Submission + - California Smart License Plates (modbee.com)
Senate Bill 806 authorizes the Department of Motor Vehicles to create a pilot program at no cost to the state with as many as 160,000 cars testing the digital plates patented by San Francisco-based Smart Plate Mobile. The state hopes the technology will improve efficiencies in vehicle registrations and potentially save the DMV some of the $20 million spent each year in postage for renewals.
Privacy advocates say the approach could leave motorists vulnerable to government surveillance by undoing a Supreme Court ruling that required authorities to obtain search warrants before using vehicle tracking devices.
"It means everyone driving in California will have their location accessible to the government at any time," said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. In 2010, the Legislature considered a similar bill supported by Smart Plate Mobile, with the noted addition of allowing for scrolling advertisements when a vehicle comes to a stop for four seconds or longer
Submission + - ICANN approves first set of new gTLD, .Amazon rejection looms (parityportal.com)
Submission + - Patent trolls getting the attention of the Feds (nytimes.com) 1
How does Intellectual Ventures describe itself? See for yourself here.
Submission + - EFF Sues NSA, Justice Department, FBI
Submission + - HBO Asks Google to Take Down "Infringing" VLC Media Player (torrentfreak.com) 1
Usually these notices ask Google to get rid of links to pirate sites, but for some reason the cable network also wants Google to
The same DMCA notice also lists various other links that don’t appear to link to HBO content, including a lot of porn related material, Ben Harper’s album Give Till It’s Gone, Naruto, free Java applets and Prince of Persia 5.
Submission + - New Moon Found Orbiting Neptune (www.cbc.ca)
The moon, which is currently known as S/2004 N1, was found on July 1 by Mark Showalter of the SETI Institute in Mountain View, Calif., NASA announced Monday.
It is less than 20 kilometres wide and its orbit is 105,000 kilometres from Neptune, between those of Larissa and Proteus, two of Neptune's other 14 known moons. It circles Neptune once every 23 hours.
Submission + - The Pope criminalizes leaks (usatoday.com) 1
But without the leaks, how would we find out about those crimes against children?
Many of the new provisions were necessary to bring the city state's legal system up to date after the Holy See signed international treaties, such as the U.N. Convention on the Rights of the Child. Others were necessary to comply with international norms to fight money-laundering, part of the Vatican's push toward financial transparency.
One new crime stands out, though, as an obvious response to the leaks of papal documents last year that represented one of the gravest Vatican security breaches in recent times. Paolo Gabriele, the butler for then-Pope Benedict XVI, was tried and convicted by a Vatican court of stealing Benedict's personal papers and giving them to an Italian journalist, Gianluigi Nuzzi. Using the documents, Nuzzi published a blockbuster book on the petty turf wars, bureaucratic dysfunction and allegations of corruption and homosexual liaisons that afflict the highest levels of Catholic Church governance. Gabriele, who said he wanted to expose the "evil and corruption" that plagued the Holy See, was convicted of aggravated theft and sentenced to 18 months in the Vatican's police barracks.
Oh, well. I guess plugging leaks won't stop all those shenanigans, but we just won't hear about it any more. This actually makes me feel like leaking something. If the Pope says it is dirty, and a sin, it must be a whole lot of fun doing it . . .
Submission + - Facebook and Microsoft Disclose Government Requests for User Data (securityweek.com)
Submission + - India to send world's last telegram (yahoo.com) 2
Submission + - Inside PRISM: Why the Government Hates Encryption (vortex.com)
Who is telling the truth?
Likely both. Based on previous information and the new leaks, we can make some pretty logical guesses about the actual shape of all this.
Here's my take.
Submission + - New Zealand set to prohibit software patents (iitp.org.nz)
An article on the Institute of IT Professionals web site by IT Lawyer Guy Burgess looks at the the bill and what it means, with reference to the law in other parts of the world such as the USA, Europe and Britain (which is slightly different from the EU situation).
Google Challenges Facebook Over User Address Books 120
Comment Re:heh (Score 3, Informative) 118
In this case setting NLS_DATE_FORMAT can be done by ANYONE regardless of whether they have ALTER SESSION granted.
some observations:
1. in most web apps you wont have access to the database, just the webserver...the database should be firewalled off.
2. it is RARE for PL/SQL developers to use resort to using dynamic SQL (execute immediate/DBMS_SQL) to run SQL, so this flaw, whilst interesting, is HIGHLY unlikely to be a problem...its certainly no where near as dangerous as developers not validating inputs where a application tier (java/php etc) does sql commands (esp if its not using bind variables) against a database [which by definition are dynamic sql calls].
Not to mention that using execute immediate without the USING clause and bind variables is again really rare by any half competent pl/sql developer.
3. the code also relies on another major error in the coding..type conversion. the date is implicitly converted to a string due to concatenation(||) i.e oracle rewrote that internally as to_char(v_date) and, as there was no supplied format it uses NLS_DATE_FORMAT.
i.e. in the example in the paper: stmt:='select object_name from all_objects where created = ''' || v_date || ''''; dbms_output.put_line(stmt); execute immediate stmt;
would undoutably be written PROPERLY as (in the dynamic case)
execute immediate 'select object_name from all_objects where created =
which is not susceptible to injection (NLS_DATE_FORMAT cant even come into play here).