Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Youth expelled from Montreal college after finding sloppy coding (nationalpost.com)

amiller2571 writes: "A student has been expelled from Montrealâ(TM)s Dawson College after he discovered a flaw in the computer system used by most Quebec CEGEPs, one which compromised the security of over 250,000 studentsâ(TM) personal information.

Ahmed Al-Khabaz, a 20-year-old computer science student at Dawson and a member of the schoolâ(TM)s software development club, was working on a mobile app to allow students easier access to their college account when he and a colleague discovered what he describes as âoesloppy codingâ in the widely used Omnivox software which would allow âoeanyone with a basic knowledge of computers to gain access to the personal information of any student in the system, including social insurance number, home address and phone number, class schedule, basically all the information the college has on a student.â"

Comment Re:Hammer to kill a swarm of flies (Score 1) 226

It is not stupid by any means, the system stores information all over the place. It would be to hard to try and encrypt each one by itself. It is far easier to just encrypt the whole thing. You would be surprised how little of a hit you take in performance. I used TrueCrypt for a good while and I never notices any slow down at all. Encryption like AES are extremely fast.

System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted too.


Comment Re:if they used a hash...? (Score 5, Informative) 497

We understand what he means, but if you did not read the update here you go

This doesn’t mean that your password has been shortened. Actually, Windows Live ID passwords were always limited to 16 characters—any additional password characters were ignored by the sign-in process. When we changed “Windows Live ID” to “Microsoft account,” we also updated the sign-in page to let you know that only the first 16 characters of your password are necessary. To avoid this error message in the future, you only need to enter the first 16 characters of your password.


Submission + - Android is under attack: New malware threats tripled in Q2 (bgr.com)

amiller2571 writes: "According to security research firm Kaspersky Labs, the volume of new malware targeting Android devices nearly tripled in the second quarter of 2012. Over the three-month period, the company found more than 14,900 new malicious programs targeting the platform. Nearly half of the malicious files were classified as multi-functional Trojans that were programmed to steal data from smartphones and could also download and install programs from remote servers."

Submission + - Using GitHub to host a business sensitive web application? 1

An anonymous reader writes: I'm working at a small company developing and maintaining a casino web site, which therefore handles a bit of money via payment providers and through the games themselves. Needless to say, if someone were to get their hands on the code base it may be a very bad situation if they can identify some security hole and gain access to accounts with real money, or just glance something else that's business critical.

Currently we use Subversion as our source control, but we are investigating a move to Git. A suggestion was recently brought up to use GitHub private repositories for hosting the code, instead of setting up our own server. We do use, love and try to contribute back to open source whenever we can, and for one thing it'd be nice to sponsor the fine people at GitHub by giving them some business. Other pros include not having to host and secure this ourselves, access from anywhere and a very good set of tools. We're also looking into share tools we have written in a public repository so it'd be nice to have it in the same place.

The question is if it's considered a secure alternative and if there are other potential problems? We can of course set up and maintain our own server, but it'd be nice to not have to, when there are others than can do it for us. :)

Are there people out there who has experience with using GitHub for something like this, and also are there anyone who has some insight into the security and policies that GitHub employs in practice, is it considered being on a good level? And of course, anything else you could think of that would affect such a decision, security-wise or otherwise.

I realize that if we think we are qualified to handle people's money (and we do!) we should be able to judge this for ourselves, but it'd be interesting to hear about other people's experiences and insights. We also know about GitHub Enterprise, but that's on another price level at about 20 times the cost, as well as moving the work back to us.


Submission + - Apple loses bid to exclude evidence in Samsung patent trial (bloomberg.com) 1

__aaltlg1547 writes: Apple loses bid to exclude evidence in Samsung patent trial Apple Inc. lost its bid to exclude evidence presented by Samsung Electronics Co. at the companies' patent trial in California about a tablet computer developed more than a decade before Apple's iPad was released in 2010. Judge Koh strikes for sanity again.

Slashdot Top Deals

The power to destroy a planet is insignificant when compared to the power of the Force. - Darth Vader