gondaba - Slashdot User

Submission + - Palm WebOS Hacked Via SMS Messages

Submitted by gondaba on Monday April 19, 2010 @12:33PM

gondaba writes: Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly validate input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over a SMS message).

9 Reasons Why Developers Think the CIO Is Clueless 275

Posted by CmdrTaco on Tuesday July 01, 2008 @06:51PM from the wearing-underwear-outside-pants-doesn't-help dept.

Esther Schindler writes "Finally, a Forrester analyst who understands the attitudes of software developers. Mike Gualtieri identifies nine behaviors managers need to steer clear of or risk being labeled 'clueless' — from control freak tendencies to being a vendor puppet. My favorite, however, is point #8: 'the CIO collaborates to death,' in which Gualtieri opines, 'And, if you never watched Star Trek then you shouldn't even be a CIO.'"

Submission + - Dan Geer on Trusting PCs in Botnets (zdnet.com)

Submitted by walk*bound on Tuesday November 20, 2007 @12:41PM

walk*bound writes: In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal to trust the handshake between e-commerce sites and zombie computers. The suggestion is simple: Assume end users either always say "Yes" or "No" to security dialog boxes, then make the decision two ways: "When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say Yes and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."

IBM, Linden Labs Call For Portable Avatars 93

Posted by kdawson on Thursday October 11, 2007 @11:54AM from the door-from-sl-to-google-earth dept.

destinyland writes "IBM just announced a push for universal avatars with Second Life's creator Linden Labs. Then they joined Google, Cisco, Intel, Sony, Microsoft, and Motorola for the first planning session on how to make it happen. There's already speculation that Google is working on a 3-D social networking environment incorporating Google Earth and Google Maps." Virtual Worlds News has up a copy of the joint press release.

Submission + - Microsoft Does 180 on URI Protocol Handing Flaw (technet.com)

Submitted by a-twitter on Thursday October 11, 2007 @10:03AM

a-twitter writes: After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue.

Fill Out CAPTCHAs, Digitize Books At The Same Time 121

Posted by Zonk on Thursday May 24, 2007 @07:15PM from the i-would-like-to-subscribe-to-your-newsletter dept.

alphadogg wrote with a link to a Networld article about a noble endeavor: putting CAPTCHAs to work for the good of humanity. A scientist at Carnegie Mellon is looking to create a new type of security check that will assist in a project meant to digitize and make searchable text from books and printed materials. Above and beyond that, the offering would probably be more secure than most current systems. "Instead of requiring visitors to retype random numbers and letters, they would retype text that otherwise is difficult for the optical character recognition systems to decipher when being used to digitize books and other printed materials. The translated text would then go toward the digitization of the printed material on behalf of the Internet Archive project."

Bye Bye Spam and Phishing with DKIM? 134

Posted by Zonk on Thursday May 24, 2007 @06:35PM from the teflon-for-your-mailbox dept.

ppadala writes "While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"

Comment Re:It's all fun and games until someone gets hurt (Score 1) 215

by gondaba on Tuesday October 03, 2006 @04:03PM (#16296745) Attached to: Firefox Zero-Day Code Execution Hoax?

here's the abstract from their talk, taken from the ToorCon (http://www.toorcon) site

Lovin the LOLs, LOL is my will

MAYBE NONE OF, PROBABLY ALL OF, AND DEFINITELY MORE THAN:

New ways of getting your load onto your quivering victim's stack
Reaching into the hearts and minds (also the genitals) of users.
Firefox re-entrant threading lols
Patching BIOS for kernel-patching rootkit memory injections
Aggresive AIM attacks and escapades
Internet hilarity, sexual innuendo, LOLDONGS

Slashdot Top Deals