barry_the_bogan - Slashdot User

Submission + - DNS attack ushers in new era of Phishing 2.0 (computerworld.com.au)

Submitted by Bergkamp10 on Tuesday December 11, 2007 @05:48PM

Bergkamp10 writes: Researchers at Google and the Georgia Institute of technology are studying a new virtually undetectable form of attack that exploits 'open recursive' DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Some 17 million open-recursive DNS servers are on the Internet, and unlike other DNS servers they answer all DNS lookup requests from any computer on the net, making them the perfect target for would be hackers and attackers. Criminals are apparently using these servers in tandem with new attack techniques to develop a generation 2.0 of phishing. Here's how an attack would work. A victim would visit a Web site or open a malicious attachment that would exploit a bug in his computer's software. Attackers would then change just one file in the Windows registry settings, telling the PC to go to the criminal's server for all DNS information. If the initial exploit code was not stopped by antivirus software, the attack would give attackers virtually undetectable control over the computer. Once they'd changed the Windows settings, the criminals could take victims to the correct Web sites most of the time, but then suddenly redirect them to phishing sites whenever they wanted — during an online banking session, for example. Because the attack is happening at the DNS level, anti-phishing software would not flag the phoney sites.

Submission + - Are you proud of your code? 6

Submitted by Anonymous Coward on Sunday December 09, 2007 @07:35PM

An anonymous reader writes: I have a problem and I am hoping /. group therapy is the cure, so get on with the +5 comments, post haste! I am downright embarrassed by the quality of my work; specifically, my code. It is buggy, slow, fragile, and a nightmare to maintain. Documentation, requirements, automated tests? Does not exist. Do you feel the same way? If so, then what is holding you back from realizing your full potential? More importantly, what if anything are you planning to do about it? This picture, which many of you have already seen, captures several project failure modes. It would be humorous if it weren't so depressingly true. I enjoy programming and have from a young age (cut my teeth on BASIC on an Apple IIe). I have worked for companies large and small in a variety of languages and platforms. Sadly the one constant in my career is that I am assigned to projects that drift, seemingly aimlessly, from inception to a point where the client runs out of funding and the project is abandoned. Like many young and idealistic university graduates I hoped to spend my life programming passionately, but ten years later I look in the mirror and see a whore. I'm just doing it for the money. Have any developers here successfully lobbied their company to stop or cut back on 'cowboy coding' and adopt best practices? I'm not talking about the methodology-of-the-week, I'm referring to good old fashioned advice like keeping SQL out of the UI layer. For the big prize: has anyone convinced their superiors that the customer isn't always right and saying no once in awhile is the best course of action? Thanks in advance for your helpful advice.

Submission + - Law prof calls for more liability re online speech

Submitted by

TwistedOne151

on Sunday December 09, 2007 @06:33PM

TwistedOne151 writes: "George Washington University professor Daniel J. Solove argues in his new book for increasing the use of tort law to protect privacy against online speech, particularly calling for removing the immunity granted by Section 230 of the Communications Decency Act to bloggers and websine owners regarding material posted by others, according to reviews here and here."

Submission + - Corporations face problems with employee e-mails (law.com) 4

Submitted by

TwistedOne151

on Sunday December 09, 2007 @06:23PM

TwistedOne151 writes: "Law.com has an article outlining how the casual attitude of many employees toward work e-mails has caused massive problems for coporations' in-house counsels."

Submission + - Is ISP Web Content Filtering Here? 1

Submitted by

unixluv

on Sunday December 09, 2007 @05:12PM

unixluv writes: "An ISP is testing web content filtering and content substitution software, see http://lauren.vortex.com/archive/000337.html. While it seems innocent enough, is this the wave of the future? Will your ISP censor your web experience? Now consider it in the context of The MPAA asking for ISP Content Filtering on /. this week. Is the RIAA next? Will this spawn a war of web tools to circumvent ISP tools?"

Submission + - Linux is about to take over the low end of PCs (desktoplinux.com) 3

Submitted by on Sunday December 09, 2007 @02:03PM

An anonymous reader writes: Desktop Linux has a recent commentary on the inevitable growth of Linux on the cheaper end of the desktop market. According to the article, the availability of under-$500 usable hardware, combined with free a operating system, free desktop office products, and free or cheap "Software as a service" online applications, opens a new market in which Microsoft cannot compete. "Microsoft will fight this trend tooth and nail. It will cut prices to the point where it'll be bleeding ink on some of its product lines. And Windows XP is going to stick around much longer than Microsoft ever wanted it to. Still, it won't be enough. By attacking from the bottom, where Microsoft can no longer successfully compete, Linux will finally cut itself a large slice of the desktop market pie."

Submission + - CSS Pocket Reference

Submitted by

Michael J. Ross

on Sunday December 09, 2007 @01:41PM

Michael J. Ross writes: "For Web developers who appreciate the value of separating Web content from its presentation, Cascading Style Sheets (CSS) has proved a godsend, because it allows all of the styling of a Web site to be organized in CSS files separate from the site's semantic content, in HTML files (possibly dynamically generated). Yet to make this styling power possible, CSS must incorporate a long list of syntax elements, including hundreds of selectors, properties, and values. Thus it can be quite handy for the developer to have on hand a concise summary of CSS, such as the CSS Pocket Reference, authored by Eric A. Meyer.

The book was published by O'Reilly Media on 5 October 2007, under the ISBNs 0596515057 and 978-0596515058. CSS itself has evolved along with other Web technologies, and this book is now in its third edition, having been updated to reflect the ongoing changes in CSS; the book now covers CSS2 and CSS2.1. On the book's Web page, O'Reilly offers an online table of contents, as well as ways for the visitor to view and submit errata (none as of this writing) and reviews for the book. Unlike most technical publishers, O'Reilly now makes available previews of their books' contents, in the form of a table of contents with links to the first few paragraphs of each section, including tables and illustrations.

Despite the growth in the number of elements in CSS, and the attention paid to each one of them by the author of CSS Pocket Reference, the book is still small enough to fit in a pocket, at only 168 pages. The book's material is organized into 18 unnumbered sections, preceded by some notes on the book's typographical conventions, and followed by an essential index. The bulk of the material is found in the Property Reference section. Other sections explain how to add styles to HTML and XHTML pages; CSS rule structure and style precedence, including inheritance and the cascade; element classification and display roles; visual layout; rules on floating and positioning; and table layout. Subsequent sections cover CSS value types and units, and selectors, including some of the newest additions to CSS, such as the adjacent sibling selector and the language attribute selector. Just before getting into the details on properties, Eric Meyer discusses pseudo-classes and pseudo-elements, which have made it possible for Web developers to create rather robust and attractive site navigation using CSS exclusively, without any need to resort to images and JavaScript for rollover effects and other navigation eye candy.

For each element of CSS that is covered in all of the sections mentioned above, the types of information presented to the reader can vary, depending upon the category of element. But they generally include the element's possible values, a default value, what elements it can apply to, whether it is inherited, its computed value, a brief description of the element, at least one example illustrating its usage, what browsers support it, and oftentimes a note on its usage. Consequently, this new edition of the book, like its predecessors, should prove more than adequate for most CSS reference needs.

As with any computer book, there are several ways in which this one could be improved. Any reader using the book to look up a particular element, has two possible ways of doing so: They could first consult the index, and, assuming the element is listed there, go straight to the page indicated. But most readers, knowing that the elements in each section are listed alphabetically, will probably open up the book near the front or the back, and begin flipping backward or forward, respectively, hoping to spot the element of interest as quickly as possible, given its alphabetical ordering. That individual will likely immediately spot an obvious problem with the book: The pages have no running titles (the words that indicate the first element discussed on that page, and typically listed at the very top of each page). Inclusion of such running titles in the next edition of the book, would make it much faster to use.

Another valuable addition would be some sort of table listing all of the CSS elements and their level of support within the most commonly used Web browsers and, in the case of Internet Explorer, the most commonly used versions of the browser. Also, on page 48 of the book, at the beginning of the Property Reference section, it has a subhead of "Visual Media," which suggests that there are other subheads within that section, for other media types; but I was unable to find any.

All of these problems concern the publisher's choice of material. My last criticism concerns the layout of that material in the print version of the book. Because this diminutive volume has narrow pages, and they are tightly glued together in the binding, it is imperative that the publisher of such a book provide plenty of white space in the inner margins (those closest to the binding), so the reader does not have to crack open the book too much in order to read the text closest to the binding. Repeatedly opening up the book far enough to read those inmost words, will over time weaken and eventually destroy the binding. In contrast, a small reference book like this has no need for much outer margin. Sadly, O'Reilly got it backwards with this volume, with relatively wide and useless outer margins, and inadequate inner margins.

Aside from the aforementioned flaws — all of which can be remedied in the future — CSS Pocket Reference is a compact and neatly organized gem of a book, packed with information of value to busy Web programmers.

Michael J. Ross is a Web developer, writer, and freelance editor."

Submission + - Linux Networking Cookbook

Submitted by

stoolpigeon

on Saturday December 08, 2007 @08:44PM

stoolpigeon writes: "[Editors: I've read the slashdot guidelines and tried to adhere to them as best I could. What follows is my review of a brand new O'Reilly book, the Linux Networking Cookbook. My email is bittercode@gmail.com. I can be reached at 321-695-4295 and I'm usually logged into AIM during the week as ronpeckjr. I would never ask this on a regular submission, but if this review is rejected, due to my writing, could I get a short note letting me know that and possibly what I could have done to improve it? I would really appreciate that.]

The Linux Networking Cookbook is Schroder's companion to her earlier book, The Linux Cookbook. As the title suggests, this is a set of networking 'recipes'. The scope is wide, but the recipes are concise and to the point. Schroder wastes little time getting to the focus of each section, making this an excellent reference guide for any of the technologies that are covered. For the reader interested in a deep, long running discussion of how and why things work the way they do, this is not what they want. The book is perfect though for the reader looking for examples and thorough instructions on getting things installed and running.

The back cover of the Linux Networking Cookbook says, "This wide-ranging recipe collection covers everything you need to know as a Linux network administrator, whether you're new to the job or have years of experience." I'm on the new to the job side of the spectrum when it comes to networking experience. My guess is that for the experienced administrator, there may not be a lot of depth. But the breadth of the information is such that they are very likely to find something new here. The book assumes a basic familiarity with administering Linux. Instructions are detailed but the reader will need to know how to navigate the file system, edit files, create user and group, change permissions and other similar tasks.

Like many other cookbooks, my questions were "Will I understand the recipes?", "Are these recipes within my skill level?" and "Are these things that I want to make?". Schroder has done an excellent job making everything in this book extremely clear and understandable. There is enough explanation to get the reader started, not so much that it feels slow or like she was padding for length. Anyone with even slight exposure to the command line in Linux should be able to dig right in, follow the instructions and enjoy the satisfaction of seeing these recipes work. It often felt to me like I had taken a few hours of research on Google, cut out the useless and outdated, cut out the excess verbiage, and was left with a distilled set of advice, examples and references for further reading. I really see this book as being strongest as a time saver and a great platform for learning. That answers my first two questions with an emphatic yes. Now all that is left is the question of, "Are these things that I want to make?" Here, really the best answer is to read through the table of contents. I'm going to comment on what stood out, but there are just too many subtopics covered to mention them all. So it would be worthwhile for any who might be interested in this book to take the time to read through them.

The only drawback to the book is that to really get a lot out of it, one is going to need access to some equipment. For many chapters some PCs are enough. For other chapters, purchasing hardware will probably be necessary. While this keeps the book from being perfect for everyone, I would say that it also means that the reader is going to get a solid understanding of the topics rather than one that is only theoretical. This is a strength of the book in my opinion, but it is good that the buyer is aware of this before they purchase.

Each chapter follows the same format. They begin with a brief overview of the technology and concepts for that chapter. Chapter 1, "Introduction to Linux Networking" contains only this overview, and is the shortest chapter of the book. The overview includes not only the primary concepts but what hardware will be required to work through the recipes and any software that may be required as well. The overview is followed by a series of subtopics, each presented with a problem, solution, discussion of the solution and a list of other resources. The solutions are given with instructions applicable to the Fedora and Debian distributions. I would assume that this makes the book immediately useful for the majority of linux users, as their distribution will probably be very similar to one of those two.

The second chapter is Building a Linux Gateway on a Single-Board Computer. This chapter is somewhat unique in that the recipes are all written with the goal of installing Pyramid Linux on a Soekris 4521 board. The recipes also require a CF card (or microdrive), power supply and null-modem cable. These hardware requirements mean that working through this chapter requires spending more than an insignificant amount. The Soekris board runs about $150 and then there will be the smaller costs of the other equipment. For the reader unwilling to spend the money, this chapter is not much use. On the other hand, someone who may be interested in learning this kind of embedded work and finding out more about network devices will find this to be an excellent chapter. I remember spending more on my first Mindstorms kit to start learning about embedded programming.

The third chapter is Building a Linux Firewall. This chapter has recipes to build an iptables firewall from scratch. The problems and solutions in this chapter are excellent and cover a wide ranging number of situations. Many distributions have gui tools for managing iptables, but I know I've run into problems with these applications more than once. Schroder lays out how to get around such difficulties and deal directly with iptables for everything from getting multiple SSH host keys past NAT to logging. The references to outside resources are also extremely useful as in the other chapters.

Chapter four is Building a Linux Wireless Access Point. This chapter builds on the previous two chapters. These recipes, combined with the previous recipes, and once again pointed at a devoice running pyramid linux, will have the reader building a very capable wireless access point. These three chapters work together as a very nice unit that could be seen a little costly for the hobbiest or as incredibly inexpensive for the network administrator. I think that they offer very attractive options to the shop with a smaller budget but a reluctance to settle on less capable hardware.

Chapter five takes a turn and is Building a VoIP Server with Asterisk. This chapter can be done with a few pcs, and hardware that allow for putting sound in and getting sound out. I found the chapter to be a little difficult to follow but I have absolutely no experience with telecommunications. I think that anyone else in my position may need to do some other supplementary reading (Schroder points out plenty) and an allowance for plenty of time to expirement and learn. Like the other chapters, the coverage is wide, and given enough time readers could have a very capable system built with the guidance given in this chapter.

Chapter six is Routing with Linux. Unlike chapters two and four, the recipes in this chapter are written assuming Debian or Fedora as opposed to Pyramid Linux. Schroder starts with calculating subnets and moves on quickly to static and dynamic routing.

Chapters seven, eight, nine and ten are all about connecting remotely. Seven is Secure Remote Administration with SSH. The basics are covered as well as hardening SSH, tunneling X Windows securely and even sshfs. I've personally spent a great deal of time tracking down little bits of information for many of these, and here they are all collected together in a very easy to read and use format. Chapter eight is Using Cross-Platform Graphical Desktops. This chapter covers rdesktop, FreeNX and VNC. The majority of the chapter focuses on FreeNX and VNC. The VNC portions give some very nice recipes for working securely and in a mixed environment that includes windows machines. I work in just such an environment, and I look forward to being able to reference this book on those occasions when I need to connect to one of our Windows servers. It doesn't happen too often, and that makes a reliable reference that much more valuable. Chapter nine is Building Secure Cross-Platform Virtual Private Networks with OpenVPN. The recipes begin with instructions on setting up a lab to work with OpenVPN and test things without interfering with the rest of a network. This is a quick chapter and lays out setting up the server and connecting with clients. Chapter ten is similar to nine but has recipes to build a Linux PPTP VPN server.

Chapters eleven and twelve move things back inside the LAN. They are Single Sign-on with Samba for Mixed Linux/Windows LANs and Centralized Network Directory with OpenLDAP. The recipes include migrating away from and into Windows networking solutions. I can see the value here not only for network administrators, but also Linux system administrators who may find themselves needing to integrate into a predominately Windows environment. I know there are often questions on Slashdot about getting Linux in the door. Well, for those who succeed, these chapters could come in very handy.

Chapters thirteen and fourteen are about network monitoring using Nagios and MRTG. The recipes cover a wide number of monitoring options and could really get an IT shop on well on their way from finding out about outages from their users, to being truly on top of their network.

Chapter fifteen is a quick treatment of IPv6. Chapter 16 covers network installs. Chapters seventeen and eighteen cover administration via serial console directly and over a modem. These tried and true methods are probably less relied upon than in the past, but they are covered well and it speaks to the thorough coverage of the book. Chapter nineteen closes the book with a host of generic recipes centered around troubleshooting network issues. This is a solid chapter, not just a quick troubleshooting grid tacked on to the end of the book. There are three appendices. The first is a list of recommended resources that is dominated by O'Reilly titles, though there are others. The second is a glossary and the third is a very useful kernel building reference.

The index is decent. It is not exceptional, but it is not bad either. This is somewhat alleviated by the fact that the book comes with access to it on Safari for 45 days. There is also a web site with all of the examples available for download. The author's website is also a good launch point for related articles and information."

Submission + - Group hopes to rename street after Douglas Adams.

Submitted by

interstellar_donkey

on Thursday December 06, 2007 @10:06PM

interstellar_donkey writes: "After the recent brouhaha over the renaming of 4th Ave after César Chávez, a Portland group is pushing to rename a local street after the late writer Douglas Adams. The street? Why, 42nd Ave, of course. According to their website, the renaming will reflect Portlanders' commitment to the arts, respect for the environment, desire to provide technological access to all, their passion to further education to all people, and most importantly remind Portlanders DON'T PANIC. This appears to be a serious movement, with preliminary paperwork already in the works."

Submission + - Are Cow farts sweeter with a Kangaroos stomach? (news.com.au)

Submitted by ghostcorps on Wednesday December 05, 2007 @10:24PM

ghostcorps writes: The Australian has an article discussing plans to modify cows stomachs to produce less/no methane."

From the article: "Thanks to special bacteria in their stomachs, kangaroo flatulence contains no methane and scientists want to transfer that bacteria to cattle and sheep who emit large quantities of the harmful gas.

''Not only would they not produce the methane, they would actually get something like 10 to 15 per cent more energy out of the feed they are eating,'' said Mr Klieve.

Submission + - Hotmail vaporizing legitimate emails

Submitted by Hotmail Vaporizer on Wednesday December 05, 2007 @02:37AM

Hotmail Vaporizer writes: Hotmail is among the most popular free web mail services, but its getting extremely stringent in its filtering techniques, to the point of vaporizing legitimate emails without sending the age-old 'bounce' message to the sender or even placing it in an end-users junk folder. An interesting read for anyone operating private domains or legitimate mailing lists and trying to reach Hotmail users, includes the hoops you need to go through to comply with Hotmail policy's http://www.webforefront.com/archives/2007/11/getting_through.html

Submission + - NIST Creates Perpetual Motion (dailytech.com)

Submitted by on Tuesday December 04, 2007 @10:42PM

An anonymous reader writes: The DailyTech writes that "The National Institute of Standards and Technology, in conjunction with the University of Maryland's Joint Quantum Institute, created a short-lived "proof of concept" of perpetual motion. Using an exotic type of matter known as a Bose Einstein condensate, or BEC, the team demonstrated true perpetual motion. Though the state persisted only ten seconds, team members say it will one day lead to real-world applications." http://www.dailytech.com/NIST+Creates+Perpetual+Motion++But+Only+for+10+Seconds/article9865.htm

Submission + - Why are my banks stupid?

Submitted by on Tuesday December 04, 2007 @01:34AM

An anonymous reader writes: Why can't I find a bank that isn't stupid?

Wellsfargo.com recently started loading (and requiring) javascript from akamai.net. This gives anyone who compromises akamai.net complete access to all Wellsfargo.com online banking functions. It's sort of like finding out that the bank vault has a back door that connects to the candy shop next door. Sure, the candyman is a nice guy, and he even locks his shop at night, but he's not my bank!

Just when I stopped fuming over that for a few minutes, an envelope arrived from Citibank. It shows my entire credit card number and advises me that my statement is available online.

Is there any bank that takes security at all seriously?

Submission + - DRM-Weaver: Mark Pilgrim on The Future of Reading 1

Submitted by

theodp

on Tuesday December 04, 2007 @01:07AM

theodp writes: "Using Amazon CEO Jeff Bezos' own words against him, Mark Pilgrim offers his chilling take on The Future of Reading with a mash-up of Bezos' Open Letter to the Authors Guild, the Amazon Kindle Terms of Service, Steven Levy's Newsweek article on the Kindle, 1984, and Richard Stallman's The Right to Read."

Submission + - computer games and reading levels (independent.co.uk)

Submitted by

Tradofficeboy

on Friday November 30, 2007 @06:18AM

Tradofficeboy writes: "British children are falling behind in their reading skills because they're playing too many computer games."

Slashdot Top Deals