holdenkarau - Slashdot User

Submission + - Google's 2nd Android Developer Contest kicksoff 1

Submitted by coffeeisclassy on Tuesday August 04, 2009 @08:44PM

coffeeisclassy writes: Google's second Android Developer Contest (ADC2) has started, despite some confusion around how to submit applications. The prizes are different from the first ADC, with each category having prizes of 100k, 50k, and 25k and an overall best of 150k,50k and 25k, meaning the best Android application from ADC2 is eligible for ~250k. The rules seem to allow any application never published before August 1st to compete and is open through the end of August (so break out your keyboards!). The top prizes are certainly less than that of first ADC, but with the prizes broken down by category Google may be hoping to inspire some love for less popular categories. While some other developers are waiting to find out to submit, one developer has moved ahead and released one of there entires Pigs Can Fly Site Monitor (also on Google Market for those with Androids). So if you've been waiting for an excuse to start a new side-project, here you have it :)

Submission + - Your browser history is showing

Submitted by tiffanydanica on Wednesday July 01, 2009 @11:22PM

tiffanydanica writes: For a lot of us our browser history is something we consider private, or at least not something we want to expose to every website we visit.Web2.0collage is showing just how easy it is (with code!)for sites to determine what sites you visit. When you visit the site it sniffs your browser history, and creates a collage of the (safe for work) sites that you visit. It is an interesting application of potentially scary technology (imagine a job application site using this to screen candidates). You can jump right into having your history sniffed if you so desire. While the collages are cool on their own merit, they also serve as an illustration of the privacy implications of browser history sniffing.

Submission + - UK Compulsory ID Plan "Shelved"

Submitted by e9th on Tuesday June 30, 2009 @09:01PM

e9th writes: Despite a bump or two along the way, it seemed that compulsory ID cards were a done deal in the UK. Now the Financial Times is reporting that the scheme has been shelved.

Unfortunately, it seems that this was more a matter of convenience than of concern for citizens' privacy.

Submission + - Iranian protestors using TOR, revitalize project (washingtontimes.com) 1

Submitted by

Death Metal

on Sunday June 28, 2009 @08:49PM

Death Metal writes: "Iranians seeking to share videos and other eyewitness accounts of the demonstrations that have roiled their country since disputed elections two weeks ago are using an Internet encryption program originally developed by and for the U.S. Navy.

Designed a decade ago to secure Internet communications between U.S. ships at sea, The Onion Router, or TOR, has become one of the most important proxies in Iran for gaining access to Web sites such as Twitter, YouTube and Facebook."

Submission + - Yahoo! exposes auth info via man-in-the-middle

Submitted by tiffanydanica on Friday November 21, 2008 @05:22PM

tiffanydanica writes: For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface.

Submission + - Tapping the iPhone, brought to you by Yahoo!

Submitted by tdalek on Wednesday October 08, 2008 @06:59PM

tdalek writes: You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more that other Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead.

Submission + - Yahoo! exposes user passwords (uwaterloo.ca) 3

Submitted by kingofthehobos on Monday September 29, 2008 @11:00PM

kingofthehobos writes: In a move hearkening back to the days of telnet, Yahoo!'s newest addition to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. Both CNET news & Wired's Webmonkey are reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop getting them to switch back to the web interface and change there password (until the issues are fixed) would be ++good.

Comment Re:Not significant? (Score 2, Insightful) 66

by holdenkarau on Saturday September 27, 2008 @05:23PM (#25177717) Attached to: Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info

I haven't looked carefully at the rest of the platforms that Yahoo provides, but I believe that at least Yahoo Messenger (when connecting with Pidgin anyway) also sends the same auth credentials in plain text. Not that the overall problem is insignificant (*any* time auth credentials are sent, in any context, they should be encrypted), but worrying only about IMAP is naive in this case. (What about POP? What about all the Y! web platforms?)

Yahoo! POP is SSL encrypted (and only available to pro acount users in any case). Part of the worry for me is Yahoo! doesn't disclose that the connection is unencrypted in the default program, and there is no way to get it to use encryption (the server doesn't even support encryption). As far as other Yahoo! properties I have no idea.

Submission + - Security flaw in Yahoo mail exposes plaintext auth

Submitted by

holdenkarau

on Saturday September 27, 2008 @01:04AM

holdenkarau writes: "Yahoo!'s acquisition of opensource mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. Ironically enough, the flaw was discovered during a Yahoo "hacku" day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent hoopla about gmail exposing the names associated with accounts, this seems down right scary. So if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the oh so retro web interface."

Submission + - Canadians get behind the OpenMoko/FreeRunner

Submitted by mario on Sunday August 24, 2008 @02:54AM

mario writes: Now that the OpenMoko platform has stabilized enough to provide the OM2008 image (supporting the three major toolkits), things are starting to heat up.Linuxdevices is reporting on the start of a port of Devicescape's connect application.Koolu (another Canadian company) is also doing development for it's W.E. phone (a branded FreeRunner). Which leads me to ask, where are the American companies?

Submission + - Gmail reveals the name of all users 2

Submitted by

ihatespam

on Wednesday July 16, 2008 @04:53PM

ihatespam writes: "Have you ever wanted to know the name of admin@gmail.com? Now you can! (its "smart ass" btw) The catch however is, that through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account your self. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."

Submission + - First North American OpenMoko/FreeRunners arrive

Submitted by

holdenkarau

on Tuesday July 15, 2008 @04:35AM

holdenkarau writes: "The North American OpenMoko FreeRunners are starting to arrive. It would appear that the OpenMoko still has problems with some 3G networks, including AT&T. Although, in my own personal completely unscientific test, 2 out 3 AT&T SIM cards worked. Check out the unboxing of a complete FreeRunner (along with debug board) and my experience getting the FreeRunner up and running.Or a direct link to the pictures for those of you bored with text. If you feel brave enough to take the plunge, you can buy your own FreeRunner from the OpenMoko store."

Designing Software With Privacy in Mind 77

Posted by Zonk on Sunday October 07, 2007 @06:02AM from the should-be-high-on-the-list dept.

dalektcalum writes "Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts off by covering the basics of privacy, and privacy law, and then moves onto the important component: how to design software that properly protects users privacy. The majority of the talk is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)." The site includes a flash video of the talk, but there are also several torrents for folks who want to avoid hammering their servers.

Submission + - Designing software with Privacy in mind 6

Submitted by dalektcalum on Saturday October 06, 2007 @07:06PM

dalektcalum writes: Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts of by covering the basics of privacy, and privacy law, and then moves onto the important component, how to design software that properly protects users privacy. The majourity of the time is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography).

Submission + - The future of C++ as seen by its creator

Submitted by

holden

on Monday August 13, 2007 @03:45AM

holden writes: "In a rare public talk, C++ creator Dr. Bjarne Stroustrup discusses his ideal in programming languages, as well how he sees the next version (and beyond) of C++ developing. He explains the general selection criteria used for adding new features, some of the legacy of C++, and many other interesting topics. Especially interesting is during the Q&A he explains his views of the embrace and extend mentality some implementations, such as VC++, have taken. The talk is available as an xvid avi, mpg, and other formats."

Slashdot Top Deals