An anonymous reader writes "New Canadian anti-spam and anti-spyware legislation is scheduled for a key vote on Monday. Michael Geist reports that the copyright lobby has been pushing to remove parts of the bill that would take away exceptions which currently allow spyware to be installed without authorization. 'The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means.' There have also been proposals to extend the exemptions granted to telecom providers to include the installation of programs without the user's express consent, which Geist says will 'leave the door open to private, surreptitious surveillance.'"Read more of this storyat Slashdot.

  CWmike writes to mention that the "Windows Presentation Foundation" plugin that Microsoft slipped into Firefox last February apparently left the popular browser open to attack. This was among the many things recently addressed in the massive Tuesday patch. "What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox. The usual 'Disable' and 'Uninstall' buttons in Firefox's add-on list were grayed out on all versions of Windows except Windows 7, leaving most users no alternative other than to root through the Windows registry, a potentially dangerous chore, since a misstep could cripple the PC. Several sites posted complicated directions on how to scrub the .NET add-on from Firefox, including Annoyances.org."Read more of this storyat Slashdot.

  An anonymous reader writes "Has anyone setup a system to aggregate multiple ISP connections to form a high bandwidth site-to-site link? Load Sharing SCTP looked interesting, but it doesn't look like it has been widely adopted. Multi-Link PPP appears to be more widely supported for clients, but I can't find any good guides for setting up both sides of the connection for a site-to-site link. The hardware solutions I've found are expensive for a small business. Does anyone have experience using hardware solutions from Mushroom Networks (Virtual Leased Line, p2 of this document), Ecessa (site-to-Site Channel Bonding), or others?"Read more of this storyat Slashdot.

  nandemoari writes "T-Mobile is taking a huge financial hit in the fallout over the Sidekick data loss. But Microsoft, which bears at least part of the responsibility for the mistake, is paying the price with its reputation. As reported earlier this week, the phone network had to admit that some users' data had been permanently lost due to a problem with a server run by Microsoft-owned company Danger. The handset works by storing data such as contacts and appointments on a remote computer rather than on the phone itself. BBC news reports today that Microsoft has in fact recovered all data, but a minority are still affected (out of 1 million subscribers). Amidst this, Microsoft appears not to have suffered any financial damage. However, it seems certain that its relationship with T-Mobile will have taken a major knock. The software giant is also the target of some very bad publicity as critics question how on earth it failed to put in place adequate back-ups of the data. That could seriously damage the potential success of the firm's other 'cloud computing' plans, such as web-only editions of Office."Read more of this storyat Slashdot.

  ruphus13 writes "In a recent talk at the Churchill Club, Michael Dell addressed several topics, including the fact that Windows 7 is poised to take advantage of the upgrade cycle. Dell has always been a strong MS OEM ally and it is now hoping to cash in again from the impending upgrades. From the post: 'Dell made plain several times that he sees the installed base of technology as very old, and sees a coming "refresh cycle" for which he has high hopes. "The latest generation of chips from Intel is strong, particularly Nehalem," he said, adding, "and Windows 7 is on its way." (The operating system arrives Oct. 22nd, although Microsoft's large-volume licensees are already getting it.) He pointed out that many business are running Windows XP, which is eight years old. "I've been using Windows 7 for a long time now," he said, "and if you get the latest processor technology and Office 2010 with it, you will love your PC again. It's a dramatic improvement."'"Read more of this storyat Slashdot.

  An anonymous reader writes "Starting next July, every person in Finland will have the right to a one-megabit broadband connection, according to the Ministry of Transport and Communications. Finland is the world's first country to create laws guaranteeing broadband access. The Finnish people are also legally guaranteed a 100Mb broadband connection by the end of 2015."Read more of this storyat Slashdot.

  alphadogg writes "Delta Air Lines is being sued for allegedly hacking the e-mail account of a passenger rights advocate supporting legislation that would allow access to food, water and toilets during long delays on the tarmac. Kathleen Hanni, executive director of Flyersrights.org, alleges Delta obtained sensitive e-mails and files and used the material in an attempt to derail the 'Airline Passenger's Bill of Rights of 2009,' of which four versions are pending before Congress. The suit was filed on Tuesday in US District Court for the Southern District of Texas and seeks a minimum of $11 million in damages. Flyersrights.org, a nonprofit organization founded in 2007, had been investigating surface delays in air travel."Read more of this storyat Slashdot.

  kkleiner writes "For all the glory it gets, the fingerprint has evolved very little in the last 60 years. They’re still two dimensional. The US Department of Homeland Security and the National Institute of Justice are hoping to change that. They've given grants to dozens of companies to perfect touchless 3D fingerprinting. Two universities (University of Kentucky and Carnegie Mellon) and their two respective start-up companies (Flashscan 3D and TBS Holdings) have succeeded. Fingerprints have reached the third dimension and they are faster, more accurate, and touchless."Read more of this storyat Slashdot.

  christian.einfeldt writes "Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD, rather than Microsoft Windows, to access their on-line banking. He tells a story of two businesses that lost $100K and $447K, respectively, when thieves — armed with malware on the company controller's PC — were able to intercept one of the controller's log-in codes, and then delay the controller from logging in. Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked downcomputer system from where regular e-mail and Web browsing [are] not possible.' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking." Police in Australia offer similar advice, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."Read more of this storyat Slashdot.

  Ponca City, We love you writes "The EFF has warned Texas Instruments not to pursue legal threats against calculator hobbyists who perform modifications to the company's programmable graphing calculators. TI's calculators perform a 'signature check' that allows only approved operating systems to be loaded, but researchers have reverse-engineered signing keys, allowing tinkerers to install custom operating systems and unlock new functionality in the calculators' hardware. In response, TI has unleashed a torrent of demand letters claiming that the anti-circumvention provisions of the Digital Millennium Copyright Act require the hobbyists to take down commentary about and links to the keys. 'This is not about copyright infringement. This is about running your own software on your own device — a calculator you legally bought,' says EFF Civil Liberties Director Jennifer Granick. 'Yet TI still issued empty legal threats in an attempt to shut down discussion of this legitimate tinkering. Hobbyists are taking their own tools and making them better, in the best tradition of American innovation.'"Read more of this storyat Slashdot.

  plover writes "Kim Zetter of Wired documents an extensive hack of Wal-Mart that took place in 2005-2006. She goes into great detail about the investigation and what the investigators found, including that the hackers made copies of their point-of-sale source code, and that they ran l0phtCrack on a Wal-Mart server. 'Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart's initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.' Wal-mart has long since fixed the flaws that allowed the compromise, and confirmed that no customer data was lost in the hack — which is why they did not need to report the breach publicly earlier." This intrusion happened around the same time that Albert Gonzalez's gang was breaking into Marshall's and its parent company, TJX. The MO was quite similar: researching and closely targeting the point-of-sale systems in use. But the article notes that "There's no evidence Wired.com has seen linking Gonzalez to the Wal-Mart breach."Read more of this storyat Slashdot.

  Icemaann writes "Pingdom and Network World are reporting that the SE tld dropped off the internet yesterday due to a bug in the script that generates the SE zone file. The SE tld has close to one million domains that all went down due to missing the trailing dot in the SE zone file. Some caching nameservers may still be returning invalid DNS responses for 24 hours."Read more of this storyat Slashdot.

  inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.Read more of this storyat Slashdot.

  An anonymous reader writes "People still don't understand SSL. This isn't much of a surprise... no one expects that grandma and grandpa know what SSL is and what it does. What is surprising and downright scary is that most IT professionals don't understand SSL, and many consider it to be the be-all, end-all of security in their organization. With all the tools out there to manipulate SSL connections, and the browser vendors unable to settle on a single method of showing if a site is secured by SSL or not, is it any wonder that no one gets it?"Read more of this storyat Slashdot.