Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Only as secure as the gate-keeper. (Score 1) 280

This isn't really a browser issue.

The browser is going "Show me that this cert is valid for" and the CA is going "Here it is, for" , at least as far as the browser is concerned.
  This is no more a flaw then if the CA just started letting anyone buy certs for

Having multiple CAs (and cheap CAs) is a good thing, but we're only ever secure with ssl as the least secure CA.

As far as I understand, it's more like:

* Browser gets cert for\ from the server

* Browser reads domain from cert, but does so invalidly, and only gets

* etc


New Click-Fraud Attack Is Stealthiest Yet 99

An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher "...converts every search a victim makes through, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from (and with in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay." If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.

Comment Re:Well that's just fantastic (Score 1) 150

But when are they going to patch these security flaws on my 2.1 ipod? Paying for an update is ridiculous, especially when it fixes critical security flaws. I sure hope apple does the right thing.

Sure, paying for a security update alone is a bit strange, but really — it's only $10 and gives you so much more. Besides, it's not like your iPod has been taken over by viruses due to the bugs.


EU Data-Retention Laws Stricter Than Many People Realized 263

An anonymous reader writes with a snippet from the Telegraph: "A European Union directive, which Britain was instrumental in devising, comes into force which will require all internet service providers to retain information on email traffic, visits to web sites and telephone calls made over the internet, for 12 months."

Comment Re:I wonder what really got fixed... (Score 1) 129

The question is: why is Apple so quiet about rolling this update out and what it fixes, and since when does a minor Safari update require a reboot?!!

I'm not sure (lousy memory etc), but I believe (some) previous Safari updates have required a reboot too. It might have something to do with the Webkit engine being used by apps other than Safari


IE8 Breaking Microsoft's Web Standards Promise? 329

An anonymous reader points out a story in The Register by Opera Software CTO Hakon Lie which tells the story of how Microsoft's interoperability promise for IE8 seems to have been broken in less than six months. Quoting: "In March, Microsoft announced that their upcoming Internet Explorer 8 would: use its most standards compliant mode, IE8 Standards, as the default. Note the last word: default. Microsoft argued that, in light of their newly published interoperability principles, it was the right thing to do. This declaration heralded an about-face and was widely praised by the web standards community; people were stunned and delighted by Microsoft's promise. This week, the promise was broken."
It's funny.  Laugh.

Chinese Restaurant Suffers Large Translation Error 364

linuxwrangler writes "Preparing for English-speaking visitors, a restaurant in China recently ran its name through an online translator, took the result, then purchased and mounted a large sign displaying the English version of their name: Translate Server Error." This one has been around for a couple of weeks but it's destined to become a classic.

FSF's "Defective By Design" Targets Apple Genius Bars 838

mjasay writes "At OSCON this year, MySQL's Brian Aker made this bold statement: 'Microsoft is irrelevant ... We're more worried about Apple.' The Free Software Foundation appears to have caught the hint, and has turned its attention to all-things-Apple with a 'denial of service' attack on the Apple Genius Bars. The idea is to completely book all Genius Bars and then ask the 'geniuses,' over and over again, a few questions about Apple's proprietary ways (while, apparently, real customers with support issues are left to flounder). Lost in this anti-Apple fervor, however, is the Free Software Foundation's complete and conscious failure to protect the web. Richard Stallman has long felt that software that doesn't sit on his desktop doesn't affect his freedom, but isn't the opposite true? Why is the FSF focused on Apple when the bigger concern should be Google, Yahoo!, Amazon, and other web players, a point made by Tim O'Reilly recently at OSCON?" Defective by Design is just one of many FSF projects, remember; it hardly seems fair to say that the FSF has been ignoring the implications of software as a service.

Slashdot Top Deals

The disks are getting full; purge a file today.