Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Stupid Simple Security - a Chrome plugin for safer browsing

shmaybebaby writes: There's this free and open source searchable repository of web vulnerabilities across the entire Internet. It's called PunkSPIDER (http://punkspider.hyperiongray.com) and it's handy for looking up the websites you frequent to see if they have any egregious vulnerabilities that could compromise your privacy and identity. Here's a Slashdot article on PunkSPIDER from last year http://it.slashdot.org/story/1... — you can see from the comments that it was, uh, kind of controversial.

But turns out, it's not even close to being the WMD that people were afraid of (that's a "weapon of mass destruction," in case you were born after the year 2000) and is actually kind of useful, particularly for the security / hacker community. People have used it for penetration testing recon, for security research, for a quick check of their own website, or just for personal use. The thing is, unless you're a security researcher who keeps PunkSPIDER open in a tab in your browser, you probably won't remember to go there and check out a website to make sure it's safe before you give them your credit card info.

To make it more accessible to the average user, the team behind PunkSPIDER released a Chrome extension that sits in your nav bar and tells you if PunkSPIDER has found any vulnerabilities on the site you're on. If it does, you get a red x, if it doesn't, you get a green check. It's stupid simple and it's free.

Here's a link to dl the extension https://chrome.google.com/webs... and here's a demo video on how it works http://www.youtube.com/watch?v.... There are some other videos under the same account that you can watch if you want to know more about the PunkSPIDER project.

There are plans to release a Firefox plugin soon, too, which will be nice because it's arguably a more ubiquitous browser than Chrome. Still, I'm switching to Chrome now just for this extension.

Submission + - Frist attack using RSA breach ? (networkworld.com)

jeffviper writes: Ouch.... we all knew it was a bad thing for RSA and here is the first casualty : Lockheed Martin

Lockheed responded to questions about the incident with this written statement: "We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multilayered information systems security," said spokesman Jeffery Adams.

Biotech

Submission + - Cattle Disease Rinderpest Eradicated (reuters.com)

eldavojohn writes: Bovines rejoice, rinderpest has been eradicated worldwide. The rinderpest virus has plagued Europe, Africa and Asia for centuries causing indirect famine in countries as hundreds of millions of cattle fell victim. This is the first time in recorded history that humankind has completely eradicated an animal disease.

Submission + - Endeavour launch scrubbed for 48 hours

shuz writes: At 10:15 am Eastern time the launch of Endeavour has been scrubbed for a minimum of 48 hours. The scrub is due to 2 failed Axillary Power Unit heaters.
Google

Submission + - Google Fiber comes to Kansas City (tekgoblin.com)

tekgoblin writes: "Remember that campaign that Google had announced a long while back to bring fiber to your front door? Well, it looks like they are making some actual progress now and launching part of the network in Kansas City, Kansas.

The city of Topeka had actually temporarily renamed the city to Google, Kansas the capital city of fiber optics in a move to get Google to lay fiber there. Well it seems to have worked because a deal has just been signed to roll out the fiber in the city which should be available to everyone in the area by 2012."

Microsoft

Submission + - Microsoft begins distributing Windows 8 to OEMs (winrumors.com)

siliconbits writes: Microsoft has begun to distribute early copies of Windows 8 to key OEM partners, WinRumors has learned. The software giant is distributing build 7971.0.110324-1900 via the company’s Connect external testing system. Key OEMs, including HP, are now able to access the Milestone 3 build from Connect. The program is advertised as Windows 8 and Server vNext Pre-Release Program, on Microsoft’s connect site and requires a special invite code, according to one poster at the My Digital Life forums.
Cloud

Submission + - Will companies face hosting bill shock for DDoS at (pcpro.co.uk)

nk497 writes: "Firms are turning to the cloud for cost savings and scalability, but what happens if a company is struck by a denial-of-service attack? The scalability and charge-by-use models could be problematic for companies targeted by the likes of Anonymous. Microsoft and Google both said they would consider dropping charges if traffic spikes could be proved to be from such attacks, but couldn't say if such a rebate has yet been offered to any customers."

Submission + - Inside the core of Zwentendorf (derstandard.at)

benesch writes: Austrian newspaper Der Standard has captivating pictures of a Fukushima-type reactor that never went live after a popular referendum in the 1970s.
From the source: "Austria: nuclear reactor Zwentendorf, construction started 1972, finished 1978, never activated following a no-vote in a national referendum on November 5th, 1978. It is a boiling water reactor like the one in Fukushima and about the same age."

Canada

Submission + - ISP's war on BitTorrent hits World of Warcraft (itworld.com)

jfruhlinger writes: "Canadian Internet users have the prospect of a metered Internet looming over their head, and now World of Warcraft players who use Rogers Communications as their ISP are encountering serious throttling. The culprit seems to be Rogers' determination to go after BitTorrent. WoW uses BitTorrent as a utility to update game files — something most users probably aren't even aware of."
Security

Submission + - Iranian Hacker Claims Credit For Comodo Hack (threatpost.com)

Trailrunner7 writes: Someone claiming to be the person behind last week's attack on a registration authority tied to Comodo has posted an explanation of the methods he supposedly used and the reasons for the attack. The rambling, disjointed message claims that the Comodo attack was not the act of an organized, state-sponsored group, but was instead the work of a lone actor who stumbled upon a way in.
"I was looking to hack some CAs like Thawthe, Verisign, Comodo, etc. I found some small vulnerabilities in their servers, but it wasn't enough to gain access to server to sign my CSRs. During my search about InstantSSL of Comodo, I found InstantSSL.it which was doing same thing under control of Comodo. After a little try, easily I got FULL access on the server, after a little investigation on their server, I found out that TrustDll.dll takes care of signing. It was coded in C#. Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account," he said.

Government

Submission + - Did Patriot Hackers Attack Canadian Government? (securityweek.com)

wiredmikey writes: It appears that Canada’s Finance, Defense Research and Development departments, as well as the Treasury Board, were hacked in February by what the Canadian government is calling an “unprecedented” and “significant” cyber attack. Although confirmation is pending, the attack seems to be the work of patriot hackers, using computer servers based in China.

Interestingly, the Canadian government admitted that if the hackers went all the way they would have accessed the financial information of private citizens.

This attack is hard to pull off, on one hand, and dangerously simple, on the other. Although seven months prior, CSIS, Canada’s Spy agency, warned in a CBC report that this attack was coming, the Canadian government still fell victim to it.

On a larger scale, with a specialized form of executive spear-phishing, big businesses, trading companies and as we saw in February, the federal departments of big governments are at risk, along with major corporations.

Slashdot Top Deals

I have never seen anything fill up a vacuum so fast and still suck. -- Rob Pike, on X.

Working...