Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Hacking Email Privacy: Send an Email and Know When it was Read! (

magro writes: It's possible to send a simple email and know when and how many times it was read. This takes advantage of html email reading programs (Webmail Gmail, iPhone, Android, Outlook, etc) that allow automatic download of html rich email that contains external images. In short, if you follow the steps @ you will be able to send an email and then check private information about the recipient later.

Submission + - facebook clickjacking that still works (

magro writes: "It's still possible to visit a website and be a victim of facebook clickjacking (STEALING facebook likes) just by clicking links in a page. The malicious website may hide a very low opacity facebook button that follows the mouse when the user hovers a link. When warez hits the social networks we should expect to see this technique used in such things as huge image galleries or fake file downloads (where a lot of clicking takes place). At the end of the day, we'll have a facebook like in our account for each click we did on those websites."

Comment Re:chatroulette espionage (Score 1) 194

Yeah, that too! The problem is not capturing the streams because that can be done like you said with screen recording or even webcam recording, the most difficult part is injecting a stream as if it were your webcam and then synchronizing the streams so that when you're "nexted" you immediately find another chatroulette user so it seems transparent to the users being eavesdropped. Anyway, you're absolutely right, chatroulette is not private at all.

Comment chatroulette espionage (Score 5, Interesting) 194

You might not be aware of this but any user can collect IP addresses and record ENTIRE video footage from random chatroulette users. I explained how in my blog . Anyway the concept is really simple because an attacker can open an even number of connections to chatroulette (2,4,6,etc) and then redirect the streams to each other. Say, I open connection1 and connection2 then I capture stream from connection2 and dump it as my primary webcam to connection1 and I capture connection1 and dump it as my secondary webcam to connection2. Only a tiny bit of linux hacking is needed.

Submission + - Chatroulette espionage is possible

magro writes: chatroulette espionage is possible due to a design error of the whole concept of pairing random video streams without any verification. As such, chatroulette is prone to a man-in-the-middle attack in which there is no obvious programming flaw, but the concept itself is flawed! Hence, it’s possible to open two chatroulette connections and transparently share data between them without both peers ever knowing. The actual vulnerability relies in the fact that everything is anonymous and there's no way to verify if the video/audio/text you're seeing is actually coming from a specific computer. Thus, the only thing needed is tunneling streams! Now, this also opens the door to a much bigger problem, because it's also possible to apply this concept to thousands of computers engaging in MILLIONS of connections to chatroulette and thereby eavesdropping almost every connection going on in chatroulette.
The Internet

Time To Take the Internet Seriously 175

santosh maharshi passes along an article on Edge by David Gelernter, the man who (according to the introduction) predicted the Web and first described cloud computing; he's also a Unabomber survivor. Gelernter makes 35 predictions and assertions, some brilliant, some dubious. "6. We know that the Internet creates 'information overload,' a problem with two parts: increasing number of information sources and increasing information flow per source. The first part is harder: it's more difficult to understand five people speaking simultaneously than one person talking fast — especially if you can tell the one person to stop temporarily, or go back and repeat. Integrating multiple information sources is crucial to solving information overload. Blogs and other anthology-sites integrate information from many sources. But we won't be able to solve the overload problem until each Internet user can choose for himself what sources to integrate, and can add to this mix the most important source of all: his own personal information — his email and other messages, reminders and documents of all sorts. To accomplish this, we merely need to turn the whole Cybersphere on its side, so that time instead of space is the main axis. ... 14. The structure called a cyberstream or lifestream is better suited to the Internet than a conventional website because it shows information-in-motion, a rushing flow of fresh information instead of a stagnant pool."
The Courts

Facebook Founder Accused of Hacking Into Rivals' Email 261

An anonymous reader notes a long piece up at accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.

Submission + - New way to interact with wikipedia (mapyourinfo)

magro writes: IC21 recently launched a free product that can change the way we look at information — mapyourinfo. It's focused on data visualization and allows us to browse wikipedia with the content displayed in a mindmap! Although the technology already existed and they didn't actually bring something completely new, mapyourinfo allows browsing wikipedia and translating everything as we go, from content to search keywords. This being, we can write something in english and search chinese content which is displayed also in english. For example, you can see the slashdot wikipedia page in a mindmap, but if we were chinese, we would like to translate it to slashdot chinese or any other language!

Slashdot Top Deals

The decision doesn't have to be logical; it was unanimous.