DazzaL - Slashdot User

Submission + - Jimmy Carter Calls Snowden Leak Ultimately "Beneficial" (rt.com)

Submitted by eldavojohn on Thursday July 18, 2013 @09:11AM

eldavojohn writes: According to RT, the 39th president of the United States made several statements worth noting. Carter said that 'America has no functioning democracy at this moment' and 'the invasion of human rights and American privacy has gone too far.' The second comment sounded like the Carter predicted the future would look favorably upon Snowden's leads — at least those concerning domestic spying in the United States — as he said: 'I think that the secrecy that has been surrounding this invasion of privacy has been excessive, so I think that the bringing of it to the public notice has probably been, in the long term, beneficial.' It may be worth noting that, stemming from Zurcher v. Stanford Daily, Jimmy Carter signed the Privacy Protection Act of 1980 into law and that Snowden has received at least one nomination for the Nobel Peace Prize.

Submission + - California Smart License Plates (modbee.com)

Submitted by Anonymous Coward on Thursday July 18, 2013 @07:04AM

An anonymous reader writes: California license plates could get a high-tech makeover with a digital screen and wireless capabilities as part of a Senate bill making its way through the Legislature.
Senate Bill 806 authorizes the Department of Motor Vehicles to create a pilot program at no cost to the state with as many as 160,000 cars testing the digital plates patented by San Francisco-based Smart Plate Mobile. The state hopes the technology will improve efficiencies in vehicle registrations and potentially save the DMV some of the $20 million spent each year in postage for renewals.
Privacy advocates say the approach could leave motorists vulnerable to government surveillance by undoing a Supreme Court ruling that required authorities to obtain search warrants before using vehicle tracking devices.
"It means everyone driving in California will have their location accessible to the government at any time," said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. In 2010, the Legislature considered a similar bill supported by Smart Plate Mobile, with the noted addition of allowing for scrolling advertisements when a vehicle comes to a stop for four seconds or longer

Submission + - ICANN approves first set of new gTLD, .Amazon rejection looms (parityportal.com)

Submitted by hypnosec on Thursday July 18, 2013 @06:47AM

hypnosec writes: ICANN (Internet Corporation for Assigned Names and Numbers) has approved the first set of global Top Level Domains (gTLDs) and surprisingly all four are non-English words including . (“Web” in Arabic); . (“Game” in Chinese); . (“Online” in Russian); and . (“Web site” in Russian). Approval of four non-English words can be considered as a milestone and this approval marks "the first time that people will be able to access and type in a website address for generic Top-Level Domains in their native language."

Submission + - Patent trolls getting the attention of the Feds (nytimes.com) 1

Submitted by crazyvas on Tuesday July 16, 2013 @09:27PM

crazyvas writes: The New York Times has published an article on the FTC which is planning to investigate the patent system, and likely patent trolls such as Intellectual Ventures. From the article: 'To its defenders, Intellectual Ventures is a revolutionary company unfairly viewed, in the words of its co-founder Peter N. Detkin, “as the poster child of everything that is wrong with the patent system.” To its critics, it is a protection racket otherwise known as a patent troll. This summer, the Federal Trade Commission is expected to begin a sweeping investigation of the patent system after the agency’s chairwoman, Edith Ramirez, urged a crackdown. She has singled out a particular kind of miscreant, one that engages in “a variety of aggressive litigation tactics,” including hiding behind shell companies when it sues.'

How does Intellectual Ventures describe itself? See for yourself here.

Submission + - EFF Sues NSA, Justice Department, FBI

Submitted by Jawnn on Tuesday July 16, 2013 @02:18PM

Jawnn writes: The Washington Post reports that the EFF has filed suit in Federal Court in San Francisco, on behalf of multiple groups. Those groups include, "...Rights activists, church leaders and drug and gun rights advocates..." Apparently, not everyone out there is believing the "If you have nothing to hide..." excuses being offered up from various government quarters.

Submission + - HBO Asks Google to Take Down "Infringing" VLC Media Player (torrentfreak.com) 1

Submitted by another random user on Tuesday July 16, 2013 @03:03AM

another random user writes: It’s no secret that copyright holders are trying to take down as much pirated content as they can, but their targeting of open source software is something new. In an attempt to remove pirated copies of Game of Thrones from the Internet, HBO sent a DMCA takedown to Google, listing a copy of the popular media player VLC as a copyright infringement. An honest mistake, perhaps, but a worrying one.

Usually these notices ask Google to get rid of links to pirate sites, but for some reason the cable network also wants Google to

The same DMCA notice also lists various other links that don’t appear to link to HBO content, including a lot of porn related material, Ben Harper’s album Give Till It’s Gone, Naruto, free Java applets and Prince of Persia 5.

Submission + - New Moon Found Orbiting Neptune (www.cbc.ca)

Submitted by Dave Knott on Tuesday July 16, 2013 @12:18AM

Dave Knott writes: A tiny, previously unknown moon circling Neptune has been spotted by astronomers using the Hubble telescope.

The moon, which is currently known as S/2004 N1, was found on July 1 by Mark Showalter of the SETI Institute in Mountain View, Calif., NASA announced Monday.

It is less than 20 kilometres wide and its orbit is 105,000 kilometres from Neptune, between those of Larissa and Proteus, two of Neptune's other 14 known moons. It circles Neptune once every 23 hours.

Submission + - The Pope criminalizes leaks (usatoday.com) 1

Submitted by PolygamousRanchKid on Thursday July 11, 2013 @11:51AM

PolygamousRanchKid writes: Pope Francis overhauled the laws that govern the Vatican City State on Thursday, criminalizing leaks of Vatican information and specifically listing sexual violence, prostitution and possession of child pornography as crimes against children that can be punished by up to 12 years in prison.

But without the leaks, how would we find out about those crimes against children?

Many of the new provisions were necessary to bring the city state's legal system up to date after the Holy See signed international treaties, such as the U.N. Convention on the Rights of the Child. Others were necessary to comply with international norms to fight money-laundering, part of the Vatican's push toward financial transparency.

One new crime stands out, though, as an obvious response to the leaks of papal documents last year that represented one of the gravest Vatican security breaches in recent times. Paolo Gabriele, the butler for then-Pope Benedict XVI, was tried and convicted by a Vatican court of stealing Benedict's personal papers and giving them to an Italian journalist, Gianluigi Nuzzi. Using the documents, Nuzzi published a blockbuster book on the petty turf wars, bureaucratic dysfunction and allegations of corruption and homosexual liaisons that afflict the highest levels of Catholic Church governance. Gabriele, who said he wanted to expose the "evil and corruption" that plagued the Holy See, was convicted of aggravated theft and sentenced to 18 months in the Vatican's police barracks.

Oh, well. I guess plugging leaks won't stop all those shenanigans, but we just won't hear about it any more. This actually makes me feel like leaking something. If the Pope says it is dirty, and a sin, it must be a whole lot of fun doing it . . .

Submission + - Facebook and Microsoft Disclose Government Requests for User Data (securityweek.com)

Submitted by wiredmikey on Saturday June 15, 2013 @03:29PM

wiredmikey writes: Facebook and Microsoft say they received thousands of requests for information from US authorities last year but are prohibited from listing a separate tally for security-related requests or secret court orders related to terror probes. The two companies have come under heightened scrutiny since word leaked of a vast secret Internet surveillance program US authorities insist targets only foreign terror suspects and is needed to prevent attacks. Facebook said Friday it had received between 9,000 and 10,000 requests for user data affecting 18,000 to 19,000 accounts during the second half of last year and Microsoft said it had received 6,000 to 7,000 requests affecting 31,000 to 32,000 accounts during the same period.

Submission + - India to send world's last telegram (yahoo.com) 2

Submitted by afarhan on Saturday June 15, 2013 @09:33AM

afarhan writes: India will pull the plug on it's 160 year old telegram service on 15th July, this year. This will be the last telegram every sent in the world. However, telegrams are still relevant in this vast country. More than 500 million people are still without access to a phone or Internet. For these people, telegram still remains the only digital communication available. In India, telegram is also considered a legal correspondence.

Submission + - Inside PRISM: Why the Government Hates Encryption (vortex.com)

Submitted by Lauren Weinstein on Friday June 07, 2013 @02:59PM

Lauren Weinstein writes: Now, what's really going on with PRISM? The government admits that the program exists, but says it is being "mischaracterized" in significant ways (always a risk with secret projects sucking up information about your citizens' personal lives). The Internet firms named in the leaked documents are denying that they have provided "back doors" to the government for data access.

Who is telling the truth?

Likely both. Based on previous information and the new leaks, we can make some pretty logical guesses about the actual shape of all this.

Here's my take.

Submission + - New Zealand set to prohibit software patents (iitp.org.nz)

Submitted by Drishmung on Wednesday May 08, 2013 @11:20PM

Drishmung writes: The New Zealand Commerce Minister Craig Foss today (9 May 2013) announced a significant change to the Patents Bill currently before parliament, replacing the earlier amendment with far clearer law and re-affirming that software really will be unpatentable in New Zealand.

An article on the Institute of IT Professionals web site by IT Lawyer Guy Burgess looks at the the bill and what it means, with reference to the law in other parts of the world such as the USA, Europe and Britain (which is slightly different from the EU situation).

Google Challenges Facebook Over User Address Books 120

Posted by Soulskill on Saturday November 06, 2010 @09:24AM from the where's-my-say dept.

jcombel writes "When you sign in to Facebook, you had the option of importing your email contacts, to 'friend' them all on the social network. Importing the other way — easily copying your Facebook contacts to Gmail — required jumping through considerable copy/paste hoops or third-party scripts. Google said enough is enough, and they're no longer helping sites that don't allow two-way contact merging. The stated intention is standing their ground to persuade other sites into allowing users to have control of where their data goes — but will this just lead to more sites putting up 'data walls?'"

Comment Re:heh (Score 3, Informative) 118

by DazzaL on Friday April 25, 2008 @04:47PM (#23202708) Attached to: New Attack Exploits "Safe" Oracle Inputs

It is not true to say that you need ALTER SESSION privilege granted to actually issue ALTER SESSION commands. Yes, that sounds counter-intuitive but it is true that you can issue SOME alter session commands if you can connect to a database regardless of what privs you have.

In this case setting NLS_DATE_FORMAT can be done by ANYONE regardless of whether they have ALTER SESSION granted.

some observations:

1. in most web apps you wont have access to the database, just the webserver...the database should be firewalled off.

2. it is RARE for PL/SQL developers to use resort to using dynamic SQL (execute immediate/DBMS_SQL) to run SQL, so this flaw, whilst interesting, is HIGHLY unlikely to be a problem...its certainly no where near as dangerous as developers not validating inputs where a application tier (java/php etc) does sql commands (esp if its not using bind variables) against a database [which by definition are dynamic sql calls].

Not to mention that using execute immediate without the USING clause and bind variables is again really rare by any half competent pl/sql developer.

3. the code also relies on another major error in the coding..type conversion. the date is implicitly converted to a string due to concatenation(||) i.e oracle rewrote that internally as to_char(v_date) and, as there was no supplied format it uses NLS_DATE_FORMAT.

i.e. in the example in the paper: stmt:='select object_name from all_objects where created = ''' || v_date || ''''; dbms_output.put_line(stmt); execute immediate stmt;

would undoutably be written PROPERLY as (in the dynamic case) execute immediate 'select object_name from all_objects where created = :b1' using v_date;

which is not susceptible to injection (NLS_DATE_FORMAT cant even come into play here).

Submission + - BBC tech head: "BBC not in bed with Bill Gates (tech.co.uk) 1

Submitted by whoever57 on Wednesday October 31, 2007 @05:36PM

whoever57 writes: According to the BBC's head of technology, there are only a small number of Linux visitors to the BBC's website and this is the reason that the BBC's iPlayer only supports Windows XP Why he expects a large number of Linux based visitors to his site when the media downloads are Windows XP only is not clear. He also thinks that "Launching a software service to every platform simultaneously would have been launch suicide", despite the example of many major sites that support Linux (even if this is through the closed source flash player). How the small number of Linux visitors could cause "suicide" is not explained. Most software processes envisage launching to a select group first, then working out the bugs, then making it available to the largest group.

Slashdot Top Deals