Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Office 365, Amazon, Others Vulnerable To Exploit Microsoft Knew About In 2012 125

colinneagle writes "Ethical hacking professor Sam Bowne recently put a cookie re-use method to test on several major web services, finding that Office 365, Yahoo mail, Twitter, LinkedIn, Amazon, eBay, and WordPress all failed the security test. Both Amazon and eBay can be tied directly to your money via the method of payment you have on record. And, just for kicks, we tried it with Netflix. And it worked. Microsoft has apparently known that accounts can be hijacked since at least 2012 when The Hacker News reported the Hotmail and Outlook cookie-handling vulnerability, so Bowne was curious if Microsoft closed the hole or if stolen cookies could still be re-used. He claims he 'easily reproduced it using Chrome and the Edit This Cookie extension.'"

Comment Re:3 types of data: Log, Account and ??? (Score 1) 57

Interesting, the report specifies that user data is 1 of 3 types:

  • Log data (user activity)
  • Account data (Users emails, settings, etc)
  • Third type is redacted.. Wonder what it is

I wonder if it could be something like "derived" or "deduced" data, which is information about the user obtained from other sources.

Comment Re:Requirements do change (Score 1) 491

If the requirements really are constantly changing, Agile poses a very real risk of never producing a working product. At some point, you have to step back and say, "Okay, we're never going to have a working building if we can't decide whether we're building a house or an office building."

This is true. In After the Gold Rush Steve McConnell makes the point that "Software Isn't Soft" (p. 19):

As software systems have become more complex ... [the] notion that software is easy to change has become on of the most pernicious ideas in software development. Several studies have found that requirements changes—attempts to take advantage of software's supposed softness—are among the most common sources of cost and schedule overruns.

Flexibility costs money up front. Limiting flexibility saves money up front, but typically costs disproportionately more money later. The difficult engineering judgement is weighing the known present need against the possible future need.

Comment Re:Once again proving they are idiots (Score 1) 382

They could have selected any resolution after basing icons and other graphical bits on SVG and it would ALWAYS look as sharp as it needs to look.

It's true that SVG can scale, but you need tailor them for the intended pixel size. SVG images designed for 256x256 look horrible when scaled to 16x16 or 32x32. The smaller ones need less detail, so you can't just assume that an SVG graphic will work at any resolution.

Comment Re:Video?! (Score 1) 206

Just look at the greasy finger marks

The question of smudges was addressed by Zach Pace in the Building Windows 8 blog entry on picture passwords. He emphasizes that Microsoft's goal was to design a password mechanism that was easier to use than PINs on touch devices, with equal or better security.

The picture password system is certainly vulnerable to the smudge factor, but it's no worse than existing PIN systems today.

Slashdot Top Deals

"We learn from history that we learn nothing from history." -- George Bernard Shaw