Become a fan of Slashdot on Facebook


Forgot your password?

Ask Slashdot: What To Do When Finding a Security Breach On Shared Hosting? 168

An anonymous reader writes "A few months ago I stumbled across an interesting security hole with my webhost. I was able to access any file on the server, including those of other users. When I called the company, they immediately contacted the server team and said they would fix the problem that day. Since all you need when calling them is your username, and I was able to list out all 500 usernames on the server, this was rather a large security breach. To their credit, they did patch the server. It wasn't a perfect fix, but close enough that moving to a new web host was moved down on my list of priorities. Jump a head to this week: they experienced server issues, and I asked to be moved to a different server. Once it was done, the first thing I did was run my test script, and I was able to list out everyone's files again. The hosting company only applied the patch to old server. I'm now moving off this web host all together. However, I do fear for the thousands of customers that have no clue about this security issue. With about 10 minutes of coding, someone could search for the SQL connection string and grab the username/password required to access their hosting account. What's the best way to handle this type of situation?"

New Internal Cavity X-ray Technology for Airports 308

Thanks to a new type of X-ray scanner unveiled in Australia, annoyed TSA agents won't have to send you to a hospital for a body cavity scan, they can do it in-house. Officials say that more than 4,600 man-hours were wasted last year in hospitals waiting for scans. From the article: "Home Affairs Minister Brendan O'Connor said the scanners would also help innocent travelers. 'The option of an internal body scan will more quickly exonerate the innocent and ensure a minimum of delay for legitimate travelers,' Mr O'Connor said."

Comment DMCA Takedown? (Score 2) 334

As much as everybody hates DMCA takedown notices around here, it seems like that would be the proper avenue for this sort of thing. It's certainly not an abuse of the DMCA in this case. Apple would likely respond relatively quickly so they don't lose their safe harbor.

Comment Re:Prohibition? (Score 1) 243

I think that's exactly the point he was trying to make when he said "It's absurd to expect ordinary members of the public to think about what they're allowed to do [with CDs, digital downloads, etc]... and then ask themselves whether it's legal or not.". Because downloading music became so easy and so anonymous so quickly, it entered into the ordinary workflow of people's lives and users that download are so numerous that the chances of any one of them getting caught are infinitesimal at best. Geeks get really up in arms about it and so does the recording industry, but in between are hundreds of millions if not billions of people who genuinely don't care about the politics of it beyond "Is what I'm doing illegal and can I get caught easily?". I hate to break it to the recording industry, but the number of people who are acclimated to downloading music—legally or otherwise—is increasing rapidly, and the number of people who prefer to physically walk into a music store or best buy/walmart/whatever to buy a CD is dwindling fast.

Comment Re:behavioral problems have virtually disappeared (Score 1) 241

If you completely disregard the value of social skills, you're not very intelligent. That's what I said and I stand by it. Disregarding the value of social interactions and the value of being able to navigate those interactions effectively and the value of being likable is a stupid thing to do. Intelligence is but one part of what makes you successful, yeah, but understanding what will make you successful is part of being intelligent.

Comment Re:behavioral problems have virtually disappeared (Score 1) 241

I know some very intelligent people who were left in the dust career wise by less intelligent people because they just wouldn't learn to relate to people - and I mean wouldn't and not couldn't. They degrade people skills as being for the cheer leaders and "jocks" and sales droids.

Then, in the end, they're not that intelligent are they? I was picked on a lot in school, 'cause if I'm being perfectly honest here I am a huuuuge nerd. There's just no point in denying that when I'm here, posting this comment on Slashdot. The difference came when about halfway through high school I found out that a couple of people I'd written off as total douchebags were actually very smart, and their behaviour was largely a social ruse. I figured I could do the same.

Also, one thing that seriously helped was going to college all the way across the country from where I went to high school. Nobody I met in my first year at college knew I was a huge nerd in high school so they didn't treat me like one, then by the time I had to retreat into myself more because of my heavy computer science courseload, I already had a nice circle of friends going. I'm not saying the transition is easy but it is possible if you have made the decision to see yourself differently, and thus have everyone else perceive you differently. Things like Asberger's make it a lot harder but not impossible.

Comment Re:Good riddance! (Score 1) 272

We don't let horse and buggy on the interstate anymore, no matter HOW rich the idiot is. There's no reason to put up with IE6's shit anymore either.

I'm amish, you insensitive clod!!!

Seriously though, that's just about the most eloquent way I've heard it being put. I didn't have mod points so I decided to go with the above comment instead. Enjoy.

Comment Re:Good riddance! (Score 1) 272

Why not force an upgrade to IE7 or 8 and separate the ActiveX functionality into a plugin IT personnel at companies that depend on that functionality can install. That way ordinary users who don't have the plugin installed don't have the security headaches ActiveX implies, and companies get to keep their ancient software.

Comment Re:Sad news (Score 1) 920

That extinction level event was just as probable a thousand years ago and it didn't happen. This is the flaw in the "it's not a matter of if, but when" thing, because there's a certain probability of it happening tomorrow and there's another probability of the human race dying out in some other way—like as a result of global warming or resource depletion here at home—long before something like that happens. I'd rather my tax money be spent sending robots to do all the interplanetary exploration until it's cheap and safe enough to send humans instead. While I'm on the subject: RIP, Spirit!

Comment Re:Importance of Competitive Choices (Score 2, Insightful) 406

The problem wasn't that a browser is really important and everyone needs one; the problem was that Microsoft had integrated their browser into the operating system in such a way that the operating system itself could not work without it, effectively making it impossible to uninstall it even if the user preferred another browser. Part of what makes other browsers more secure than IE de facto is that they don't have their tentacles as deep into the system as IE does. I'm sure someone will shoot back that it's not true, but really if you have a browser that's able to change system settings like IE can without asking for a password first, you're doing it wrong.

Nobody's really proposing that windows ship without a web browser; I think the current idea is to force them to give users a choice of web browser when they install it.

Slashdot Top Deals

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"