Domain: shaftek.org
Stories and comments across the archive that link to shaftek.org.
Stories · 15
-
Hacking the US Prescription System
An anonymous reader writes: It appears that most pharmacies in the US are interconnected, and a breach in one leads to access to the other ones. A security advisory released [Friday] shows how a vulnerability in an online pharmacy granted access to prescription history for any US person with just their name and date of birth. From the description linked above: During the signup process, PillPack.com prompts users for their identifying information. In the end of the signup rocess, the user is shown a list of their existing prescriptions in all other pharmacies in order to make the process of transferring them to PillPack.com easier. ... To replicate this issue, an attacker would be directed to the PillPack.com website and choose the signup option. As long as the full name and the date of birth entered during signup match the target, the attacker will gain access to the target's full prescription history. -
IETF Approves SPF and Sender-ID
NW writes "According to the records in the IETF's database (here and here), both the SPF and Sender-ID anti-spam proposals were tentatively approved by the IESG (the approval board of the IETF) as experimental standards. It remains to be seen whether any of them will actually put a dent into spam." At the same time, the FTC has opened a central site about email authentication. -
Free Software Mag Interviews Sys-Con Publisher
NW writes "Tony Mobily, editor of the Free Software Magazine recently interviewed Fuat Kircaali, founder and publisher of Sys-Con Media. The interview revolves around the recent controversy surrounding the article written by Maureen O'Gara attacking Pamela Jones of GrokLaw." -
Google Announces 'Google Movies'
NW writes "Over at the official Google Blog, a new Google feature was announced - Google Movies. When using the 'movie:' operator in Google, it brings up movie reviews. At the first glance it looks like a custom search across movie review sites. There are also movie 'home pages' like this one which aggregate all reviews AND calculate the total score based on the number of stars. It looks like something similar to Google News - parsing all the reviews and it remains to be seen whether it will be expanded to something like IMDB. There is also no ads, probably for the same reason as Google News. The bottom of the page states 'The selection and placement of reviews on this page were determined automatically by a computer program. No movie critics were harmed or even used in the making of this page.'" -
New Legal Center for Open Source Projects
NW writes "According to a News.com story well known OSS lawyers Lawrence Lessig and Eben Moglen are launching a new "Software Freedom Legal Center" to assist open source developers with legal issues for free." You can view the website at Softwarefreedom.org. -
Who Invests in Spyware Companies?
NW writes "Ben Edelman just published a list of major investors in spyware companies totaling over $139 million in venture capital." Slashdot has not verified Edelman's information, and please note that harassing the receptionist at these places is unlikely to cause any change in their investment policies. -
USPS Service Kiosks Taking Pictures of Customers
NW writes "According to FOIA documents obtained by EPIC new Postal Service self-service postage machines take portrait-style photographs of customers and retain them for 30 days." IBM is the contractor behind the kiosks. Note that the kiosk is supposed to not complete the transaction if it determines the photograph has been compromised, so simply covering the camera is unlikely to work. As the cost of cameras and digital storage approaches zero, is it inevitable that every machine you interact with will take your photograph and store it? -
Microsoft Offers to License the Internet
NW writes "According to an eWeek story Microsoft is beginning to assert IP rights over 130 protocols including many basic Internet protocols including TCP/IP, DNS, etc. The story originates with a mailing list post to the IETF's IPR list." -
Sender-ID Back From The Dead
NW writes "Microsoft's Sender-ID standard has been left for the dead since the rejection earlier this fall by the IETF. According to a Reuters story, it has been revised and will be resubmitted to the IETF. Along the way, Microsoft managed to pick up AOL's endorsement of Sender-ID. My humble analysis appears here." -
Gmail Begins Signing Email with DomainKeys
NW writes "According to a post at IETF's MAIL-SIG list, Google has begun to sign outgoing email from Gmail with Yahoo's DomainKeys signatures. This is the first large provider of email that is actually doing so (not even Yahoo has started that yet)." -
Indymedia Servers Given Back
NW writes "According to a post on Indymedia Argentina the two Indymedia servers seized earlier by the FBI are in the process of being returned: "A Rackspace employee stated, "I was just told that the court order is being complied with and your servers in London will be online at 5pm GMT. I will pass along anymore information that becomes available and that I am allowed to." It has been verified that the returned hard-drives are the originals, but the circumstances of the seizure still remain unclear: who took them, why were they taken, and under which court order? Indymedia is not aware as to whether Rackspace is still under gag order. The hard-drives will be treated as "hacked" (compromised) and as a result there will be delays in restoring the sites that are still down."" Here's our previous coverage on this. -
Debian Project Rejects Sender-ID
NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well." -
FSF & OSI Speak out Against Sender-ID License
NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down."" -
MS Releases License For Sender-ID
NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question." -
RMS Weighs In On SPF/Sender-ID License
NW writes "In a recent message to the MARID list RMS weighs in on the licensing issues of Sender-ID/SPF and Microsoft: 'Microsoft's Sender-ID license is directly incompatible with free software regardless of which free software license is used. Free software means users are free to run it, study and modify the source, and to redistribute it with or without changes. Free to do so means there is no requirement to ask or tell anyone that you are doing so.'" "MARID" stands for MTA Authorization Records in DNS; here's the IETF MARID working group's charter. (Read more below.)Stallman's message continues: "The Microsoft license for Sender-ID directly forbids release of software with all these freedoms, so it is impossible for any program to be free software under Microsoft's regime. I've been expecting to see something like this ever since Gates started talking about spam. This license is an example of Microsoft's strategy for killing off free software as an alternative to Windows. Microsoft first patents something, then incorporates it into a format or protocol, then tries to make it de rigueur while excluding those it wishes to exclude. In the absence of resistance, Microsoft has a good chance of imposing whatever standards it likes. Let us, therefore, resist it here and now."