syncro writes "The recent massive, multi-vendor DNS patch advisory related to DNS cache poisoning vulnerability, discovered by Dan Kaminsky, has made headline news. However, the secretive preparation prior to the July 8th announcement and hype around a promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference has generated a fair amount of backlash and skepticism among hackers and the security research community. In a post on CircleID, Paul Vixie offers his usual straightforward response to these allegations. The conclusion: 'Please do the following. First, take the advisory seriously — we're not just a bunch of n00b alarmists, if we tell you your DNS house is on fire, and we hand you a fire hose, take it. Second, take Secure DNS seriously, even though there are intractable problems in its business and governance model — deploy it locally and push on your vendors for the tools and services you need. Third, stop complaining, we've all got a lot of work to do by August 7 and it's a little silly to spend any time arguing when we need to be patching.'"

An anonymous reader notes a recent post on the SANS Institute's Internet Storm Center site estimating the time to infection of an unpatched Windows machine on the Internet — currently about 4 minutes. The researcher stipulated that the sub-5-minute estimate was valid for an unpatched machine in an ISP netblock with no NAT or firewall. The researcher, Lorna Hutcheson, called for others to post data on time-to-infection, and honeypot researchers in Germany did so the same day. They found longer times to infection, an average of 16 hours. Concludes the ISC's Hutchinson: "While the survival time varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn't bet on in Vegas."

Captain Kirk writes "World of Warcraft owners Blizzard have won their case against the programmer who wrote Glider, Michael Donnelly. (We discussed the case here when it was filed.) Blizzard won on two arguments: first, that if a game is loaded into RAM, that can be considered an unauthorized copy of the game and as such a breach of copyright; second, that selling Glider was interfering with Blizzard's contractual relationship with its customers. The net effect? If you buy a game, you transfer rights to the game developer that they can sue you for."

snydeq writes "Kris Kaspersky will demonstrate how attackers can target flaws in Intel microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of OS. The demo will be presented at the Hack In The Box Security Conference in Kuala Lumpur in October and will show how processor bugs can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler. The demonstrated attack will be made against fully patched computers running a range of OSes, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux, and BSD. An attack against a Mac is also a possibility."

nickull wrote in his journal that "Today Adobe systems made an announcement that it has provided technology and information to Google and Yahoo! to help the two search engine rivals index Shockwave Flash (SWF) file formats. According to the company, this will provide more relevant search rankings of the millions pieces of Flash content. Until now, developers had to implement workarounds for exposing text content used in Flash to search-engine spiders and other bots such as using XHTML data providers. While the Flash content is exposed, it is not yet clear how it will be utilized by the search engines, as they have not revealed their algorithms. The SWF specification is openly published."

ya really notes a blog posting up at Wired reporting that foes of the Telecom Amnesty Bill have mounted a campaign on Barack Obama's own website. Though the group was created only days ago, on June 25, it has grown to be the fifth largest among 7,000 such groups, just short of Women for Obama. Although it is widely known that Obama changed his stance from opposing telecom immunity to supporting it, many have not given up hope of getting him to switch once again. Meanwhile, left-leaning bloggers and libertarian activists have joined forces to raise $325,000 in the fight against the legislation. "Their Blue America PAC is already targeting House Democrats who voted for the bill, including placing a full-page ad in the Washington Post [an image appears in the Wired story] slamming House Majority Leader Steny Hoyer, who claimed credit for creating the so-called compromise bill. The coalition plans to follow-up with a Ron Paul-style money bomb, which will be used to target key Senators..."

Chip Zoller writes "This community took note when the International Music Score Library Project shut down last October, and when Project Gutenberg stepped in to help three days later. I would like to alert you all that our site, IMSLP, has re-opened to the public for good after a 10-month hiatus. All the news updates in the interim can be found linked to the main page. We take great pride in re-opening as it demonstrates our willpower to make the masterpieces of history free to the world; and moreover to make manifest that we will not be bullied by publishers sporting outrageous claims of copyright in a country where they clearly are expired."

An anonymous reader writes "Just a week after Mozilla shipped Firefox 3.0, the open-source developer has proposed ship dates for the next version that, if approved, would produce an alpha release next month and a final no later than early 2009. According to a draft schedule discussed at a recent meeting, Mozilla wants to have the first Firefox 3.1 developer preview ready by July, then move to a beta by August. The schedule slates final code delivery in the last quarter of this year or the first quarter of 2009. A month ago, when Mozilla first started discussing Firefox 3.1 internally, Mike Schroepfer, the company's vice president of engineering, said the upgrade's target ship date was the end of 2008. If Mozilla holds to that plan, Firefox 3.1 would be its first fast-track update. Firefox 3.0, for instance, launched approximately 20 months after its predecessor, Firefox 2.0."

Coach Wei writes "An industry wishlist for future browsers has been collected and developed by OpenAjax Alliance. Using wiki as an open collaboration tool, the feature list now lists 37 separate feature requests, covering a wide range of technology areas, such as security, Comet, multimedia, CSS, interactivity, and performance. The goal is to inform the browser vendors about what the Ajax developer community feels are most important for the next round of browsers (i.e., FF4, IE9, Safari4, and Opera10) and to provide supplemental details relative to the feature requests. Currently, the top three voted features are: 2D Drawing/Vector Graphics, The Two HTTP Connection Limit Issue, and HTML DOM Operation Performance In General . OpenAjax Alliance is calling for everyone to vote for his/her favorite features. The alliance also strongly encourages people to comment on the wiki pages for each of the existing features and to add any important new features that are not yet on the list."

stoolpigeon writes "It seems that it wasn't long ago that Google was just a search company. The number of on-line products that fly under the Google moniker, today, is impressive. Google has moved well beyond its office-suite-like applications and excelled with everything from mapping to blogging to 3-D drawing. Google Apps Hacks is a new book from O'Reilly, published in conjunction with their Make magazine. This volume presents the reader with 141 hacks in an attempt to get the most out of a wide array of Google's on-line applications. The result is a quick ride that is rather fun — and while a bit shallow at times, it provides a great overview of just how much is available out there." Read below for the rest of JR's review.

mattnyc99 writes "The FBI has confirmed to Popular Mechanics that it's not only adding palm prints to its criminal records, but preparing to balloon its repository of photos, which an agency official says 'could be the basis for our facial recognition.' It's all part of a new biometric software system that could store millions of iris scans within 10 years and has privacy advocates crying foul. Quoting: 'The FBI's Next Generation Identification (NGI) system, which could cost as much as $1 billion over its 10-year life cycle, will create an unprecedented database of biometric markers, such as facial images and iris scans. For criminal investigators, NGI could be as useful as DNA some day — a distinctive scar or a lopsided jaw line could mean the difference between a cold case and closed one. And for privacy watchdogs, it's a dual threat — seen as a step toward a police state, and a gold mine of personal data waiting to be plundered by cybercriminals.'"

An anonymous reader writes "Currently, I'm running an old 4u Linux server for my private backup and storage needs. I could add new drives, but it's just way too bulky (and only IDE). For the sake of size and power efficiency I think about replacing it with a NAS solution, but cannot decide which one to get. The only requirements I have are capacity (>1.5TB) and RAID5. Samba/FTP/USB is enough. Since manufacturers always claim their system to be the best, I'd like to hear some suggestions from you Slashdot readers."

Hyrum writes "The Subversion team is proud to announce the release of Subversion 1.5.0, a popular open source version control system. The first new feature release of Subversion in almost 2 years, 1.5.0 contains a number of new improvements and features. A detailed list of changes can be found in the release notes. Among the major new features included in this release is merge tracking—Subversion now keeps track of what changes have been merged where. Source code is available immediately, with various other packages available soon."

An anonymous reader writes "This just in: a new 'compromise' FISA Bill (PDF) was just made public, which, the Electronic Frontier Foundation reports, 'contains blanket immunity for telecoms that helped the NSA break the law and spy on millions of ordinary Americans.' The House vote is tomorrow, June 20. After all the secret rooms and everything ... if they get immunity and the public never finds out what happened, the only other logical next step is to convince everyone I know not to get an iPhone." CNN covers this get-out-of-lawsuit play as well.