Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Backdoor in PGP Whole Disk Encryption (blogspot.com) 1

A non-mouse Coward writes: PGP Corp's Whole Disk Encryption suite has an intentional backdoor accessible via the command line, whereby administrators or any user who knows the passphrase for a volume key can disable the boot-up passphrase prompt altogether. Apparently this "feature" is not documented in any way beyond the enterprise customer support pages and is kept secret for only those organizations needing an automated reboot process that won't hang on the boot guard screen. Even running the typical " — help" switch to the command line yields no knowledge of its existence. What's worse, that PGP Corp built this intentional backdoor feature, or that they barely documented it, keeping it quiet from their customers who want the highest amount of security for their laptops?

Submission + - Virgin's demise: illustrating the problem with DRM (bbc.co.uk)

Anonymous Brave Guy writes: The BBC have an interesting article up today about the demise of Virgin Digital, which has offered music on a monthly subscription system, and how this is leaving their customers in a jam because they signed up to a DRM-based subscription service. This is no doubt not a new concern to many here, but it's the second real-life example of such a service folding within a matter of weeks, and interesting that a well-regarded mainstream news source is now openly condemning DRM and vendor lock-in, and advising people to avoid such services.
Wireless Networking

Submission + - SFLC Completes Review of Linux Wireless Code (softwarefreedom.org)

redbeard55 writes: The Software Freedom Law Center (SFLC) today announced that it has carefully reviewed the lineage of the open source Atheros wireless driver for Linux and determined which portions can be distributed under the ISC license (also known as the 2-clause BSD license).

The two general papers, as well as a detailed document explaining SFLC's review of the Linux Wireless team's ath5k driver, are available at http://www.softwarefreedom.org/resources/

Ultimately, all the copyright holders of the Linux ath5k-driver code, derived from ar5k, have been contacted and have agreed to license their changes under the ISC license, thus allowing improvements to be re-incorporated into OpenBSD. One of the three historical branches of the code reviewed by SFLC, however, included portions that are only licensed under the GPL, and SFLC has determined that it would be very difficult to re-incorporate that code into OpenBSD.

"We're pleased to help bring clarity to the Linux Wireless Developers as they work towards inclusion of their code in the Linux kernel," said Karen Sandler, SFLC Counsel.
. . .

User Journal

Journal Journal: John Ratzinger on Protectionism 9

The star of the Travel Channel's "Made In America", more widely known as Cliff Clavin from Cheers, has sponsored on his own dime a series of town hall meetings on outsourcing manufacturing to China. He's invited the presidential candidates from both parties- "to get this issue on their radar". In response to the charge that to be against globalism is protectionist, he had this to say:

Submission + - Gmail backdoor vulnerability (theregister.co.uk)

castrox writes: From the article on The Register:

The technique comes courtesy of Petko D. Petkov, a researcher at GNU Citizen, who writes in a blog post that the backdoor is installed simply by luring a victim to a specially crafted website while logged in to Gmail. The naughty site uses a slight of hand known as a multipart/form-data POST, which writes a filter to Gmail that causes all email with attachments to be forwarded to collect@evil.com.
Looks like a nasty "POST injection" from a malicious site you're visiting while logged into Gmail is all it takes to alter your Gmail settings. Apparently, Google is investigating and has no further comments at this time.

Slashdot Top Deals

Riches cover a multitude of woes. -- Menander