Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

+ - Many Stuxnet Bugs Still Unpatched by Siemens->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner.
Langner said that the media paid too much attention to the four, zero day Windows vulnerabilities that enabled the Stuxnet worm, but overlooked the other security holes used by the worm. Unlike the Windows vulnerabilities, which Microsoft quickly fixed, many of the holes in Siemens' products remain unpatched, he contends.

Langner enumerates three types of exploits used by Stuxnet — only one category of which (Windows operating system exploits) have been closed. The other two are Windows applications exploits aimed at Siemens Siemens Simatic Manager and the Siemens WinCC SCADA application, and controller exploits aimed at Siemens S70-300 and 400 series controllers."

Link to Original Source

Techdirt: NJ Supreme Court Can't Comprehend That Everyone Can Be A Journalist->

From feed by feedfeeder
We've covered the case of Shellee Hale for a few years now. She was sued for defamation over some comments she left in an online forum concerning a software company for the porn industry, Too Much Media LLC. Hale claimed that she got the information from a source as part of an investigation she was doing for a website which she had not yet opened. However, she posted some of that info on this forum, and upon being sued, tried to claim journalistic privilege in protecting her sources under New Jersey's journalist shield law. Both the district court and the appeals court ruled against her, suggesting that because the online forum was not an appropriate venue for journalism, there was no journalism shield. She appealed to the New Jersey Supreme Court, which has tragically upheld the lower court rulings, once again taking issue with the venue:

We do not find that online message boards are similar to the types of news entities listed in the statute, and do not believe that the Legislature intended to provide an absolute privilege in defamation cases to people who post comments on message boards.
But I don't think that's what anyone was trying to claim. This isn't about the venue, but about the action. Journalism is not a venue, it's a process. If the information was acquired in the course of journalism, it shouldn't matter where it was published. Yet all three courts seemed to miss this key point and focus mainly on the venue issue. So, even if you're doing journalism, but publish it somewhere the judges don't like, suddenly, you're not doing journalism. This is quite strange and I don't buy the court's explanation here. They even note that the law itself is written broadly to protect "all significant news-gathering activities." And yet it still says that venue of publication is a key factor in determining what is journalism. This is an outdated and, frankly, troubling view of journalism. The court even goes on a bit of a screed about "unfiltered, unedited" forums as being this anarchy of the internet that does not resemble journalism.

Once again, that's totally irrelevant. What others do on forums is meaningless. The entire question should have been whether or not Hale was engaged in the action of journalism. The court warns that if Hale's argument is accepted than "anyone with a Facebook account, could try to assert the privilege." But, what's wrong with that? If the person is actually engaged in journalism, than what's the problem? Nothing in what Hale was claiming would mean that everyone with a Facebook page was automatically protected by the shield law. The person would still need to prove that they were engaged in journalism. It's really too bad that the New Jersey Courts couldn't see this.

Permalink | Comments | Email This Story



Link to Original Source
Security

+ - Sex, Lies and Cyber-crime Surveys->

Submitted by isoloisti
isoloisti (1610133) writes "In surveys men claim to have had more female sex partners than women claim male partners, which is impossible. The reason? A few self-described Don Juans who tell whoppers pull the average way up, and errors don't cancel. Cyber-crime estimates are hopelessly exaggerated for exactly the same reason according to a new study to appear at the Workshop on the Economics of Information Security. The authors write: “‘You should never trust user input’ says one standard text on writing secure code. It is ironic then that our cyber-crime survey estimates rely almost exclusively on unverified user input. A practice that is regarded as unacceptable in writing code is ubiquitous in forming the estimates that drive policy." In many cases 75% of the estimate comes from the unverified self-reported answers of one or two people."
Link to Original Source

+ - Ask Slashdot:How to I not get other people's email

Submitted by vrimj
vrimj (750402) writes "vrimj writes "I have a common enough first name lastname combination that I sometimes get other peoples email at my firstname.lastname@gmail.com account.

It isn't a big deal if it is a person, I let them know, they fix it.

The big problem I am having is with companies and websites. These emails are often no reply which means I can't send back a quick note.

I got someone's credit card bills for three months before I realized there was nothing for it but calling the company (I tried a couple of emails first).

Recently got a notice about someone's kid signing up for a website. I don't have any but to hit the response and tell them that I first have to say I am that kids parent or guardian. I didn't know where to go from there.

Today I get an invoice from a cable company, it is for a different state. I can't reply. I go to the online support, they tell me my only choice is to call the sales office. I gave in for the bank but I am not talking to someone else's cable company.

Is there any way to make emails to an improperly formatted gmail address bounce or do something else obvious? Is there a technical solution I am overlooking.

I doesn't happen that often but it is an increasing PITA with no reply email addresses. I hate just setting up a filter because that cuts off these other people who made a typo or had someone not enter something correctly, but it is looking like the best choice.

It isn't spam, but it isn't my meat.""

+ - How to I not get other people's email

Submitted by vrimj
vrimj (750402) writes "I have a common enough first name lastname combination that I sometimes get other peoples email at my firstname.lastname@gmail.com account.

It isn't a big deal if it is a person, I let them know, they fix it.

The big problem I am having is with companies and websites. These emails are often no reply which means I can't send back a quick note.

I got someone's credit card bills for three months before I realized there was nothing for it but calling the company (I tried a couple of emails first).

Recently got a notice about someone's kid signing up for a website. I don't have any but to hit the response and tell them that I first have to say I am that kids parent or guardian. I didn't know where to go from there.

Today I get an invoice from a cable company, it is for a different state. I can't reply. I go to the online support, they tell me my only choice is to call the sales office. I gave in for the bank but I am not talking to someone else's cable company.

Is there any way to make emails to an improperly formatted gmail address bounce or do something else obvious? Is there a technical solution I am overlooking.

I doesn't happen that often but it is an increasing PITA with no reply email addresses. I hate just setting up a filter because that cuts off these other people who made a typo or had someone not enter something correctly, but it is looking like the best choice.

It isn't spam, but it isn't my meat."

Comment: Re:make stuff (Score 1) 458

by vrimj (#34305784) Attached to: Thought-Provoking Gifts For Young Kids?
You could use shrink film and show them how to make their own bits of plastic. Custom game bits, stuff that goes with current plastic bits. It is a small simple thing, but you can start to show them how to hack their toys.
And while a lot of these suggestions are awesome they are basically toys that require hacking, any toy can be hacked with some tools. Think about a toy mod kit paint pens, shrink film, design your own stickers, iron on able printer paper. You can start giving them the idea that they can impose their aesthetic and desires on their stuff instead of just leaving it an unremarkable pile of plastic.

+ - Best way to get a single emergancy contact number?

Submitted by vrimj
vrimj (750402) writes "I have family, by blood and by choice, that need to be notified if something happens to me. I want them to all find out as soon as possible, and the best way to do that seems to be setting up a call forwarding number to ring them all and letting the first to answer handle informing the others.

It would be easy to set up on google voice, but I use it as my primary number as does one of the people on my must call list. That leaves me with commercial services. The problem is I don't know what the reliability is like with the various choices like skype and onesuite. I really need it to work if I need it. I don't mind paying something for the service, but I don't want to pay more then I need to."
Security

Making Airport Scanners Less Objectionable 681

Posted by kdawson
from the still-the-little-matter-of-x-rays dept.
Hugh Pickens writes "The Washington Post reports that one of the researchers who helped develop the software for the scanners says there is a simple fix that would make scanning less objectionable. The fix would distort the images captured on full-body scanners so they look like reflections in a fun-house mirror, but any potentially dangerous objects would be clearly revealed, says Willard 'Bill' Wattenburg, a former nuclear weapons designer at the Livermore lab. 'Why not just distort the image into something grotesque so that there isn't anything titillating or exciting about it?' asks Wattenburg, adding that the modification is so simple that 'a 6-year-old could do the same thing with Photoshop... It's probably a few weeks' modification of the program.' Wattenburg said he was rebuffed when he offered the concept to Department of Homeland Security officials four years ago. A TSA official said the agency is working on development of scanner technology that would reduce the image to a 'generic icon, a generic stick figure' that would still reveal potentially dangerous items." Reader FleaPlus points out an unintended consequence: some transportation economists believe that the TSA's new invasive techniques may lead to more deaths as more people use road transportation to avoid flying — much more dangerous by the mile than air travel.
Government

+ - Geek Disaster Volunteers?->

Submitted by
vrimj
vrimj writes "Today we just finished pretending a catastrophic hurricane hit Florida. And what became clear was that while there were a few people with technical skills available there was no real way to contact and mobilize the geeks other then the hobbyist radio community. It sometimes self-organizes, but there is not really a structure emergency response people can reach out to.

So I talked to some people from the Red Cross and Salvation Army, they are interested in trying to help reach out. The people at the Florida Emergency Management Center who train people for initial response (wanna know how to mark houses for search and rescue?) and he is willing to try going to some conventions to do training. We have disaster scenarios that could be turned in to RPG adventures.

So where to start and how? Slashdot, if you would like to be available when the shit hits the fan how can you be reached and how can you help?

The Red Cross and Salvation army are good at what they do, do they just need to reach out to the geeks? Are geeks already pretty organized and some minimal contact system should be set up (say to get in touch with sys admins and GMs and the like and give them a way to make requests to the emergency management community) or does there need to be something more complicated to sustain things like training, supporting people on missions, and keeping volunteer information up to date? If so how the heck do you get started?"

Link to Original Source
Graphics

+ - Splash, splatter, sploosh, and bloop!->

Submitted by Acoustic Bubble
Acoustic Bubble (666) writes "Researchers at Cornell University have developed the first algorithm for synthesizing familiar bubble-based fluid sounds automatically from 3D fluid simulations, e.g, for future virtual environments. The research (entitled "Harmonic Fluids") will appear at ACM SIGGRAPH 2009 in New Orleans this August 2009. Videos of falling, pouring, splashing and babbling water simulations (computed on a Linux cluster) are available at http://www.cs.cornell.edu/projects/HarmonicFluids"
Link to Original Source

Comment: Section 1983 can provide recourse (Score 2, Interesting) 160

by vrimj (#24664839) Attached to: MIT Students' Gag Order Lifted
There is a way to get the decision reviewed, because the MBTA is a state agency the students can use 1983 to claim that in seeking a protective order under these conditions it deprived them of constitutionally protected rights.

They could counter-claim if the MBTA keeps up its suit or file on their own if it is dismissed.

Sure is it just cash damages (including attorneys fess) but it is recourse

Patents

'Eolas' Browser Plug-in Patent Case Rises Again 107

Posted by Zonk
from the return-of-the-living-patent-case dept.
eldavojohn writes "A legal battle that has been around since 1999 and seemingly ended in 2005 now rears its head again. In a confusing move, the USPTO 'reissued a Microsoft patent last week covering the same concepts outlined in the Eolas patent and with wording mirroring that of the Eolas patent. With both companies holding identical patents, the USPTO will now play King Solomon and decide which parent gets custody of the baby.' Both the Microsoft & Eolas patents are available online."

MSDOS is not dead, it just smells that way. -- Henry Spencer

Working...