Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Security

SSLStrip Now In the Wild 208

Posted by CmdrTaco from the not-the-marisa-tomei-kind dept.
An anonymous reader writes "Moxie Marlinspike, who last week presented his controversial SSL stripping attacks at Black Hat Federal, appears to have released his much-anticipated demonstration tool for performing MITM attacks against would-be SSL connections. This vulnerability has been met with everything from calls for more widespread EV certificate deployment to an even more fervent push for DNSSEC."

Comment Hype (Score 4, Informative) 67

by emance (#26950345) Attached to: Uncle Sam's Travel Site Grounded By Breach

The Website was not disabled. Rather, the web-based compromise began redirecting users to malicious websites.

It is interesting to read that the 'compromise' was achieved through eAuthentication, a ubiquitous federal application serving multiple agencies.

It seems like the attack could have been more harmful than this apparently relative ineffectual inconvenience.
Security

Uncle Sam's Travel Site Grounded By Breach 67

Posted by timothy from the bailout-is-in-order dept.
McGruber writes "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"
It's funny. Laugh.

After Monty Python Goes YouTube, Big Jump In DVD Sales 281

Posted by timothy from the causation-may-have-something-to-do-with-correlation dept.
An anonymous reader writes "Apparently it with the release of all of Monty Python's material on YouTube, their sales have blown through the roof on Amazon.com. It is too bad there isn't any proper news article about this, but I think it bodes well for those who champion free content. More importantly, it forces the MPAA's feet into their mouths." Not every performer (or group of performers) has the decades-strong appeal of Monty Python, but this is a great thing to see. The linked article claims that the sales increase in the Python DVDs is 23,000 percent; there are probably some other ways to figure the numbers, but a big increase is easy to see.
Games

Valve Takes Optimistic View of Piracy 509

Posted by Soulskill from the non-customer-is-always-right dept.
GameDaily recently spoke with Jason Holtman, director of business development and legal affairs for Valve, about online sales and piracy. Holtman took a surprising stance on the latter, effectively taking responsibility for at least a portion of pirated games. Quoting: "'There's a big business feeling that there's piracy,' he says. But the truth is: 'Pirates are underserved customers. When you think about it that way, you think, "Oh my gosh, I can do some interesting things and make some interesting money off of it." We take all of our games day-and-date to Russia,' Holtman says of Valve. 'The reason people pirated things in Russia,' he explains, 'is because Russians are reading magazines and watching television — they say "Man, I want to play that game so bad," but the publishers respond "you can play that game in six months...maybe." We found that our piracy rates dropped off significantly,' Holtman says." Attitudes like this seem to be prevalent at Valve; last month we talked about founder Gabe Newell's comments that "most DRM strategies are just dumb."

Comment Re:I'd rather have 4/36 (Score 1) 1055

by emance (#26459817) Attached to: How Does a 9/80 Work Schedule Work Out?

First:

At the end of every month they have about $500 left over for spending money.

Wrong. $50,000 'Person A' has a monthly net gross of $2042.

Now they have a net debt of $200 a month.

Wrong. $75,000 'Person A' has a monthly net gross of $2200.

Next:

Taxes are to blame.

Hardly. Even if the person was in debt, it is that person's fault for living beyond their means.
Books

Your Favorite Tech / Eng. / CS Books? 517

Posted by kdawson from the art-of-computer-programming dept.
chris_eineke writes "I like to read and to collect good books related to computer science. I'm talking about stuff like the classic textbooks (Introduction to Algorithms 2nd ed., Tanenbaum's Operating Systems series) and practitioners' books (The Practice of Programming, Code Complete) and all-around excellent books (Structure and Interpretation of Computer Programs, Practical Common Lisp). What's your stocking-stuffer book this Christmas? What books have been sitting on your shelves that you think are the best ones of their kind? Which ones do you think are -1 Overrated? (All links are referral-free.)"
Security

IRS Doesn't Check Cyberaudit Logs 78

Posted by samzenpus from the check-your-work-twice dept.
An anonymous reader writes "The US Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office. The report is not exactly flattering for the IRS. The report, with large chunks redacted, recommends the IRS allow independent review of audit logs and establish procedures to save audit logs. It also recommended that the IRS regularly test its Internet gateways for compliance with standard security configurations."

Comment Innacurate Study? Bad article? (Score 1) 123

by emance (#23194628) Attached to: Predicting Human Errors From Brain Activity
It seems to me that the device is designed to detect lulls in brain activity in such a manner:

a. As we think critically on a complex subject our brain works harder, so the system detects this.

b. While we are day dreaming ('brain-fart', 'writer block', 'brain freeze', 'mind short', etc.) our brain relaxes for a moment, and the system detects this as well.

c. The study uses sleep as the control, at which it is assumed we are using our brains the least.

This may not be accurate because:

a. The test cannot accurately determine critical thought

Assuming the study uses a constant 'test' as a control, the participants will approach said test differently. The measured activity can not depict how challenging the material is because its difficulty is relative.

b. The test cannot accurately determine an 'error'

Suppose participants' lulls are composed of different thoughts. Perhaps one subject drifts into near unconsciousness, while another is mesmerized by the surroundings. One subject will have a noticeable drop in activity, while another seems to remain constant.

c. The low point of activity may be incorrectly measured

As you all know, certain phases of sleep will utilize the mind's power. It is assumed that the study determines the lowest point of brain activity during the participants' sleep cycle as a constant of zero. This may be the only valuable thing the study could have determined.

It seems that the PNAS is the best place to learn the specifics of the study.

Slashdot Top Deals

You know you've landed gear-up when it takes full power to taxi.

Close