Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Next release codename? (Score 5, Informative) 177

I think the spyware has been a radioactive enough issue that any derivatives are going to make a point of cutting it out.

That said, I don't see the need. As much as I don't like what Ubuntu did with the shopping lens, I've long switched to Xubuntu anyway, which is more sanely managed. (The original reason was to get away from Unity, and their avoidance of subsequent Canonical brain damage cemented the deal.)

Significantly, when you use [KX]ubuntu, you still benefit from all the release engineering work of Ubuntu proper, including security updates---a point on which I'm a little more wary of derivatives like Mint.

Comment Re:How would an attack happen? (Score 2) 100

I know it's not always easy, but most data input into web forms is quite straightforward. The application should not be checking whether the data is invalid - it should be checking that it's valid. That's a subtle distinction, and I'm probably going to fail to explain it!

You'd probably have an easier time explaining it as whitelisting versus blacklisting. A developer can't hope to ever enumerate all the bad things an app should reject, so s/he should instead enumerate the much smaller set of things it should accept. Same deal if you're using a regex or whatnot to sanitize input instead of matching against a list.

Comment Re:One-time pads (Score 1) 284

  • Attacker posts the malicious transfer form and performs the query to tell the bank to send out a text message.
  • Attacker displays a fake copy of the verification form where you are supposed to enter the info from the text message.
  • You read the text message, especially the part describing a $20,000 transfer to Zurich.
  • You don't enter the verification code.

Fixed that for you.

Comment Re:How soon does it work after infection? (Score 1) 208

You're thinking about HIV, you're right, that takes months. The clap (ghonorhea) will show up the next day as will several others (actually, most STIs will show positive the next day). There's no cheap test that separately identifies Herpes Simplex 1 from Simplex 2, there is a cheap test that does not distinguish and will show positive if you have either.

The cheap herpes test works that quickly, too? My understanding is that HSV is harder to detect, not least because the virus isn't always being shed.

If the test is reliable, and quick to yield a positive, that would be pretty good---given that condoms don't necessarily protect against HSV, and we don't have a cure for it as yet...

Comment Re:Perhaps a new mail header? (Score 3, Insightful) 251

PGP/GPG is overkill. Just drop messages that fail an SPF check. Spoofing is part of the problem here, and SPF was tailor-made to address spoofing.

If you do use PGP/GPG, you don't need an extra header for the signature; it's usually added as a small attachment, and better mail clients already pick up on that for verification.

Comment Things that provides that Gmail doesn't (Score 5, Informative) 135

  • Server-side Sieve filtering/sorting
  • File storage, optionally Web-accessible (I use this to serve up a simple, static-only Web site)
  • Various authentication options (reduced-access password, one-time logins, passwords via SMS, etc.)
  • Teh Google is not reading your mail, so you can put your tin-foil hat away :-)

Slashdot Top Deals

"I'm not a god, I was misquoted." -- Lister, Red Dwarf