Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - Adobe's strategy for Vulnerability Management (darkreading.com)

EliSowash writes: "Adobe's head of product security, Brad Arkin, had an opportunity to discuss his firm's approach to vulnerability management at Kaspersky's
Security Analyst Summit 2012. He's urging fellow security researchers to adopt a similar strategy, namely: Focus less on finding and exploiting vulnerabilities, and more on defensive mechanisms like DEP, ASLR, and sandboxing.

His argument is that security researchers are doing half the work for attackers — that by finding vulnerabilities in the software, we're making the job of writing exploit code easier.

To me, it comes of a little like sour grapes: Adobe's products are regularly exploited. Is Arkin trying to deflect some of the responsibility of a developer to produce safe product?"

Submission + - Parking Infrastructure...TANSTAAFL (iop.org)

__aamdvq1432 writes: Researchers in the Department of Civil and Environmental Engineering at Berkeley claim that the economic and environmental impacts of "free parking" make it way NOT free. One more argument in favor of telecommuting.
Privacy

Submission + - BSA Looks To Members For Anti-Piracy Technology (cnn.com)

brianwells writes: An article on CNN indicates that with the apparent success of Microsoft's Genuine Software Initiative, the BSA is looking for its other members to come up with similar ways to prevent copying. Robert Holleyman, head of the BSA, is quoted as saying that he expects such technology to be "a tool that is customer-friendly, that will reduce levels of piracy ... and make it easier for customers to interact with the product." It looks like all proprietary software may be spying on us in the future! Perhaps now is a good time to think about switching to open-source software if you have not already done so?
Music

Submission + - Radiohead Calls comScore Data "Wholly Inaccura

An anonymous reader writes: Tuesday comScore caused a stir when it said its research on the sales of Radiohead's In Rainbows showed that only 38% of downloaders paid for it. Way off, says the band in a press release issued today:

"In response to purely speculative figures announced in the press regarding the number of downloads and the price paid for the album, the group's representatives would like to remind people that, as the album could only be downloaded from the band's website, it is impossible for outside organisations to have accurate figures on sales...The figures quoted by the company comScore Inc are wholly inaccurate and in no way reflect definitive market intelligence or, indeed, the true success of the project."

The band, naturally, didn't offer any data of its own to offset comScores, but then it's probably good for business to keep everyone guessing.
Privacy

Submission + - UK to imprison for inability to decrypt data

mrbluze writes: Ars technica has an article describing new laws which come into effect on 1st November in the UK. Up to 2 and 5 years imprisonment can be inflicted on any person who refuses or cannot provide keys or decrypt data as requested by police or military for criminal or anti-terror purposes, respectively. From the article:

The Home Office has steadfastly proclaimed that the law is aimed at catching terrorists, pedophiles, and hardened criminals — all parties which the UK government contends are rather adept at using encryption to cover up their activities.
It refers to a potential problem faced by international bankers who would be wary to bring their encryption keys into the UK. Some how I doubt that is the real problem with the law.
The Courts

Submission + - U.of Oregon Says No to RIAA; ID no good

NewYorkCountryLawyer writes: "The University of Oregon has filed a motion to quash the RIAA's subpoena for information on student identities, in what is believed to be the first such motion made by the university itself, rather than by the students, and the first instance of a State Attorney General bringing a motion to quash an RIAA subpoena. The motion (pdf) explains that it is impossible to identify the alleged infringers from the information the RIAA has presented: "Five of the seventeen John Does accessed the content in question from double occupancy dorm rooms at the University. With regard to these Does, the University is able to identify only the room where the content was accessed and whether or not the computer used was a Macintosh or a PC.... The University cannot determine whether the content in question accessed by one occupant as opposed to another, or whether it was accessed instead by a visitor. Two of the seventeen John Does accessed the content in question from single occupancy dorm rooms....No login or personally identifiable information, i.e. authentication, was used by the Does to access the university's network because none is required. The University cannot determine whether the content was accessed by the room occupant or visitor. Nine of the seventeen John Does accessed the content in question from the University's wireless network or a similar system called the "HDSL Circuit." These systems do record a user name associated with the access. For these John Does, the University can determine the identity of the individual who bas been assigned the user name, however, it is unable to determine whether the content was accessed by the individual assigned that user name or by someone else using the computer associated with the user name. In the case of sixteen of the seventeen John Does, .... it is not possible for the University to identify the alleged infringers without conducting interviews and a forensic investigation of the computers likely involved." The AG's motion further argues (pdf) that "Plaintiffs' subpoena is unduly burdensome and overbroad. It seeks information that the University does not readily possess. In order to attempt to comply with the subpoena, the University would be forced to undertake an investigation to create discovery for Plaintiffs — an obligation not imposed by Rule 45. As the University is unable to identify the alleged infringers with any accuracy, it cannot comply with its federal obligation to notify students potentially affected by the subpoena." One commentator has likened the AG's argument to saying, in effect, that the RIAA's evidence is "rubbish"."
Censorship

Submission + - Courageous Blogger Wins 1.5 Year Legal Battle! (fixyourthinking.com)

FixYourThinking writes: "After nearly one and a half years of harassment from a relentless attorney, it seems that quietly a blogger in South Carolina has won a monumental ruling in favor of bloggers. In a summary judgement requested by the Defendant Philip Smith was able to obtain a special sanction after the Plaintiff attorney put a "notice of lien" (called lis pendens) on Smith's residence. The judge also reprimanded the Plaintiff attorney for abusive deposition and court procedure. The case set forth the following; "It's not the format; it's the content and intention that make text journalism / reporting""
The Courts

Submission + - RIAA's Sherman Attacks NewYorkCountryLawyer 4

Censorship

Submission + - CWnet blacklists delivery of word documents.

GarryFre writes: "Recently, Cwnet.com has begun blocking emails containing word documents. In the business industry, the ability to send legal information, in a desired format is a vital feature. Apparrently CwNet does not feel this way and has taken to not just stripping out the attachments but refusal to deliver any port of the email, leaving users in the dark about email that never reaches them. While most people would probably agree, that the ability of malware to be transmitted in Word, Excel and other formats, is a major concern, this is comparable to the US Post office throwing away packages because packages can contain malicious content."
The Almighty Buck

Submission + - RIAA Finally Gets Day in Court (groklaw.net)

CrkHead writes: "After many years of avoiding a jury trial, Groklaw is reporting that they finally have to actually prove a case.

This is history in the making, in that this is the very first RIAA jury trial to actually go to trial in all the years since the RIAA began to sue people four or so years ago. I gather they tried to get out of this one too, but now it's set and it will happen.
"

Mozilla

Submission + - Firefox 3 AntiMalware does NOT send urls to Google (google.com)

An anonymous reader writes: The official developers guide of the Safe Browsing API by Google (here) indicates that there is no way you can query Google for a malware URL. Instead, you need to download the blacklist and ask for updates frequently. Then, you need to authenticate the list, canonicalize the URLs, split them into small parts, md5 hash them and compare them to the list. That does not sound like sending URLs to Google. You can also verify by looking at Firefox's source code. Last I heard, Firefox was open source.
The Courts

Submission + - Florida Judge OK's Claims Against Record Companies (blogspot.com)

NewYorkCountryLawyer writes: A federal judge in Tampa, Florida, has ruled that an RIAA defendant's counterclaim against the record companies for conspiracy to use unlicensed investigators, access private computer records without permission, and commit extortion, may move forward. The Court also sustained claims for violations of the federal Computer Fraud and Abuse Act as well as a claim under Florida law for deceptive and unfair trade practices. The decision (pdf) by Judge Richard A. Lazzara in UMG v. DelCid rejected, in its entirety, the RIAA's assertion of "Noerr Pennington" immunity, since that defense does not apply to "sham litigations", and Ms. Del Cid alleges that the RIAA's cases are "sham".
Communications

Submission + - Swedish Government Surveillance - The Other Way! (gnuheter.com)

pawal writes: "With a list of Swedish government agencies and armed programming knowledge I decided to make a statement about the discussion about surveillance of the Internet in Sweden. I made a service called Creeper that I released in May this year. Anyone can use the service by linking a PNG-file on their homepage or blog, and my software will then match each request from the list of IP-addresses that I have collected. Now anybody surfing to the webpages that has this PNG is logged if the IP-address is a match. Already we have discovered government people being admins of Torrent-sites and surfing porn. There is a German version called Uberwach.de, and it would be great to see this service in other countries as well."
The Media

Submission + - Viacom chairman comes down hard on Internet piracy (dailyfreepress.com)

allthefish writes: "Sumner Redford, Chairman/Majority Owner of National Amusements, Viacom, and CBS gave a speech Tuesday at Boston University's School of Law. In it, he gave a misleading and inaccurate lecture on the evils of music and movie piracy, going as far as claiming that music sales slipped 61% in 2003; the official RIAA sales statistics prove a 2.7% loss for 2003, as opposed to the outrageous figure proposed by Redstone. Its obvious why he said the things he did, being who he is, but he could have backed up his opinions with facts instead of fallacy."

Slashdot Top Deals

Before Xerox, five carbons were the maximum extension of anybody's ego.

Working...