Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 8 declined, 2 accepted (10 total, 20.00% accepted)

Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Webpage broadcasts radio, even if you don't have radio hardware (githack.com) 1

fulldecent writes: If you are using a MacBook Air, open this webpage and turn your nearest AM radio (you still have one?) to 1580 kHz and listen. It will play music. Other types of computers also work and many users have documented the best frequency to tune it. Even some phones work.

This does NOT require any radio-transmitting hardware, wifi, cellular, or audio capabilities either. It is accomplished by modulating expensive processor calculations and your hardware is allowing electromagnetic radiation to leak which is picked up by the radio. This technique was recently presented at USENIX.

The full project page is at https://github.com/fulldecent/system-bus-radio and includes versions that you can download and compile and which produce stronger output than the Javascript version.

(Full disclosure: the project was previously mentioned here. However, since the project has been updated to work from a webpage and by using smartphones.)

Submission + - New program transmits radio on computers without radio transmitting hardware (github.com) 1

fulldecent writes: This project allows transmission of radio signals from a computer that is otherwise air gapped. Right now this could be useful for playing a quick tune or for pranks. But there are more nefarious uses as this could also be used to exfiltrate information from secure networks. The code is open source at https://github.com/fulldecent/system-bus-radio.

Submission + - Photo printing website Artisan State allows access to all user-uploaded photos (blogspot.com)

fulldecent writes: Popular photo printing website Artisan State, which specializes in bound photo books mostly for wedding photos or other events, unintentionally makes all its uploaded user photos available publicly for download. This case study shows how their photos are able to be downloaded and things vendors should think about when considering security of seemingly private user content. The case study also discusses how this flaw was reported to the vendor, but unfortunately never fixed. This follows other articles on Slashdot discussing security disclosure. How do you report vulnerabilities to vendors? And do you support publishing them if they are not fixed in a reasonable time?

Submission + - Ask Slashdot: Are there any responsible security disclosures that ended well? (blogspot.com)

fulldecent writes: Technology online changes fast and large organizations often make poor implementations of this technology leading to security vulnerabilities. Some of the failures are egregious like websites that use a user ID in the URL to authenticate that user, and other take a little curiosity to find. Either way, they will be found. The people on Slashdot, I feel, are more likely to want to report this to the vendor and do these things for sport. Personally I take the smaller ones and mail a letter to the vendor and then post online in a few weeks. For bigger ones I wind up in high-pressure phone calls with "private public partnership" agencies, end up signing something unfavorable and the resolution still feels bad.

So, who out there is responsibly disclosing vulnerabilities? Are you getting public credit? Are you involved in (and getting paid for?) for a technical fix? Are you feeling good about the result? Do the rules still apply for state-protected industries like banks? And which lawyers provide advice to the finders, who are just normal people and don't have money and expertise dealing with lawyers?

Submission + - NH Supreme Court hears case on anonymous sources (poynter.org)

fulldecent writes: The New Hampshire Supreme Court heard oral arguments Wednesday in a lawsuit that calls into question the legal protections available to independent Web sites that cover news.

The case involves mortgage lender Implode-Explode, a Las Vegas-based site launched in 2007 that publishes stories about the meltdown of the mortgage industry. The court did not make a final decision on the case Wednesday, but one of its options could be to send the case back to the lower court for further review and litigation on specific points of law.

Media

Submission + - Using comics to demonstrate protocol interactions (blogspot.com)

fulldecent writes: "It is important to make your articles are reachable to non-technical audiences. This article uses a comic to demonstrate a simple HTTP interaction and why the technical details are important. The underlying post talks about TD Ameritrade and how they are selling users' financial information to News Corp via a cross-site image fetch."
Networking

Submission + - Verizon trails SiteFinder 2 (verizon.net)

fulldecent writes: "On June 11, 2007, Verizon Online will begin the trial of a new Advanced Web Search service designed to reduce the amount of dead-end, "no file exists" or similar error messages you see and to help you quickly find the destination web site you were seeking. If you type a nonexistent or unavailable URL (e.g., www.verizon.cmo), or enter a search term, into your browser address bar, Verizon may present you with an Advanced Web Search page containing suggested links based upon the query you entered. The Advanced Web Search page would be presented instead of your receiving an NXDOMAIN or similar error message. The Verizon Advanced Web Search page may impact applications that rely on an NXDOMAIN or similar error message and may override similar browser-based search results pages. If you would prefer not to receive Advanced Web Search pages from Verizon, you should follow the opt-out instructions that are available by clicking on the "About the Search Results Page" link on any Advanced Web Search page."

Slashdot Top Deals

He who has but four and spends five has no need for a wallet.

Working...