Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Zero-Day Flaw in TLS and SSL (zdnet.co.uk)

FalleStar writes: "Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for web transactions.

The flaw in the TLS authentication process allows an outsider to hijack a legitimate user's browser session and successfully impersonate the user, the researchers said in a technical paper.

The fault lies in an "authentication gap" in TLS, Ray and Dispensa said. During the cryptographic authentication process, in which a series of electronic handshakes take place between the client and server, there is a loss of continuity in the authentication of the server to the client. This gives an attacker an opening to hijack the data stream, they said."

Submission + - Microsoft threatens exposer of bing-cashback flaw

An anonymous reader writes: Bountii.com recently posted information on a flaw in bing's cash-back system. It is trivial for individuals to fake cash-back requests to bing. A further concern is that these illegitimate cash-back requests can block out legitimate ones in the future as each order ID is tied to a maximum of one-cash back request, and with sequential order IDs it would be easy to claim all future orders. Rather than do the reasonable thing, of fixing the security flaw, Microsoft fired back with a nasty gram from its lawyers, demanding that bountii remove the information. And while bountii has complied with Microsoft's request, the flaw is should be readily apparent to anyone reading the bing cashback sdk. Perhaps one day Microsoft will learn that the approriate response to security issues isn't lawyers and threats, its programmers and patches.

Submission + - IPhone now plays DOOM! (gizmodo.com)

anglico writes: id's classic shooter has finally been (officially) ported to the iPhone. And thanks to oversight from John Carmack himself, there are a number of improvements that make it worth a purchase even for Jailbreakers. Carmack says he loves that players port Doom to every device imaginable, but he's disappointed that there's rarely any real effort to build a new, functional control scheme on platforms without a keyboard and mouse.That's why he personally developed the controls for the iPhone version, and according to early reviews, the iPhone can now play Doom. Users are saying controls as good as you would expect from Carmack. Not to mention the other enhancements like 24-bit lighting.

Submission + - Europe Launches Flood Predicting Satellite (inhabitat.com)

MikeChino writes: Today the European Space Agency launched a $460 million satellite that will aim to accurately pinpoint the future location and intensity of floods and droughts. Launched on a Russian rocket launcher from the Plesestk cosmodrome, the SMOS probe will measure soil moisture, plant growth, and ocean salt levels across the globe. The measurements gathered by the SMOS probe can be used to track ocean circulation patterns and soil moisture — data that can be used to quickly predict drought and flood risk in certain areas, as well as the intricacies of the planet’s climate cycle.

Submission + - Replacement for Ghost? (symantec.com) 1

westtxfun writes: I've used Norton/Symantec Ghost for many years and it's a fantastic tool to replicate drives for multiple OS and file systems to maintain the computer labs on campus. However, I'm interested in a lower/no cost alternative. (Open source, commercial, and other software welcome.)

At a minimum, we're looking for a system that would efficiently duplicate drives, disks, or partitions from an image stored on a server with multicast or the equivalent. Bonus points if a system can do incremental changes, image compression (network efficiency), and boot disk (USB, too) generators.

Windows is our primary OS, so we use a Windows server for file storage, but we could use a Linux (Red Hat, Fedora or Ubuntu) server as the master/controller server. The images would be of Windows or Linux OS and file systems, though Mac isn't completely out of the question. The hardware would be fairly recent (mostly Dell) computers and network cards.

Given these conditions, what software would you recommend? (Advice from users under actual support conditions is most welcome!)


Submission + - Intel Finally Does Right by Ajay Bhatt

theodp writes: Remember that Intel 'Rock Star' ad featuring the co-creator of USB, Ajay Bhatt? As you may recall, the Ajay Bhatt in those commercials was actually an actor. At the time, an Intel press release explained that 'several of the engineers we're personifying confided that acting isn't within their comfort zone.' Conan O'Brien sits down and finally sets the record straight with the actual Ajay, picks his brain about tech, and has the real-deal Bhatt star in a remake of the commercial that outshines the original (remake starts with :48 remaining).

Submission + - Carbon Capture Works at Wisconsin Coal Plant

pickens writes: Hugh Pickens writes:

Thomas Content writes in the Milwauke Journal Sentinel that a coal-fired power plant in southeastern Wisconsin has been successful in grabbing 90% of greenhouse gas using chilled ammonia to capture carbon dioxide from the smokestack. The technology is one of several being tested by utilities that are seeking to ways to continue burning coal from their existing fleet of coal plants even if the United States embarks on a national plan to slash emissions of greenhouse gases. "One of the biggest challenges facing our industry is the development of cost effective technology that will allow us to capture carbon from the operation of power plants around the world," says Gale Klappa, chairman and chief executive of We Energies. The next phase of testing at the Mountaineer power plant in West Virginia will go one step further by testing not only the capture but the sequestration of the carbon dioxide where the gas will be compressed, pipelined, and injected into two different saline reservoirs located approximately 8,000 feet beneath the plant site. The experiment, which the company says could begin in the next few days, is riveting the world's coal-fired electricity sector, which is under growing pressure to develop technology to capture and store carbon dioxide. The technology is certain to devour a substantial amount of the plant's energy output — optimists say 15 percent, and skeptics, 30 percent leaving less electricity available to send out to the power grid and utility customers. "Key questions around energy consumption — a key driver of cost — and other important technical issues will be addressed as larger-scale demonstrations work to fully optimize the technology."

Submission + - The Best Way To Inform Owners Of Hacked Sites?

UnmaskParasites writes: "I'm an independent security researcher. Every time when I investigate hacker attacks I see thousands of compromised websites. While I can't contact every single site owner and tell them about the problem, I usually try to let the owners of larger sites (their problems affect more people) know that they have security issues. I send them brief descriptions of the problems via email or their contact forms. Unfortunately, the prevailing reaction is lack of any response (and websites remain hacked). I have slightly better results when I publish attack reviews on my blog and then refer to the blog posts when I contact owners of compromised sites. However the success rate is still below 20%, which makes me think that security is not a priority for site owners and I'm wasting my time trying to help them.

Here is a rather amusing (and at the same time sad) illustration of the issue. Site of Software & Information Industry Association (SIIA) offers up to $1 million for piracy reports. This site is hacked. Most of its pages contain cloaked spam links that promote online stores that sell pirated software. I emailed them and described the problem. I created a blogpost with screenshots illustrating the problem and referred to it in my report. SIIA didn't bother to respond, and one week later their site still promotes pirates (they are probably too busy fighting with other pirates?)

I need your advice. What is the most effective way to inform site owners about security problems and have them resolve the issues?

* Should I go on trying to contact owners of compromised sites?
* Should I just report the sites? E.g. report them to Google as malicious or spammy, and let Google punish them (blacklist or remove from search index). I still prefer to give site owners a chance though.
* Should I try to give them some "bad publicity" if they fail to respond to friendly notifications? Is it acceptable? (I wonder if SIIA clean up their site if this question is published on Slashdot?)
* Should I just ignore them (since it's not my own problem) and hope that they'll eventually resolve issues?
* What else can you suggest?"

Submission + - Student Faces Prison for Disrupting Oil Auctions

pickens writes: Hugh Pickens writes:

The NY Times reports that last December Tim DeChristopher went to a federal auction of oil and gas leases offered in the Bush administration's closing days and even then the subject of protests and lawsuits — and bid on contracts that he had neither the money nor intent to actually fulfill. "My intention was to cause as much of a disruption to the auction as I could," says DeChristopher, a 27-year-old student at the University of Utah. "Making that decision — that keeping the oil in the ground was worth going to prison — that was the decision I made." DeChristopher is now charged with two felony counts of interfering with an auction and making false statements on bidding forms even as most of the specific leases DeChristopher protested — many of them near national parks or monuments — have not only been deferred or taken off the table by federal land managers in the Obama administration but also scathingly disavowed. "There was a headlong rush to leasing in the prior administration that led to the kinds of shortcuts we have demonstrated," says Obama's Interior Secretary Ken Salazar. DeChristopher praised Salazar's decision, saying it represents government taking a "serious stance in the defense of our land and climate." Federal prosecutors argue that whether DeChristopher was on some level correct in opposing the leases is irrelevant and DeChristopher now faces up to five years in prison on each of the two counts and up to $750,000 in fines. DeChristopher's attorney has asked the judge to allow a so-called necessity defense at the trial.enabling DeChristopher to argue that he faced a "choice of evils" that justified breaking the law. "Bush and the [Bureau of Land Management] should be on trial here," says DeChristopher's lawyer.

Microsoft Brings Back DRM 414

Barence writes "Microsoft yesterday unveiled its MSN Mobile Music service — and a surprise return to digital rights management (DRM). While companies such as Apple and Amazon have finally moved to music download services free of copy protection, MSN Mobile locks tracks to the mobile handset they are downloaded to. It also charges more than the other services per track, and offers no way to transfer your tracks to your new phone when you upgrade. The company's Head of Mobile UK spoke to PC Pro about the launch, but his answers are almost as baffling as the service itself. Best quote: Q: 'If I buy these songs on your service — and they're locked to my phone — what happens when I upgrade my phone in six months' time?' A: 'Well, I think you know the answer to that.'"

Submission + - Book: The Complex, an expose of scientology

An anonymous reader writes: The Complex: An Insider Exposes the Covert World of The Church of Scientology by Duignan, John published by Merlin (published in Ireland) and is isbn: 978-1-903582-848 and no amazon and your average book big supplier don't seem to be inclined to sell it because of pressure from Tom Cruise and 'Scientologists'.

The John Duignan book got a mention on a English newspaper blog i read and later on that day the blog post disappeared 'poof' — so this book from 2008 peaked my interest.

The book is rather hard to buy, but it is obtainable. A quick search in google won't sufice like it does for Harry Potter. Sorry but there's no amazon/borders link because they probably won't sell it to you. However eventually i bought it from Ireland — don't however try the isbn number because that seems to foo-bared big time.

Since i visited a few bookshops online in order to buy it — Amazon.com's and country sites shopping cart seems very old and tame considering the latter entrants to book selling on the internet.

Back to the book which is 318 pages long and details a twenty year+ stint across the world of Scientology. Mr Duignan has a family history and in style of the victim literature (examples wondering scribe blog/anja peters) details a sad family background. Mental health problems are hinted at and Mr Duignan ends up with an adopted extended family in Ireland.

These family issues and Ireland's opportunities mean the author wonders 1970's europe looking for a career without much of an education. Amateur acting for jesus was the first outlet first in then west Germany and then on us military bases. So there's a predilection to do the 'god will help me' thing.

The jesus acting thing changed into a cult and our author was then at a loose end. He did the scientology personality test, liked the pretty girl who asked him and a twenty year association was formed. This was before Hubbard died and John being poor (eg no inheritance). He was employed as an scientology employee for a while and then was poached to become a member of the sea org — the scientology organisation that when you sign up as an officer you sign a billion year contract. Pay is $5 a day for a 22 hour day, a single bunk bed and no sex life.

Germany, America, Zimbabwe (a persona non grata passport stamp), England and various countries on short stops are hinted at are all places he 'served' in various stints in roles from cooking lunch, to recruiting celebrities.

The book also has also moments of humour — the author could not see that a scientologist who started drinking at 9 am probably had a alcohol problem until a thought that happened years later. As the author wore a naval white uniform, his then comments about gay people and working in gay areas brings up the camp 70's classic somg 'ymca' to mind. Since most of the humans whom don't believe in scientology line, and are thus deemed wogs, its is amusing that in Africa he calls africans 'wogs' — (as a reviewer i intend that as not a racist comment but something of the el ron 'tech' that apparently describes most of us)

The authors driving skills under comrade el ron sound iffy too. the question posed by Tom Cruise in that video about car crashes is does the Scientology driver hit you, or do you avoid the driver with the crazy death wish in the rental car?.

I.T. wise (this is slashdot) the tale told about the attempt that scientologists made to make there own 'non wog' computers and networks is amusing for those of us here.

Eventually 'reason' caught up with the author whom was responsible for getting the funds together to pay the out of court and silent compensation claims in England, and clean up after upper management's purges so the author has some brains.

Scientology likes its purges of 'bad scientologists in management' the Author was due a senior post with the head of the living scientologist David Miscavige (who personally served Hubbard on a board ship as a child messenger). knowing what happens to 'bad scientologists' the author then decided to make an escape as apparently there are executives in scientology in the US still in scientology prison for upsetting David Miscavige's plans.

The book varies in places but its an experience. Disclaimer: i don't work for the publisher/author/zenu/etc in any form.

Submission + - Firefox Update breaks Yahoo Mail 1

An anonymous reader writes: The latest upgrade for Firefox 2 ( breaks certain sites, including Yahoo Mail (http://mail.yahoo.com). The user simply gets an error: "The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies."
This error has occurred on every machine we have allowed to update, as well as confirmed with colleagues outside our organization. While I admit that limiting access to Yahoo Mail might be considered a 'Feature' to Microsoft, in the Firefox world this is likely a bug or unintended consequence. What do you think?

Submission + - Windows Apps on Linux: WINE or commercial software 1

Technical Writing Geek writes: "I frequently run into people who would like to adopt Linux, but are dependent on Windows applications and find the open source options to be insufficient. I would really like to be able to say, "Just use WINE!" but people have indicated that it is less than optimal. A friend uses CrossOver Linux and reports far fewer problems. Should I point them to the commercial alternative, or encourage them to stick it out with the open source WINE?"

Submission + - New P2P Music sharing concept

LcdAngel writes: "A new service called Grooveshark is in beta that provides 99 cent downloads of DRM free (MP3 formatted) music and allows streaming of any song before you buy. But, then it credits back independent artists that upload their content so they can buy other tracks. Seems like an interesting idea Read CNET's review of this product."

Slashdot Top Deals

Technology is dominated by those who manage what they do not understand.