http://it.slashdot.org/ News for nerds, stuff that matters en-us Copyright 1997-2009, Geeknet, Inc. All Rights Reserved. 2009-11-09T04:50:24+00:00 Geeknet, Inc. help@slashdot.org Technology hourly 1 1970-01-01T00:00+00:00 http://a.fsdn.com/sd/topics/topicslashdot.gif http://it.slashdot.org/ http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/wi_T-0ljnAw/Massive-Power-Outages-In-Brazil-Caused-By-Hackers Hugh Pickens writes "CBS reports on 60 minutes that a massive two-day power outage in Brazil's Espirito Santo State affecting more than three million people in 2007, and another, smaller event in three cities north of Rio de Janeiro in January 2005, were perpetrated by hackers manipulating control systems. Former Chief of US National Intelligence Retired Adm. Mike McConnell says that the 'United States is not prepared for such an attack' and believes it could happen in America. 'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.' Congressman Jim Langevin says that US power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. 'They admit that they misled Congress. The private sector has different priorities than we do in providing security. Their bottom line is about profits,' says Langevin. 'We need to change their motivation so that when see vulnerability like this, we can require them to fix it.' McConnell adds that a similar attack to the one in Brazil is poised to take place on US soil and that it may take some horrific event to get the country focused on shoring up cyber security. 'If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there.'"<p><a href="http://it.slashdot.org/story/09/11/09/0012226/Massive-Power-Outages-In-Brazil-Caused-By-Hackers?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/09/0012226"></a></p><p><a href="http://it.slashdot.org/story/09/11/09/0012226/Massive-Power-Outages-In-Brazil-Caused-By-Hackers?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/jLTjz9_vMBdXO8fNPBy4S2y5hVI/0/da"><img src="http://feedads.g.doubleclick.net/~at/jLTjz9_vMBdXO8fNPBy4S2y5hVI/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/jLTjz9_vMBdXO8fNPBy4S2y5hVI/1/da"><img src="http://feedads.g.doubleclick.net/~at/jLTjz9_vMBdXO8fNPBy4S2y5hVI/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/wi_T-0ljnAw" height="1" width="1"/> timothy 2009-11-09T00:17:00+00:00 security mongering-engine-warming-up it 225 225,219,168,141,33,17,15 http://it.slashdot.org/story/09/11/09/0012226/Massive-Power-Outages-In-Brazil-Caused-By-Hackers?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/-mxWjyMKBXA/Malware-Can-Download-Child-Porn-To-Your-Computer 2muchcoffeeman writes "The Associated Press tells the story of Michael Fiola, a former Massachusetts government employee who was arrested in 2007 after child porn was found on his state-issued laptop computer. He was eventually cleared of all charges after some digging by the defense found that the laptop was infected with malware that was 'programmed to visit as many as 40 child porn sites per minute &mdash; an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half. Prosecutors performed another test and confirmed the defense findings. The charge was dropped &mdash; 11 months after it was filed.' The article also discusses the technical aspects of how it could happen and about similar cases in the United Kingdom in 2003."<p><a href="http://it.slashdot.org/story/09/11/08/2135245/Malware-Can-Download-Child-Porn-To-Your-Computer?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/08/2135245"></a></p><p><a href="http://it.slashdot.org/story/09/11/08/2135245/Malware-Can-Download-Child-Porn-To-Your-Computer?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/ukySmG4BwD_KTmbpFxVz7A7q-xo/0/da"><img src="http://feedads.g.doubleclick.net/~at/ukySmG4BwD_KTmbpFxVz7A7q-xo/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/ukySmG4BwD_KTmbpFxVz7A7q-xo/1/da"><img src="http://feedads.g.doubleclick.net/~at/ukySmG4BwD_KTmbpFxVz7A7q-xo/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/-mxWjyMKBXA" height="1" width="1"/> timothy 2009-11-08T21:47:00+00:00 security where's-dexter-when-needed? it 325 325,312,225,172,52,27,19 http://it.slashdot.org/story/09/11/08/2135245/Malware-Can-Download-Child-Porn-To-Your-Computer?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/Zk3O3lh2r0U/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones Unexpof writes "Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of '80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: 'Accessing someone else's computing device and changing their data without permission is an offense in many countries &mdash; and just as with graffiti there is a cost involved in cleaning-up affected iPhones. ... Other inquisitive hackers may also be tempted to experiment once they read about the world's first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.'"<p><a href="http://apple.slashdot.org/story/09/11/08/1411259/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/08/1411259"></a></p><p><a href="http://apple.slashdot.org/story/09/11/08/1411259/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/My1xSckYW_sNwVkZfB5QH0gfrkc/0/da"><img src="http://feedads.g.doubleclick.net/~at/My1xSckYW_sNwVkZfB5QH0gfrkc/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/My1xSckYW_sNwVkZfB5QH0gfrkc/1/da"><img src="http://feedads.g.doubleclick.net/~at/My1xSckYW_sNwVkZfB5QH0gfrkc/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/Zk3O3lh2r0U" height="1" width="1"/> Soulskill 2009-11-08T15:08:00+00:00 worms maximum-threat apple 160 160,152,119,98,38,20,12 http://apple.slashdot.org/story/09/11/08/1411259/First-iPhone-Worm-Discovered-Rickrolls-Jailbroken-Phones?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/qRWiqJZDhgA/Microsoft-COFEE-Leaked 54mc writes "Crunchgear reports that Microsoft's long-searched-for forensics tool, COFEE, has been leaked. The tool started on a small, private tracker, but has since worked its way to The Pirate Bay. Not all those who have gotten hold of it are enthused, and reviews have ranged from 'disappointing' to 'useless.' From the article: 'You have absolutely no use for the program. It's not something like Photoshop or Final Cut Pro, an expensive application that you download for the hell of it on the off-chance you need to put Dave Meltzer's face on Brett Hart's body as part of a message board thread. No, COFEE is 100 percent useless to you.'"<p><a href="http://tech.slashdot.org/story/09/11/08/1340208/Microsoft-COFEE-Leaked?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/08/1340208"></a></p><p><a href="http://tech.slashdot.org/story/09/11/08/1340208/Microsoft-COFEE-Leaked?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/9kTAOUOnzXg_rGqY-pbXLLXSA8g/0/da"><img src="http://feedads.g.doubleclick.net/~at/9kTAOUOnzXg_rGqY-pbXLLXSA8g/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/9kTAOUOnzXg_rGqY-pbXLLXSA8g/1/da"><img src="http://feedads.g.doubleclick.net/~at/9kTAOUOnzXg_rGqY-pbXLLXSA8g/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/qRWiqJZDhgA" height="1" width="1"/> Soulskill 2009-11-08T14:05:00+00:00 software not-so-hot-cofee-incident technology 143 143,139,99,72,30,20,16 http://tech.slashdot.org/story/09/11/08/1340208/Microsoft-COFEE-Leaked?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/T7NyF84Ir88/Test-of-16-Anti-Virus-Products-Says-None-Rates-Very-Good An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."<p><a href="http://tech.slashdot.org/story/09/11/08/0233248/Test-of-16-Anti-Virus-Products-Says-None-Rates-Very-Good?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/08/0233248"></a></p><p><a href="http://tech.slashdot.org/story/09/11/08/0233248/Test-of-16-Anti-Virus-Products-Says-None-Rates-Very-Good?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/25ns8yJ0sm_akYy6cVlE-YaZzb0/0/da"><img src="http://feedads.g.doubleclick.net/~at/25ns8yJ0sm_akYy6cVlE-YaZzb0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/25ns8yJ0sm_akYy6cVlE-YaZzb0/1/da"><img src="http://feedads.g.doubleclick.net/~at/25ns8yJ0sm_akYy6cVlE-YaZzb0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/T7NyF84Ir88" height="1" width="1"/> timothy 2009-11-08T03:20:00+00:00 security keeps-the-av-people-in-business-though technology 298 298,296,233,186,50,28,16 http://tech.slashdot.org/story/09/11/08/0233248/Test-of-16-Anti-Virus-Products-Says-None-Rates-Very-Good?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/8LUlWCa2kGk/Cisco-Security-System-Shuts-Out-Third-Party-Tools alphadogg writes "Cisco has finally publicly acknowledged it won't add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Some claim it's the beginning of the end for MARS as a multi-vendor SIEM device. 'MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added,' Cisco declared in a statement, noting that 'Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation.' Cisco's SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, 'Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS].'"<p><a href="http://tech.slashdot.org/story/09/11/07/144225/Cisco-Security-System-Shuts-Out-Third-Party-Tools?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/07/144225"></a></p><p><a href="http://tech.slashdot.org/story/09/11/07/144225/Cisco-Security-System-Shuts-Out-Third-Party-Tools?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/P3Zsu7ZCWhYWtAa23spgMVOlQWM/0/da"><img src="http://feedads.g.doubleclick.net/~at/P3Zsu7ZCWhYWtAa23spgMVOlQWM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/P3Zsu7ZCWhYWtAa23spgMVOlQWM/1/da"><img src="http://feedads.g.doubleclick.net/~at/P3Zsu7ZCWhYWtAa23spgMVOlQWM/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/8LUlWCa2kGk" height="1" width="1"/> Soulskill 2009-11-07T15:19:00+00:00 networking trouble-versus-worth technology 35 35,34,32,24,8,3,1 http://tech.slashdot.org/story/09/11/07/144225/Cisco-Security-System-Shuts-Out-Third-Party-Tools?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/lqeYFyIL8uM/National-Data-Breach-Law-Advances Trailrunner7 writes "Two separate bills that would require organizations to notify consumers when their personal information has been compromised have made their way out of committee in the Senate, a critical step toward the creation of a national data-breach notification bill. But the Data Breach Notification Act, S.139, exempts federal agencies and other organizations subject to the bill from disclosing a breach if the data involved in the breach was encrypted. This is a clause that has caused some controversy, as some experts say that simply encrypting data does not render it useless. Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.' That is a very broad exemption that could become a sticking point as the bill moves along. The terms 'access controls' and 'other such mechanisms' encompass a huge number of technologies."<p><a href="http://yro.slashdot.org/story/09/11/06/1638226/National-Data-Breach-Law-Advances?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/06/1638226"></a></p><p><a href="http://yro.slashdot.org/story/09/11/06/1638226/National-Data-Breach-Law-Advances?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/PDFJu6rQJTwoshDlLyQSTPs6xsg/0/da"><img src="http://feedads.g.doubleclick.net/~at/PDFJu6rQJTwoshDlLyQSTPs6xsg/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/PDFJu6rQJTwoshDlLyQSTPs6xsg/1/da"><img src="http://feedads.g.doubleclick.net/~at/PDFJu6rQJTwoshDlLyQSTPs6xsg/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/lqeYFyIL8uM" height="1" width="1"/> kdawson 2009-11-06T18:12:00+00:00 government pre-emption-could-be-bad yro 50 50,48,39,31,11,6,2 http://yro.slashdot.org/story/09/11/06/1638226/National-Data-Breach-Law-Advances?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/WofRkMgFujY/Fear-Detector-To-Sniff-Out-Terrorists Hugh Pickens writes "Evidence that the smell of fear is real was uncovered by US scientists last year who studied the underarm secretions of 20 terrified novice skydivers and found that people appear to respond unconsciously to the sweat smell of a frightened person. Now the Telegraph reports that researchers hope a 'fear detector' will make it possible to identify individuals at check points who are up to no good. 'The challenge lies in the characterization and identification of the specific chemical that gives away the signature of human fear, especially the fear in relation to criminal acts,' says Professor Tong Tun at City University London, who leads the team developing security sensor systems that can detect the human fear pheromone. The project will look at potential obstacles to the device, such as the effects of perfume and the variances in pheromone production and if the initial 18-month feasibility study is successful, the first detectors could be developed in the next two to three years. 'I do not see any particular reason why similar sensor techniques cannot be expanded to identify human smells by race, age or gender to build a profile of a criminal during or after an incident,' Tong added."<p><a href="http://science.slashdot.org/story/09/11/06/0837206/Fear-Detector-To-Sniff-Out-Terrorists?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/06/0837206"></a></p><p><a href="http://science.slashdot.org/story/09/11/06/0837206/Fear-Detector-To-Sniff-Out-Terrorists?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/8Q-7A2kU4zpJcvcECl89NdKkTts/0/da"><img src="http://feedads.g.doubleclick.net/~at/8Q-7A2kU4zpJcvcECl89NdKkTts/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/8Q-7A2kU4zpJcvcECl89NdKkTts/1/da"><img src="http://feedads.g.doubleclick.net/~at/8Q-7A2kU4zpJcvcECl89NdKkTts/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/WofRkMgFujY" height="1" width="1"/> timothy 2009-11-06T13:13:00+00:00 biotech interesting-assumptions science 342 342,342,278,209,64,44,30 http://science.slashdot.org/story/09/11/06/0837206/Fear-Detector-To-Sniff-Out-Terrorists?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ltV0u7uwxkE/Shockwave-Vulnerabilities-Affect-More-Than-450-Million-Systems Trinity writes "Researchers from VUPEN have discovered critical vulnerabilities in Adobe Shockwave, a technology installed on over 450 million Internet-enabled desktops. The vulnerabilities could allow remote code execution by tricking a user into visiting a web page using Internet Explorer or even Mozilla Firefox. Version 11.5.1.601 as well as earlier ones are affected. The vendor recommends upgrading to version 11.5.1.602." Especially sobering when you consider Adobe's current push to be essentially required as an intermediary player for anyone who wants to see certain government data.<p><a href="http://it.slashdot.org/story/09/11/05/1853242/Shockwave-Vulnerabilities-Affect-More-Than-450-Million-Systems?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/05/1853242"></a></p><p><a href="http://it.slashdot.org/story/09/11/05/1853242/Shockwave-Vulnerabilities-Affect-More-Than-450-Million-Systems?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/MrB_rEmQ-TfeOvrTB8Mxp89vJHw/0/da"><img src="http://feedads.g.doubleclick.net/~at/MrB_rEmQ-TfeOvrTB8Mxp89vJHw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/MrB_rEmQ-TfeOvrTB8Mxp89vJHw/1/da"><img src="http://feedads.g.doubleclick.net/~at/MrB_rEmQ-TfeOvrTB8Mxp89vJHw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ltV0u7uwxkE" height="1" width="1"/> timothy 2009-11-05T19:14:00+00:00 security drug-resistant-infections it 128 128,126,101,81,28,21,16 http://it.slashdot.org/story/09/11/05/1853242/Shockwave-Vulnerabilities-Affect-More-Than-450-Million-Systems?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/wAJE9YWW8bk/Facebook-and-MySpace-Backdoors-Found-Fixed jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily &mdash; just with browser AJAX requests &mdash; a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.<p><a href="http://tech.slashdot.org/story/09/11/05/1552204/Facebook-and-MySpace-Backdoors-Found-Fixed?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/05/1552204"></a></p><p><a href="http://tech.slashdot.org/story/09/11/05/1552204/Facebook-and-MySpace-Backdoors-Found-Fixed?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/DJblC8mGYNEou4jXc7irLfA7jJo/0/da"><img src="http://feedads.g.doubleclick.net/~at/DJblC8mGYNEou4jXc7irLfA7jJo/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/DJblC8mGYNEou4jXc7irLfA7jJo/1/da"><img src="http://feedads.g.doubleclick.net/~at/DJblC8mGYNEou4jXc7irLfA7jJo/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/wAJE9YWW8bk" height="1" width="1"/> Soulskill 2009-11-05T16:29:00+00:00 security oh-adobe-you-card technology 106 106,105,80,65,10,6,5 http://tech.slashdot.org/story/09/11/05/1552204/Facebook-and-MySpace-Backdoors-Found-Fixed?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/_lYnneQGyL8/Man-In-the-Middle-Vulnerability-For-SSL-and-TLS imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."<p><a href="http://it.slashdot.org/story/09/11/05/144252/Man-In-the-Middle-Vulnerability-For-SSL-and-TLS?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/05/144252"></a></p><p><a href="http://it.slashdot.org/story/09/11/05/144252/Man-In-the-Middle-Vulnerability-For-SSL-and-TLS?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/2BpGVLjVikXTv2TFmpNrwEC6gIw/0/da"><img src="http://feedads.g.doubleclick.net/~at/2BpGVLjVikXTv2TFmpNrwEC6gIw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/2BpGVLjVikXTv2TFmpNrwEC6gIw/1/da"><img src="http://feedads.g.doubleclick.net/~at/2BpGVLjVikXTv2TFmpNrwEC6gIw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/_lYnneQGyL8" height="1" width="1"/> Soulskill 2009-11-05T14:23:00+00:00 security alphabet-soup it 166 166,166,126,95,24,15,11 http://it.slashdot.org/story/09/11/05/144252/Man-In-the-Middle-Vulnerability-For-SSL-and-TLS?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/5gRmPsVfK2U/Maryland-Town-Tests-New-Cryptographic-Voting-System ceswiedler writes "In Tuesday's election voters in Takoma Park, MD used a new cryptographic voting system designed by David Chaum with researchers from several universities including MIT and the University of Maryland. Voters use a special ink to mark their ballots, which reveals three-digit codes which they can later check against a website to verify their vote was tallied. Additionally, anyone can download election data from a Subversion repository and verify the overall accuracy of the results without seeing the actual choices of any individual voter."<p><a href="http://politics.slashdot.org/story/09/11/04/2321213/Maryland-Town-Tests-New-Cryptographic-Voting-System?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/04/2321213"></a></p><p><a href="http://politics.slashdot.org/story/09/11/04/2321213/Maryland-Town-Tests-New-Cryptographic-Voting-System?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/jSGPFKvtcqoEKHbLUTj4CmKVP4s/0/da"><img src="http://feedads.g.doubleclick.net/~at/jSGPFKvtcqoEKHbLUTj4CmKVP4s/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/jSGPFKvtcqoEKHbLUTj4CmKVP4s/1/da"><img src="http://feedads.g.doubleclick.net/~at/jSGPFKvtcqoEKHbLUTj4CmKVP4s/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/5gRmPsVfK2U" height="1" width="1"/> samzenpus 2009-11-04T23:58:00+00:00 security super-safe-voting politics 226 226,226,197,171,33,17,10 http://politics.slashdot.org/story/09/11/04/2321213/Maryland-Town-Tests-New-Cryptographic-Voting-System?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ZRm24waEYXc/On-Demand-Video--CMS--Interactive-Input-For-Museum remolacha writes "I've been given the task of tech chief for a biggish art museum (1,300 m^2, or about 13,000 sq ft) in Spain. The museum's designers want 20 'terminals' that will offer on-demand video and interactive content. The terminals' content will change with the exhibits; many will have touchscreens. More interesting forms of input are planned as well (floor sensors, big buttons). It's all on one floor, and the floors are raised, so I can run cabling and set up floor ethernet jacks. Max cable run is 60m / 190ft. The museum may expand to 4 times its projected size once open, by comandeering other floors in the building. To give an idea of where the designers heads are, they were talking about a massive DVD changer in a closet somewhere. I am thinking an intranet running a web server with a CMS and Flash media server, terminals running Firefox in kiosk mode. I'd love to do everything on Linux. Does anyone have experience with a setup like this, better ideas, or advice?"<p><a href="http://ask.slashdot.org/story/09/11/04/2236220/On-Demand-Video--CMS--Interactive-Input-For-Museum?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/04/2236220"></a></p><p><a href="http://ask.slashdot.org/story/09/11/04/2236220/On-Demand-Video--CMS--Interactive-Input-For-Museum?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/CvSCzW3bK9WY95HVLRLa_EMy5HU/0/da"><img src="http://feedads.g.doubleclick.net/~at/CvSCzW3bK9WY95HVLRLa_EMy5HU/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/CvSCzW3bK9WY95HVLRLa_EMy5HU/1/da"><img src="http://feedads.g.doubleclick.net/~at/CvSCzW3bK9WY95HVLRLa_EMy5HU/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ZRm24waEYXc" height="1" width="1"/> timothy 2009-11-04T22:55:00+00:00 displays free-reign-in-spain askslashdot 131 131,129,90,56,21,11,5 http://ask.slashdot.org/story/09/11/04/2236220/On-Demand-Video--CMS--Interactive-Input-For-Museum?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ACAcqe5AYKE/PayPal-Introduces-Open-API m2pc writes "PayPal has just announced the availability of their Open API under the 'PayPal X Program.' This enables developers to integrate PayPal payment processing services without forcing users to redirect to PayPal's website to enter payment information. This new initiative is designed to allow the company to better compete with the likes of Google and Amazon, which offer similar services. I wonder how much they paid for their domain: x.com?"<p><a href="http://it.slashdot.org/story/09/11/04/2151245/PayPal-Introduces-Open-API?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/04/2151245"></a></p><p><a href="http://it.slashdot.org/story/09/11/04/2151245/PayPal-Introduces-Open-API?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/TBAzHejnfqvS0l9X1P5Gyzhsldk/0/da"><img src="http://feedads.g.doubleclick.net/~at/TBAzHejnfqvS0l9X1P5Gyzhsldk/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/TBAzHejnfqvS0l9X1P5Gyzhsldk/1/da"><img src="http://feedads.g.doubleclick.net/~at/TBAzHejnfqvS0l9X1P5Gyzhsldk/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ACAcqe5AYKE" height="1" width="1"/> timothy 2009-11-04T22:11:00+00:00 it freedom-to-pay it 128 128,126,109,88,30,24,11 http://it.slashdot.org/story/09/11/04/2151245/PayPal-Introduces-Open-API?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/BxljRxdLhDc/Comcasts-New-Throttling-Plan-Uses-Trigger-Conditions-Not-Silent-Blocking clang_jangle writes with this excerpt from The Inquirer outlining Comcast's new traffic-throttling scheme, based on information from Comcast's latest FCC filing. "Its network throttling implements a two-tier packet queueing system at the routers, driven by two trigger conditions. Comcast's first traffic throttling trigger is tripped by using more than 70 per cent of your maximum downstream or upstream bandwidth for more than 15 minutes. Its second traffic throttling trigger is tripped when the Cable Modem Termination System you're hooked-up to &ndash; along with up to 15,000 other Comcast subscribers &ndash; gets congested, and your traffic is somehow identified as being responsible. Tripping either of Comcast's high bandwidth usage rate triggers results in throttling for at least 15 minutes, or until your average bandwidth utilisation rate drops below 50 per cent for 15 minutes."<p><a href="http://tech.slashdot.org/story/09/11/04/2026206/Comcasts-New-Throttling-Plan-Uses-Trigger-Conditions-Not-Silent-Blocking?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/04/2026206"></a></p><p><a href="http://tech.slashdot.org/story/09/11/04/2026206/Comcasts-New-Throttling-Plan-Uses-Trigger-Conditions-Not-Silent-Blocking?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/gvYGt4PSP1bJCI6LD7VjqAWK-LY/0/da"><img src="http://feedads.g.doubleclick.net/~at/gvYGt4PSP1bJCI6LD7VjqAWK-LY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/gvYGt4PSP1bJCI6LD7VjqAWK-LY/1/da"><img src="http://feedads.g.doubleclick.net/~at/gvYGt4PSP1bJCI6LD7VjqAWK-LY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/BxljRxdLhDc" height="1" width="1"/> timothy 2009-11-04T20:38:00+00:00 internet sir-there's-some-whining-on-lines-1-through-57 technology 694 694,684,576,439,78,52,30 http://tech.slashdot.org/story/09/11/04/2026206/Comcasts-New-Throttling-Plan-Uses-Trigger-Conditions-Not-Silent-Blocking?from=rss Search Slashdot stories query http://it.slashdot.org/search.pl