They run XP embedded, which allow you to customize which components are used much more so than regular XP. That is not to say I don't see your point -- we've broken into plenty of Diebold XP ATMs during authorized penetration tests using regular Windows exploits. After that, it's game over with the software this product mentions. Then again, regular OS's have been running on ATMs for a long time, and many still run OS/2.

Though I haven't had a chance to evaluate it just yet, I think this is a step in the right direction. Flash security is often overlooked, while Flash itself is often overused by designers who think that pretty effects make the web page. It gets especially bad when Flash is used for activities that require some sort of security, such as a login form. 99% of the time, instead of POST'ing that information to a server side script, it's handled inside the SWF file. Since these can be easily decompiled (grab a copy of Flare or any other decompiler), the password is easily revealed. I recently found a network product which went through the trouble of XOR'ing a password and storing in a text file. Two problems: the text file was in the web root, and the XOR key was inside the SWF. Tools like this can only raise awareness of these types of issues.

I don't know about it nearly crashing the Internet. How many people actually noticed a difference that day, for that matter?

A lot of admins, especially after the alert went out over the NANOG list, set their routers to reject long ASPATHs (or I assume, from what I saw on those list, I am not a BGP admin myself.) Many routers simply rejected these ASPATHs as well; correct me if I'm wrong, but weren't old versions of IOS the only ones affected? It was a serious issue, but I'm not sure if it came anywhere near a disaster scenario.

Closed source applications have to be audited with fuzz testing and other techniques, and this means that bugs can hide from the "white hats" (or the company) for a long time. Look at the bug fixed by MS08-067; it was discovered in the wild as part of a trojan and is now at the center of one of the biggest worm breakouts in history. Open source software can be fully audited by third-parties, including through techniques such as static analysis. I am not anti-closed source per se, but calling it somehow more secure because it "can't be verified" is the opposite of the truth. Tell your customers to talk to a security professional, not a salesman.

I love when stuff like this happens. In the past, there have been incidents such as when someone switched over a feed of Jeopardy to the Playboy Channel. Other notable incidents:

Max Headroom Incident: http://www.youtube.com/watch?v=tWdgAMYjYSs
HBO "Captain Midnight" incident: http://www.youtube.com/watch?v=zFlMHCdYXLM

Maybe you should tell your family this isn't the Victorian era anymore.

"The server for the Alaska Volcano Observatory appears to be overloaded and is unresponsive."

And so then you felt the best thing to do was to link to it from /.? This is a public safety resource that probably doesn't need the extra traffic right now.

What about video instead of a picture? Why not use that and avoid the 'click'?

Can this be good for Ubuntu and the whole Linux-on-the-desktop movement? The article states that both Verizon and the college will work with her to ensure that she can use Linux to get what she needs done. So a major company and an educational institution are forced to break out of the mold of Windows, because Linux is now (even if accidentally) crossing over into the non-technical mainstream. The more this happens, especially in the public eye, the more companies will have to start considering Linux as something that has to be supported by default.

The headline has nothing to do with "editor privileges", it was by submitted by a user (me). I agree that there was no server crash; perhaps I should have said "DoS" (there is a character limit you know), but the effect was about the same:

He said the result was "effectively a denial of service as e-mail queues, especially between posts, back up while processing the extra volume of e-mails."

No, the servers didn't crash, but the e-mail system (i.e being able to communicate over email) did. Don't take things so literally; headlines are meant to capture one's attention in a short amount of time.

"It's apparently pretty easy to police - bare bulbs are highly visible from the police helicopter."

I...wow.

Is Dr. Dobb's going to the same digital format as PC Mag? Here's a free trial, which shows you the last issue of PC Mag. I understand the idea is to placate current subscribers, because keeping it in the same format makes the change less severe. I know I get used to consistent magazines layouts, so this makes sense. But I don't know about the implementation; it feels like a zoomed out PDF to me. And if you want to zoom in, you have to go to 200% -- there is nothing in between. That doesn't feel natural to me and in fact, I find it next to impossible to read. Anyone actually like this format?

What do you expect from DarkReading, especially when the quotes are coming from firms trying to sell their various cure-all security offerings?

And, don't forget, Dubai is in the UAE and largely follows their moral standards. Laws are strictly enforced and they do not look the other way for tourists. There are multiple reports of people being arrested or detained for lengthy periods of time. A British couple was put in jail for allegedly having sex on the beach. And another person was imprisoned because a mass-spec machine in the airport detected a microscopic speck of marijuana on his shoe -- the kind you can pick up walking through the airport, or anywhere really. Personally, that does not describe a place I would like to go to relax.