today update channels










>
November
    •  
    •  
    •  
    •  
    •  
    •  
    • 1
     



     
    Users
    reade
    riko4
    NicoCanali
    reader
    irodgers
    bluronline
    chaolong34
    jtanderson
    alicia4live
    bizman
     
     slashdot.org 
     
    +Using Google To Crack MD5 Passwords
      stern writes "A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker's encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think."Read more of this storyat Slashdot.

    +Maryland To Tax Custom Programming and Computer Services
      mcwop writes "Early this morning Maryland passed legislation to apply a new 6% sales tax to 'custom computer programming' and other computer- and hardware-related services. Computer industry groups lobbied hard against the measure to no avail. Purchasers of IT services may find that in-house IT and buying out-of-state become attractive options, as well as cutting money out of other projects."Read more of this storyat Slashdot.

    +The Evolving Face of Credit Card Scams
      An anonymous reader writes "The 12 Angry Men have a followup to their piece on the cross-sell scam credit card companies have begun using. Their new article concerns another evolving scam being employed, where users are racking up huge fees and charges on cards that have never even been activated. The article goes deep into the standard way the scam plays out, as well as detailing some interesting history on how credit applications are processed, and where they are typically (and frighteningly) subject to tampering."Read more of this storyat Slashdot.

    +Dan Geer On Trusting PCs In Botnets
      walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"Read more of this storyat Slashdot.

    +DNS Server Survey Reveals Mixed Security Picture
      Kurtz'sKompund writes in with word on the latest annual survey of the state of DNS on the Net. The survey, commissioned by infrastructure appliance vendor Infoblox, found that the use of Windows DNS Server in Internet-facing applications has fallen off dramatically as more users act on concerns about security. BIND 9, the latest version, gained against earlier, less secure versions. But in other dimensions, DNS practices showed little improvement from a security point of view. Hardly anyone is using DNSSEC; and 31% of nameservers allow promiscuous zone transfers, a number little changed from last year. Here's a video of an interview with Infoblox's chief architect Cricket Liu on the state of DNS.Read more of this storyat Slashdot.

    +Spying On Tor
      juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."Read more of this storyat Slashdot.

    +Intel Considering Portable Data Centers
      miller60 writes "Intel has become the latest major tech company to express interest in using portable data centers to transform IT infrastructure. Intel says an approach using a "data center in a box" could be 30 to 50 percent cheaper than the current cost of building a data center. "The difference is so great that with this solution, brick-and-mortar data centers may become a thing of the past," an Intel exec writes. Sun and Rackable have introduced portable data centers, while Google has a patent for one and Microsoft has explored the concept. But for all the enthusiasm for data centers in shipping containers, there are few real-world deployments, which raises the question: are portable data centers just fun to speculate about, or can they be a practical solution for the current data center expansion challenges?"Read more of this storyat Slashdot.

    +UK Music Retailers Beg, Drop the DRM
      thefickler notes that consumers aren't the only ones carrying "Death to DRM" placards. UK music retailers are telling the recording industry enough is enough — that the industry's obsession with copy protection is hurting, not helping, profit. Kim Bayley, director-general of the UK Entertainment Retailers Association, said that the anti-piracy technologies are not protecting industry revenue but instead "stifling growth and working against the consumer interest." The ERA hopes the industry will drop DRM in time for the holiday season. Good luck with that.Read more of this storyat Slashdot.

    +Microsoft Admits XP Has Same Bug As Win2K
      Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.Read more of this storyat Slashdot.

    +New ATC System To Rely On AT&T Cell Towers
      longacre writes "The FAA has awarded the long-anticipated first contract for development of its NextGen air traffic control system: a $1.8 billion deal with ITT Corporation, beating out bids from aerospace heavyweights such as Raytheon and Lockheed Martin. ITT's design will make use of hundreds of specially modified AT&T cellular phone towers which, in addition to their normal communications duties, will relay an aircraft's position to air traffic controllers and other aircraft in real time. The initial contract is only enough to wire and test the so-called ADS-B system in the Philadelphia area and around the Gulf of Mexico — hooking up the rest of the country will take an estimated 20 years and $20 billion."Read more of this storyat Slashdot.

    +Skype Encryption Stumps German Police
      TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""Read more of this storyat Slashdot.

    +Expert Unveils 'Scary' VoIP Hack
      Kurtz'sKompund passed us a link to a Techworld article on a frightening new vulnerability for VoIP. The UK's Peter Cox has put together a proof-of-concept software package to illustrate the flaw, a program he's calling SIPtap. "The software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well. The program can index 'IP-tapped' calls by caller - using SIP identity information - and by recipient, and even by date."Read more of this storyat Slashdot.

    +MPAA College Toolkit Raises Privacy, Security Concerns
      An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."Read more of this storyat Slashdot.

    +Researchers Sour on Vista Service Pack 1 Performance
      Stony Stevenson passed us a link indicating that a group of researchers has described Microsoft's upcoming Windows Vista Service Pack 1 as basically a performance dud. Researchers from the Devil Mountain Software group is claiming that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed. "Devil Mountain ran its DMS Clarity Studio framework on a laptop Barth described as a "barn burner" -- dual-core processor, dedicated graphics, and either 1GB or 2GB of memory -- to compare performance of the SP1 release candidate that Microsoft released last week with the RTM version that hit general distribution last January. The Vista RTM was not updated with any of the bug fixes, patches or performance packs that Microsoft has pushed through Windows Update since the operating system's debut. 'One gigabyte, 2GB [of memory], it didn't make a difference,' said [CTO Craig] Barth. 'SP1 was never more than 1% or 2% faster.'"Read more of this storyat Slashdot.

    Archive: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146


    © 2008 Pagerss. All rights reserved to their owners.