offers a fairly comprehensive web-service API that allows programmers to create applications that can perform almost any function a user on the Flickr site can do. Users should be authenticated using the Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr's API Key. An 8-byte long 'shared secret' for the API Key is then issued by Flickr and cannot be changed by the users. This secret is used in the signing process, which is required for all API calls using an authentication token. This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API."
Link to Original Source
Security

+ - Flickr's API Signature Forgery Vulnerability->

Submitted by
thaidn
thaidn writes "Flickr offers a fairly comprehensive web-service API that allows programmers to create applications that can perform almost any function a user on the Flickr site can do. Users should be authenticated using the Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr's API Key. An 8-byte long 'shared secret' for the API Key is then issued by Flickr and cannot be changed by the users. This secret is used in the signing process, which is required for all API calls using an authentication token. This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API."
Link to Original Source
Microsoft

+ - Free Linux CD in Windows Vista Day!

Submitted by thaidn
thaidn (1061428) writes "Tomorrow 22/03/2007, Microsoft will hold something called Vietnam Windows Vista Day in Ho Chi Minh City. We think this is a very good chance to promote Linux so that we decide to deliver free Linux CD and documentation at that very fair. 300 "Gift from the Penguine" packages, each containing a free Ubuntu Linux and a quickstart manual in Vietnamese, will be delivered to students, programmers, developers and anyone else interested in Linux."
Security

+ - Damn Vulnerable Linux

Submitted by
Scott Ainslie Sutton
Scott Ainslie Sutton writes "Enterprise GNU/Linux Resource Linux.com have highlighted a newly created GNU/Linux distribution named Damn Vulnerable Linux, built upon Damn Small Linux. The distribution, headed by Thorsten Schneider, aims to deliver the Operating System in such a way that it allows Security Students first hand insight and hands on experience with Security issues within GNU/Linux in order to teach them protection and mitigation techniques The project's website describes the distribution as 'the most vulnerable, exploitable Operating System ever' and it's true, the developers have ensured that it contains outdated, ill-configured, flawed code and contains GNU/Linux 2.4 Kernel which is known to have many exploitable avenues in itself. Damn Vulnerable Linux's website can be viewed here."

"An entire fraternity of strapping Wall-Street-bound youth. Hell - this is going to be a blood bath!" -- Post Bros. Comics

Working...