Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Microsoft attempts to censure bing vulnerability

An anonymous reader writes: Microsoft's bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft style, Microsoft responded to the author of the breaking bing cashback with a cease & desist letter, rather than fixing the security problems. It is possible for a malicous user to create fake bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving there cash-back from bing. The original post is currently available in bing's cahce (although perhaps not for long). But no worries, the author makes it clear that the exploit should be painfully obvious to anyone that reads the bing cashback sdk.
Google

Submission + - Google's 2nd Android Developer Contest kicksoff 1

coffeeisclassy writes: Google's second Android Developer Contest (ADC2) has started, despite some confusion around how to submit applications. The prizes are different from the first ADC, with each category having prizes of 100k, 50k, and 25k and an overall best of 150k,50k and 25k, meaning the best Android application from ADC2 is eligible for ~250k. The rules seem to allow any application never published before August 1st to compete and is open through the end of August (so break out your keyboards!). The top prizes are certainly less than that of first ADC, but with the prizes broken down by category Google may be hoping to inspire some love for less popular categories. While some other developers are waiting to find out to submit, one developer has moved ahead and released one of there entires Pigs Can Fly Site Monitor (also on Google Market for those with Androids). So if you've been waiting for an excuse to start a new side-project, here you have it :)
Cellphones

Submission + - Devicescape supports Starbucks with OpenMoko

An anonymous reader writes: The OpenMoko is getting some much needed love with Devicescape's port to the FreeRunner adding support for logins to Starbucks. With the ongoing port of Android to the FreeRunner some questions remain as to the long term viability of the freesmartphone architecture. (fittingly the captcha for the submission was muffin, similar to cupcake)
Security

Submission + - Yahoo! exposes auth info via man-in-the-middle

tiffanydanica writes: For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface.
Yahoo!

Submission + - Security flaw in Yahoo mail exposes auth info

tdalek writes: After patching its plaintext authentication gaffe, Yahoo! Zimbra Desktop has fumbled the security and privacy ball once again. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed.
Security

Submission + - Yahoo! Zimbra Desktop vulnerable to MiTM

holdenkarau writes: "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
Security

Submission + - iPhone exposes emails in plaintext for Yahoo users 1

holdenkarau writes: "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing usernames & passwords. It turns out that more than just Yahoo! Zimbra Desktop is affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames & passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), you might want to look at forwarding it somewhere else for the time being, and using that account instead."
Privacy

Submission + - Yahoo! exposes user passwords (uwaterloo.ca) 3

kingofthehobos writes: In a move hearkening back to the days of telnet, Yahoo!'s newest addition to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. Both CNET news & Wired's Webmonkey are reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop getting them to switch back to the web interface and change there password (until the issues are fixed) would be ++good.
Security

Submission + - How secure is our software?

alphabetasigmagamma writes: Is it reasonable to expect that sensitive information should be encrypted before sent across the internet? Recent news, such as the security breach discovered in Yahoo desktop's mail software, as reported by CNET and Wired's Webmonkey has made many people wonder how safe their personal information is, when being sent through third party applications. In the case of Yahoo, personal information, such as passwords were sent in clear text across the wire, exposing users to possible security breaches. Can we trust our sensitive information in a software ecosystem that encompasses hundreds of pieces of software that interact with the internet everyday?
Security

Submission + - Security flaw in Yahoo mail exposes plaintext auth

holdenkarau writes: "Yahoo!'s acquisition of opensource mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. Ironically enough, the flaw was discovered during a Yahoo "hacku" day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent hoopla about gmail exposing the names associated with accounts, this seems down right scary. So if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the oh so retro web interface."
Linux Business

Submission + - Firms start developing for the OpenMoko/FreeRunner

Anonymous Coward writes: "Now that the OpenMoko platform has stabilized enough to provide a usable development image, things are starting to heat up. The freedom of the OpenMoko platform certainly seems to be working, developers are getting behind the OpenMoko in a big way. Linuxdevices&Linux.com are both reporting on the start of a port of Devicescape's connect application. Koolu is also doing development for it's W.E. phone (a branded FreeRunner). Hopefully, without the restrictiveness of cell-phone carriers we can star to see some truly innovative mobile applications come forward."
Cellphones

Submission + - Firms start developing for the OpenMoko/FreeRunner 1

An anonymous reader writes: Now that the OpenMoko platform has stabilized enough to provide a usable development image, things are starting to heat up. The freedom of the OpenMoko platform certainly seems to be working, developers are getting behind the OpenMoko in a big way. Linuxdevices is reporting on the start of a port of Devicescape's connect application.Koolu (another Canadian company) is also doing development for it's W.E. phone (a branded FreeRunner). Hopefully, without the restrictiveness of cell-phone carriers we can star to see some truly innovative mobile applications come forward.
Portables

Submission + - Commercial applications come to the OpenMoko 1

spamcakes writes: "The development of the first commercial application for the OpenMoko is apparently getting underway. Devicescape, which makes a program for automatic Wi-Fi logins to networks like Starbucks, is going to be getting on the OpenMoko bandwagon. Are more commercial applications going to move to the OpenMoko platform because of its open platform? Is the restrictiveness of other platforms help push applications to the OpenMoko?"
Cellphones

Submission + - Canadian spectrum auction ends with new carrier

vivalarevoluation writes: "The Canadian Wireless spectrum auction has just finished, with a entrant into the Canadian cellular market. Globalive Communications won spectrum accross all provinces, with the notable exception of Quebec, and they have issued plans for the development of a new Canadian wireless company. There press release cites a study showing that Canadian prices are about 60% higher than American prices, and I'm sure some of you will Canada being the second most expensive place to buy an iphone :~ Oddly enough, it would appear that one of the investors (Orascom) in this may be behind a large North Korean construction project. Canada's Wireless industry has always been a little odd, but I'm guessing things are about to get a lot more interesting (and hopefully less expensive :))."
Privacy

Submission + - Gaping whole in gmail / google calendar user priva 6

holdenkarau writes: "Depending on your view gmail has either a rather small or incredibly huge privacy flaw.This blog post about gmail's privacy flaw goes through the reproduction steps which can be used to get the registration name (first & last) of any gmail user (regardless of if they have Google Calendar's or not). For the majority of users, this probably isn't that important, but I know quite a few people who prefer to keep there online and personal lives seperated (and I'm guessing there are some slashdotters who also enjoy the separation)."

Slashdot Top Deals

"Paul Lynde to block..." -- a contestant on "Hollywood Squares"

Working...