Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security

Submission + - Facebook bug lets hackers delete friends (cio.com.au)

swandives writes: There's lot of talk about Facebook and privacy at the moment, but a bug in Facebook's website lets hackers delete Facebook friends without permission. Steven Abbagnaro, a student from Marist College in Poughkeepsie, New York reported the flaw, writing proof-of-concept code that scrapes publicly available data from users' Facebook pages and deletes all of their friends, one by one. The victim first has to click on a malicious link while logged into Facebook.

Abbagnaro's code exploits the same underlying flaw that was first reported by Alert Logic security analyst, M.J. Keith, who discovered cross-site request forgery bug, where the website doesn't properly check code sent by users' browsers to ensure that they were authorized to make changes on the site.

Google

Submission + - Vimeo to Support WebM Video (vimeo.com)

An anonymous reader writes: Vimeo has plans in progress to offer WebM video content in the near future. In response to a question posted on the community forums, Vimeo's Andrew Pile responded, 'We've been working for it for a few weeks now and hope to have some preliminary videos for people to play with soon. It looks promising!'
Cellphones

Submission + - Any Android Phones Can Process Credit Cards Now 1

adeelarshad82 writes: A plug-in device known as Square, accompanied by an app, is helping the concept of mobile payments anywhere, anytime on android phones. A simple swipe through Square allows it to read the credit card and send instructions to the mobile app which then allows the user to make payment. Square can be plugged into the 3.5mm headphone jack. The device and the app are free, however Square banks 2.75 percent of the total transaction in addition to a charge of 15 cents per swipe, and 3.5 percent plus 15 cents for each transaction made with a keyed in entry.

Submission + - Numeral Systems of the World's Languages (eva.mpg.de)

labr!nth writes: Linguist Eugene Chan has "successfully collected basic numeral systems and data from about 4,000 languages in the world." He gives a summary of many of these on his website. All sorts of interesting systems are used including various bases (e.g. 2, 3, 4, 5, 10, and 12), body-part tallying, and languages that only distinguish between one and many (c.f. various wikipedia articles on Everett and the Piraha language). The site is ugly and difficult to navigate, but summary boxes at the bottom of specific language pages are informative. Especially interesting are those from indigenous languages from remote areas (c.f. pages for Bella Coola or Kwadi).

Submission + - A new app to hide text messages from prying eyes (safebox.mobi)

jolypip writes: A new mobile application, called SafeBox, has been launched to let users send and receive private text messages, invisible to anyone taking their phone. The application combines the popularity and mobility of texting with the privacy and security of modern cryptography to give some privacy to the SMS communications.

Stories of intercepted and incriminating SMS texts make the celebrity gossip headlines regularly, whether a prince, a footballer, an actor, a musician, a politician or a golfer, the examples are many where the SafeBox application could have kept those texts private and protected from curious intruders, paparazzi, stalkers and other prying eyes.

Privacy in general has become increasingly important, but especially so in the mobile space, as incidents of SMS spoofing and interception multiply.
SafeBox is a privacy tool that is simple to use, available to everyone around the world, and free to download. The first version has been released with J2ME for Java and Symbian phones and can be used in 7 languages.

Besides text messages, the SafeBox application, also offers other features such as a hidden private contact list, and confidential notes. The application is PIN-protected preventing its content to be seen from the outside without knowledge of the PIN. If the phone is lost, stolen or just gets in the wrong hands for a while, nobody can read the messages sent or received or even see whom they were written to.

For more information about SafeBox or to download the application for free, visit the www.safebox.mobi website from a mobile phone browser or from the web.

Submission + - Body Area Networks To Collect Physiological Data (computerworld.com)

Lucas123 writes: The FCC is considering a request by the healthcare industry to allocate radio bandwidth for the creation of body area networks, which would use small, disposable monitors in the form of patches or bracelets to collect physiological data on critically and chronically ill patients, such as temperature, pulse, blood glucose level, blood pressure and respiratory health. The body area networks would transmit the data to electronic medical records, which could be remotely monitored by care givers and could not only head off heart attacks and strokes but reduce staph infections in hospitals, which kill 200,000 people annually in the U.S.
Security

More Mac Vulnerabilities Than Windows In 2007? 329

eldavojohn writes "A ZDNet blog reports stats from Secunia showing OSX averaged 20.25 vulnerabilities per month while XP & Vista combined averaged 3.67/month. Is this report card's implication accurate, or is this a symptom of one company turning a blind eye while the other concentrates on timely bugfixes? 'While Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that weren't present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and it's something I am glad I don't use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.'"
Music

Submission + - Next for Apple: Lossless iTunes Store (cnet.co.uk)

DrJenny writes: C|net has an interesting piece running at the moment about why Apple developed their own lossless codec, and more importantly that iTunes will become a download store for lossless audio, potentially from all the major labels. This would be a massively positive move for people who spend hundreds, if not thousands, of dollars on hi-fi gear, but refuse to give money to stores that only offer compressed music. It's a big FLAC, DRM, ALAC and GB discussion, but it's a very exciting perspective, and surely one that'll pan out meaning audiophiles will finally be able to take advantage of legal digital downloads.
Security

Submission + - SquirrelMail Repository Poisoned (beskerming.com)

SkiifGeek writes: "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).

After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.

The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.

Version 1.4.13 is now available."

Slashdot Top Deals

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...