No updates today:










>
May
    •  
    •  
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
     



     
    Users
    reade
    riko4
    NicoCanali
    reader
    irodgers
    bluronline
    chaolong34
    jtanderson
    alicia4live
    bizman
     
     slashdot.org 
     
    Last update: December 22, 2009

    +Washington Post Says Use Linux To Avoid Bank Fraud
      christian.einfeldt writes "Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD, rather than Microsoft Windows, to access their on-line banking. He tells a story of two businesses that lost $100K and $447K, respectively, when thieves — armed with malware on the company controller's PC — were able to intercept one of the controller's log-in codes, and then delay the controller from logging in. Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking." Police in Australia offer similar advice, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."Read more of this storyat Slashdot.

    +EFF Warns TI Not To Harass Calculator Hobbyists
      Ponca City, We love you writes "The EFF has warned Texas Instruments not to pursue legal threats against calculator hobbyists who perform modifications to the company's programmable graphing calculators. TI's calculators perform a 'signature check' that allows only approved operating systems to be loaded, but researchers have reverse-engineered signing keys, allowing tinkerers to install custom operating systems and unlock new functionality in the calculators' hardware. In response, TI has unleashed a torrent of demand letters claiming that the anti-circumvention provisions of the Digital Millennium Copyright Act require the hobbyists to take down commentary about and links to the keys. 'This is not about copyright infringement. This is about running your own software on your own device — a calculator you legally bought,' says EFF Civil Liberties Director Jennifer Granick. 'Yet TI still issued empty legal threats in an attempt to shut down discussion of this legitimate tinkering. Hobbyists are taking their own tools and making them better, in the best tradition of American innovation.'"Read more of this storyat Slashdot.

    +Details Emerge of 2006 Wal-Mart Hack
      plover writes "Kim Zetter of Wired documents an extensive hack of Wal-Mart that took place in 2005-2006. She goes into great detail about the investigation and what the investigators found, including that the hackers made copies of their point-of-sale source code, and that they ran l0phtCrack on a Wal-Mart server. 'Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart's initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.' Wal-mart has long since fixed the flaws that allowed the compromise, and confirmed that no customer data was lost in the hack — which is why they did not need to report the breach publicly earlier." This intrusion happened around the same time that Albert Gonzalez's gang was breaking into Marshall's and its parent company, TJX. The MO was quite similar: researching and closely targeting the point-of-sale systems in use. But the article notes that "There's no evidence Wired.com has seen linking Gonzalez to the Wal-Mart breach."Read more of this storyat Slashdot.

    +Entire.SE TLD Drops Off the Internet
      Icemaann writes "Pingdom and Network World are reporting that the SE tld dropped off the internet yesterday due to a bug in the script that generates the SE zone file. The SE tld has close to one million domains that all went down due to missing the trailing dot in the SE zone file. Some caching nameservers may still be returning invalid DNS responses for 24 hours."Read more of this storyat Slashdot.

    +Major Snow Leopard Bug Said To Delete User Data
      inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.Read more of this storyat Slashdot.

    +SSL Still Mostly Misunderstood, Even By the Pros
      An anonymous reader writes "People still don't understand SSL. This isn't much of a surprise... no one expects that grandma and grandpa know what SSL is and what it does. What is surprising and downright scary is that most IT professionals don't understand SSL, and many consider it to be the be-all, end-all of security in their organization. With all the tools out there to manipulate SSL connections, and the browser vendors unable to settle on a single method of showing if a site is secured by SSL or not, is it any wonder that no one gets it?"Read more of this storyat Slashdot.

    +Server Failure Destroys Sidekick Users' Backup Data
      Expanding on the T-Mobile data loss mentioned in an update to an earlier story, reader stigmato writes "T-Mobile's popular Sidekick brand of devices and their users are facing a data loss crisis. According to the T-Mobile community forums, Microsoft/Danger has suffered a catastrophic server failure that has resulted in the loss of all personal data not stored on the phones. They are advising users not to turn off their phones, reset them or let the batteriesdie in them for fear of losing what data remains on the devices. Microsoft/Danger has stated that they cannot recover the data but are still trying. Already people are clamoring for a lawsuit. Should we continue to trust cloud computing content providers with our personal information? Perhaps they should have used ZFS or btrfs for their servers."Read more of this storyat Slashdot.

    +Why Cloud Storage Is Lousy For Enterprises (and Individuals)
      storagedude points to this article at Enterprise Storage Forum which argues that cloud-based storage options have fatal limitations for both businesses and individuals: "The article makes the argument that high volumes of data and bandwidth limitations make external cloud storage all but useless for enterprises because it could take months to restore the data in a disaster. It also appears to be a consumer problem — the author spent three months replicating 1TB of home data via cable modem to an online backup service." Seems like those off-site incremental storage firms could dispatch a station wagon full of tapes, for enough money. Update: Here's another reason, for Sidekick users: reader 1ini was one of several to point out an alert from T-Mobile that "...personal information stored on your device — such as contacts, calendar entries, to-do lists or photos — that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."Read more of this storyat Slashdot.

    +Windows Server Trusts Samba4 Active Directory
      Darren Ginter writes "A group of Samba v4 developers recently spent a week in Redmond to work with Microsoft on Active Directory interoperability(?!). The result? Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols. Although Samba v4 is still in the alpha stages, this is a huge step for open source. Or it could be a trap."Read more of this storyat Slashdot.

    +When Do You Fire a Headhunter?
      Captain Sarcastic writes "I have been a contract programmer for a few years (with some time off when a contract-for-hire paid off and made me a full-time employee). Currently, I'm between projects, but I'm a little worried about one of the contracting companies who's helping me. First off, a little history. "Zeke" (not his real name) was with ABC Contractors (not their real name) when I first met him, and he took my resume and started processing me through the jobs that ABC had available. A bit later, Zeke left, and his replacement Yvonne (standard disclaimer) submitted me to a company (call them "Acme") for a contract-for-hire. Everything looked like a good fit, and she E-mailed me a copy of the resume they submitted to Acme. Came the interview, I realized that Zeke had left out part of my history and had mis-dated other aspects, to keep me from appearing unemployed. Like an idiot, I tried to correct this at the interview, to find out that Acme had decided that I had fabricated all of my experience, and chewed out the rep for ABC for sending an unqualified applicant. Fine, learning experience for me — double-check what the contracting company says about you, and don't try to correct things in the middle of the interview." Read below for the rest of the story. What other difficulties have others gone through with headhunters and when is it time to leave one behind?Read more of this storyat Slashdot.

    +Bahama Botnet Stealing Traffic From Google
      itwbennett writes "'As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through DNS poisoning,' explains Juan Carlos Perez in an ITworld article. 'In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box. It's not clear where the Canadian server gets these results. What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.' 'Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred,' Click Forensics reported on Thursday in a blog posting." Related: Techcrunch reports on a massive Chinese click-fraud ring controlling 200,000 IP addresses.Read more of this storyat Slashdot.

    +Microsoft Plans Largest-Ever Patch Tuesday
      CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates requirea restart so please factor that into your deployment planning."Read more of this storyat Slashdot.

    +Comcast's War On Infected PCs (Or All Customers)
      thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.Read more of this storyat Slashdot.

    +Hackers Targeting Xbox Live
      darthcamaro writes "Windows isn't the only piece of Microsoft technology that hackers are attacking anymore. During a presentation at the SecTor security conference in Toronto, a Facetime security researcher revealed numerous methods by which Xbox users are being hacked today. 'Though the Xbox doesn't have the number one market share, it is the top target for hackers,' Boyd said. 'Xbox Live has 17 million plus subscribers, and that service requires payment.'"Read more of this storyat Slashdot.

    Archive: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
    adverise here. ADS ZONE 3!
    © 2012 Pagerss. All rights reserved to their owners.