668408
submission
RichiH writes:
This is bad, real bad. From the Debian Security Announcement: Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable. Long story short, everyone who used OpenSSL in the widest sense to generate within the last two years on either Debian or Ubuntu has a massive problem on their hands. If this is the case you must regenerate and replace your keys as soon as possible!
Read Debian's announcement and Ubuntu's announcement for further information.
627334
submission
RichiH writes:
thedailywtf.com has a real WTF today: An Oklohoma state agency using SQL queries in their URLS, allowing everyone to get at the personal data of thousands of people. After being contacted about it, they implemented minimal (read laughable) 'security' measures. Only after being told that the table named MSD_MONTHLY_MEDICAL_ACTIVITY, which lists employees of the agency, is world-readable as well did they take down the page. As of right now, the page is unavailable and bidding for creating a new system is is open.
349723
submission
RichiH writes:
On November 9th, the German parliament will most likely vote in favour of a law which will make logging of all connections, be they over Internet, landline or cellular phone, mandatory (German source). As an added bonus, the Cybercrime Convention of the European Union will ensure that a total of 52 countries will have access to this data without review by a judge, restriction of commensurability or even a mandatory expiration date for the prosecution of any and all actions that are against the law in the requesting country. This list includes countries with long-standing records in human rights like Azerbaijan, Russia or Moldova. If you live in Germany, hold a German passport or simply think your voice should be heard, please head over to this site and write an open letter to the members of the German parliament. In anticipation of the approval of the law, please also join the first ever German class-action law suit before Germany highest court by adding your personal data here.
Do not let this pass without action. It is that last chance you are likely to have.
303289
submission
RichiH writes:
By the time you are reading this, this link does not work any more as they just took the site in question down. But for quite some time, it showed what you fear it does. Here's to whoever thought of CRLs..
278635
submission
RichiH writes:
Daniel Baumann just did some math and it turns out that if Hewlett-Packard (Schweiz) GmbH, leanux.ch AG or Novell (Schweiz) AG had not voted in favour of fast-tracking the ISO process of OOXML, the 75% needed would not have been reached. It would be interesting to know how HP and Novell voted in other countries and how the infamous Novell-Microsoft agreement influenced Novell's decission.
234873
submission
RichiH writes:
German news site heise.de reports (Babelfish) that a court in Offenburg rejected the state attorney's request to get the private data of a file sharer because it was 'obviously unreasonable'. 'Based on logic', the study speaking of 5 billion traded files per year in 2001 and 2002 which the music industry in Germany often cites can not apply as the user in question uploaded only a single song that the music industry knows of. The court also said that many p2p users are not aware that the programs automatically starts hidden and mandatory upload of files it has access to, so that, unless proven otherwise, the person in question did not upload anything on purpose. Furthermore, the court said that the claim of high damages does not hold water as a song typically costs less than a Euro and 'at a price of 0, someone who will not even spend a single cent will still want to get a product', citing a study that shows no negative impact of p2p on revenues. Finally, the court said that the music simply wants the data of the person in question so it can sue them in civil court and that it did not have any right to the data trying 'via several tens of thousands of criminal charges' to 'get at information the law is explicitly keeping from them'. Several state attorneys said, under strict promise of anonymity, that they would now try to get similar rules so that they 'dedicate their time to more severe crimes'. Go ahead, tag this one 'haha' :)
192045
submission
RichiH writes:
Everyone knows that you should keep backups. A few of us actually even do so. But what about your parents? Your girlfriend's aunt? Anyone else you are privileged to do free IT services for? With hard disks too large for the average user and flatrates in almost every home, I was pondering having them mirror data to each other. Privacy concerns aside, programs like svn, git or rsync come to mind. None of these provide what I would want to see, though. The ideal solution does not require you to manually add files but simply backs up everthing in a few given folders. It should not require any clicking of buttons and run regularly. Bonus points if it is able to shape itself down or limit the monthly traffic amount. The client must run on Windows. Ideally, they would need no central server, but a server-based solution is fine as well as long as the server runs on Linux.
2532
submission
RichiH writes:
German computer magazine PC Welt reports that the pricing plans for Vista were leaked (they pulled the page, and fast). For those only interested in the list: here goes