Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Tortious interference (Score 3, Interesting) 407

If, as the summary and the ZDNet article states*, the school administration asked for her password, they may have engaged in tortious interference -- interfering with a contract between two other parties (the teacher and Facebook).

The Facebook Facebook terms of use, section 4.8) says

You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

* (According to an earlier comment, that is not true, the administration asked only to view her pages.)

Comment All the more reason to use a VPN (Score 2) 122

If you use a VPN, you should be protected from "local" man-in-the-middle (MITM) attacks. By "local", I mean between your computer and the VPN server. A VPN doesn't protect you from a MITM attack between the VPN server and the webserver you are connecting to. But it does protect you to the VPN server if you are at an Internet cafe, hotel, or other untrusted network.

At least that's true for most VPNs that use software based on OpenVPN, which uses OpenSSL for encryption. A copy of an email from James Yonan was recently posted to the OpenVPN User's list. Bottom line of the email: OpenVPN uses OpenSSL for encryption, and OpenSSL has been patched since 2002 for the vulnerability which most people think is exploited by BEAST. As long as your VPN software uses a patched version of OpenSSL you should be covered, at least for the "local" MITM attack.

For example, VPNs based on Tunnelblick, a free and open source GUI for OpenVPN on Mac OS X is not vulnerable.

Submission + - .mac update shows danger of Software as a Service ( 1

jkbull writes: Apple recently updated its .mac service [] to accommodate upcoming Mac OS X Leopard's ability to sync additional items.

As part of the update, Apple changed the OS version requirements, removing (among other things) the existing ability to sync between systems running Mac OS 10.3 and 10.4.

If you have an older laptop running 10.3, and you used to be able to sync its calendar with your desktop running 10.4, you can't do it any more — even if you paid $99 last week for "full access to everything .Mac has to offer." Your $99 was wasted unless you upgrade your laptop's OS. (Oh, and you may not be able to upgrade it even if you are willing to pay — your older laptop may not meet Leopard's system requirements.)

Perhaps lawsuits are on the way (promising something then taking it away might be considered false advertising), but in the meantime, you can't sync your calendars.

Slashdot Top Deals

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde