pigscanfly.ca - Slashdot User

Submission + - Sniffing browser history for art

Submitted by

holdenkarau

on Monday June 29, 2009 @10:50AM

holdenkarau writes: "You may remember previous slashdot discussions on browser history sniffing, but there is a new kid in town doing something a bit different. web2.0collage.com uses similar browser history sniffing to determine what websites you visit and creates a collage of them. Before you get worried, it uses a list of "web2.0" sites, so the collage will (probably) be appropriate (unless you don't want your colleagues knowing about your slashdot habbits). An interesting application of potentially scary technology. For those wanting to skip the warning screen and go straight to the browser sniffing this should do the trick."

Submission + - web2.0collage uses sniffed browser history for art

Submitted by Anonymous Coward on Monday June 29, 2009 @01:29AM

An anonymous reader writes: web2.0collage.com uses browser history sniffing to determine what websites you visit (that has been discussed on slashdot before) and then creates a collage of them. Before you get worried, it uses a white-list of SFW sites, so the collage will (probably) be appropriate (unless you don't want your colleagues knowing about your slashdot habbits). An interesting application of potentially scary technology.

Submission + - 'Microsoft Subsidy' Cuts Tuition for H-1B Families

Submitted by

theodp

on Wednesday June 24, 2009 @12:23AM

theodp writes: "If you're a U.S. citizen, but not a permanent resident of Washington State, your kids will pay $24,367-a-year (pdf) if they want to attend the University of Washington. But if you're in the U.S. on a temporary H-1B or L visa, you, your spouse, and your kids will soon be able to pay only $7,692-a-year to attend UW thanks to HB 1487, which has been dubbed the 'Microsoft Subsidy Bill'. Sponsored by former Microsoft exec Ross Hunter, the bill stands to benefit the families of thousands of Microsoft workers. Lydia Tamez — associate general counsel and director of global migration at Microsoft — defended the bill, explaining that it will not only make life easier for H-1B employees who rely on Microsoft for their sole income, but also address the concerns of Microsoft guest workers who want to earn MBAs or second degrees, but balk at having to pay out-of-state tuition rates. Not all are impressed by her argument. The 'emergency' law (deja vu, anyone?), which legislators deemed 'necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions,' takes effect on July 1."

Submission + - Devicescape supports Starbucks with OpenMoko

Submitted by Anonymous Coward on Tuesday June 23, 2009 @11:52PM

An anonymous reader writes: The OpenMoko is getting some much needed love with Devicescape's port to the FreeRunner adding support for logins to Starbucks. With the ongoing port of Android to the FreeRunner some questions remain as to the long term viability of the freesmartphone architecture. (fittingly the captcha for the submission was muffin, similar to cupcake)

The Economist Suggests Linux For Netbooks 445

Posted by timothy on Saturday December 13, 2008 @08:04PM from the and-they're-clever-guys dept.

Trepidity writes "In its roundup of how to choose a netbook, The Economist suggests that users 'avoid the temptation' to go for a Windows-based netbook, and in particular to treat them as mini laptops on which you'll install a range of apps. In their view, by the time you add the specs needed to run Windows and Windows apps effectively, you might as well have just bought a smallish laptop. Instead, they suggest the sweet spot is ultra-lite, Linux-based netbooks, with a focus on pre-installed software that caters to common tasks. They particularly like OpenOffice, which they rate as easier to use than MS Word and having 'no compatibility problems,' as well as various photo-management software." Besides which, does Windows offer spinning cubes for coffee-shop demos?

Zimbra Desktop Vulnerable to Man-in-the-Middle Attack 49

Posted by timothy on Sunday November 23, 2008 @02:31AM from the imperfect-world dept.

tiffanydanica writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password, making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."

Submission + - Yahoo! exposes auth info via man-in-the-middle

Submitted by tiffanydanica on Friday November 21, 2008 @05:22PM

tiffanydanica writes: For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface.

Submission + - Security flaw in Yahoo mail exposes auth info

Submitted by tdalek on Friday November 21, 2008 @05:04PM

tdalek writes: After patching its plaintext authentication gaffe, Yahoo! Zimbra Desktop has fumbled the security and privacy ball once again. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed.

Submission + - Yahoo! Zimbra Desktop vulnerable to MiTM

Submitted by

holdenkarau

on Friday November 21, 2008 @04:28AM

holdenkarau writes: "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."

Amazon Kindle Endorsed By Oprah 197

Posted by kdawson on Friday October 24, 2008 @06:08PM from the you-could-pay-to-read-slashdot dept.

Oprah Winfrey enthused about the Amazon Kindle on her show today — it's her "new favorite thing" — and had Jeff Bezos on to announce a $50-off offer good till Nov. 1. A plug on Oprah is ordinarily a sign that a product has crossed over into the mainstream. But her show's audience has been slipping lately, and it's unclear how many cash-strapped citizens will be willing to part with $309 (after the special offer) for a new techno-gadget, for which they then have to shell out more money for DRM-encrusted content.

Submission + - E-mails of Yahoo! iPhone users exposed

Submitted by Anonymous Coward on Wednesday October 08, 2008 @09:36PM

An anonymous reader writes: Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! Unlike the other default providers (gmail, etc.) Yahoo! doesn't use encryption for either downloading or sending messages. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request slightly obscured inside a bundle of XML, but security through obscurity isn't very effective. While the GSM protocol is cracked, this is probably of more concern to users who use the iPhone's built in Wi-Fi.

Submission + - Tapping the iPhone, brought to you by Yahoo!

Submitted by tdalek on Wednesday October 08, 2008 @06:59PM

tdalek writes: You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more that other Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead.

Submission + - iPhone exposes emails in plaintext for Yahoo users 1

Submitted by

holdenkarau

on Wednesday October 08, 2008 @02:02PM

holdenkarau writes: "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing usernames & passwords. It turns out that more than just Yahoo! Zimbra Desktop is affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames & passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), you might want to look at forwarding it somewhere else for the time being, and using that account instead."

Submission + - iPhone & Yahoo! mail expose the text of emails

Submitted by kingofthehobos on Wednesday October 08, 2008 @01:12PM

kingofthehobos writes: You may remember the recent Slashdot article about Yahoo! Desktop exposing usernames and passwords. It turns out that more than just Yahoo! Zimbra desktop is affected, although to a lesser degree. In the original security whole, Yahoo!'s desktop program transmitted the usernames & passwords in plaintext. On the iPhone, authentication is encrypted, however all the messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request, but security through obscurity isn't very effective. Looking at the screen capture there also appears to be a "imie" field, which seems like it could be useful for phone cloners (if people still do those sorts of shenanigans). If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), you might want to look at forwarding it somewhere else for the time being, and using that account instead.

Submission + - Yahoo! exposes usernames & passwords

Submitted by

tiffanydanica

on Thursday October 02, 2008 @12:37PM

tiffanydanica writes: "In a move hearkening back to the days of telnet, Yahoo!'s newest addition (Yahoo! Desktop) to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. But thats not all, doing some digging leads to the likely conclusion that all Yahoo! IMAP based client programs (including the Yahoo! iPhone) application are sending passwords in plaintext. CNET news, the Inquirer & Wired's Webmonkey are all reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop, or used Yahoo!'s iPhone application passing the news on and getting them to switch back to the web interface and change their password (until the issues are fixed) would be ++good."

Slashdot Top Deals