Slashback: Disclosure, Maricopa, Telecoms

Slashback tonight with another round of updates and errata regarding recent Slashdot stories. Read on for more on domain slamming, the process behind fixing and revealing the recent OpenSSH vulnerability, early photography, and a special note for residents of Maricopa County, Arizona.

Quick work by smart people. ciaweb writes "The OpenSSH group has revised its security advisory about the recent OpenSSH vulnerabilities. In it, they describe their decision-making process for releasing the bug information. It is interesting to contrast their procedure, which appears designed to maximize user protection, against Microsoft's, which appears to maximize Microsoft's protection."

Pardon me, sir, would you mind if I SLAMMED THIS HAMMER ON YOUR FINGERS?! D0wnsp0ut writes "I thumbed through my mail today and found what appeared to be a renewal notice for my domain. This one came from "Domain Registry of America." Verisign attempted something similar back in March and Bulkregister.com fought back and won an injunction, against the mailings. So watch out if your domain is getting close to expiring. I talked to my registrar (Register.com) and they're aware of it.
I'll scan the letter but have no place to post the pictures. Can anyone lend some bandwidth?"

Half the world has never eaten a Krispy Kreme donut, either. cshirky writes "I've just written an essay on the phrase ' Half the world has never made a phone call'. It's more 'voice telephony-y' than the usual telecom stories here, but after seeing the interest in media and the market that surfaced during my /. interview, I thought it might be of some interest."

Please stop sending my money to Redmond, OK? TrumpetPower! writes "All that brouhaha over Maricopa County's policy prohibiting companies or persons convicted of antitrust violations has had an effect. I just received the following note announcing a public forum scheduled for this coming Monday.

You recently inquired about the County's use of Microsoft products and the manner in which we license their software. We appreciate your interest in the County's technology plans. To provide a forum in which to discuss our technology direction and address any questions you may have, we will have Information Technology staff members available to meet with citizens at 8:30 am on Monday July 8th. The meeting location will be the County Administration Building at 301 W. Jefferson in Suite 420. Please RSVP your attendance so we can ensure that adequate facilities are available for the meeting.

Thank you for your inquiry,
Paul Allsing
Deputy CIO
Maricopa County
301 W Jefferson, Suite 420
Phoenix, AZ 85003"

Ah, but what about the first annoying family photographer? 7h3_B055 writes: "Contrary to this article on Slashdot claiming the first photograph was created in 1826, much evidence is pointing to the fact that the Shroud of Turin may have been an earlier example (substantially earlier) of photography using ingredients as basic as egg-white for treating cloth (the photopaper) and urine for developing it. The camera itself could have been a simple box with a hole in it and the exposure time would have been lengthy."

Of course, there are a lot of theories about the Shroud of Turin, and a google search is likely to intrigue you for days.

Revelation!

John Katz tosses salad.

AC FP

w00t! Fuck the clit!

Re:Penis?

*** Now talking in #.
*** Topic of #: It takes a village to raise a village idiot.
*** Set by WarDawg 3397 minutes ago
*** Users on #: @j'raxis @meerkat +mti @Nitride @Neurosis @Trintium +muscle +naz
*** End of /NAMES list.

Re:if i were a county office,

whta is that supposed to mean?

Not to be confused with.

[Photar]

Maricopa California. "Gateway to the sea."

Re:if i were a county office,

[G-funk]

Nothing makes me sadder and lose more hope for the future of society than stuff like this.

"Policing your children and invading their privacy for Dummies"

When will people realise that the way to help your child grow up safely is not to forbid things and sneak around in their personal communications? All you will achieve is a rebellious teenager who doesn't trust you. Teach them right and wrong, and teach them good and bad, and back up your teachings with sound reasons. They're probably going to go out and smoke pot a few times no matter what you do, so try and make it so they trust you and believe you when you say it's not always a good idea.

If you can't come up with a convincing reason ("because it's bad mkaay" / "because i told you so" don't count) for forbidding your child to do something, they'll do it just to see what all the fuss is.

</rant>

Disclosure ? WTF is that ?

-----Original Message-----
From: gcsb [mailto:gcsbnz@yahoo.com]
Sent: Tuesday, July 02, 2002 4:56 AM
To: bugtraq@securityfocus.com
Subject: XSS in Slashcode

There is a nasty Cross Site Scripting(XSS) vuln in
Slashcode. This was used a day or so go on
slashdot.org and resulted in most of the site being
taken down for an hour or so. The maintainers of
slashcode have patched the problem in CVS but have not
even mentioned it anywhere that I can find. This
leaves all sites using slash vulnerable to this
exploit.

An example exploit (incomplete) is as follows:

I am dissapointed that the slachcode maintainers have
silently fixed this on slashdot.org yet made no
mention of the problem elsewhere so that other sites
can patch themselves. No wonder there are so many
"trolls" on slashdot.org...ah well.

If you run a site using slashcode, get the latest CVS.

That is all. Move along.

Re:Great news for Linux!

Whoah... There's a NEW Mexico now!? What happened to the old one?

It was empty.

Slashdot Karma HOWTO by pwpbot

It is 10pm Do you know where your karma is Right Let us get startedIn order to get maximum karma from Slashdot posting you can follow a few simple guidelines The University you go to Regardless of where you actually study saying that youre at MIT automagically gains you 2 Slashdot like the glorified student notice board that it is has a special place in its heart for anything from MIT whether it be a teddy bear stuffed with a switch or some wankers wrapping a yellow banner with elvish text around the main dome Even if you didnt go to university qualify every comment with a My professor told me to bask in the warm fuzzy glow of 2 Insightful Linux The basis of the Slashdot Experience Claiming you run Linux also gets you 1 Interesting It doesnt really matter if youve never actually installed it or your Red Hat box still doesnt have PPP running after 2 years of reading FAQs The important bit is Youre part of the community You can bathe in the refelected glory of years of shoddy buggy code You are exempt from the Microsoft penalty see below as of course your Win 98 install is only used for playing games And reading Slashdot And using MS Word And Photoshop And Microsoft Slashbots and the editors hate Microsoft Period Use of a symbol in every iteration of their trademarks gets you a 4 Funny Even though it is far from original it still manages to raise a grin in those people reading Slashdot between episodes of Cowboy Bebop You will get a 1 Flamebait or Troll for any post even hinting that Microsoft products are any good useful intuitive user friendly You will also quickly be shot down with replies about how good GNOME and KDE are which will then in turn erupt into a flame war Freedom Privacy YRO The bread and butter of Slashdot It fits in sublimely with the whole Linux thing Youll get a 3 Informative for any post containing the Ben Franklin quote about sacrificing essential liberty It makes no difference that the quote is totally irrelevant in the modern world Hey youve got karma Miscredting the quote will not end up in a karma penalty as has been demonstrated countless times You will gain extra karma if you make reference to your experiences of being wiretapped by the NSA and throwing in a vague link to Echelon black helicopters or Tin Foil Hat Linux Include a link to the First Amendment for a 1 Interesting mod Give yourself a pat on the back if you manage to include some extra raging paranoia with no evidence to back it up Nice BSD If you use it dont mention it on Slashdot Most of the Linuxusing friendless wonders that inhabit Slashdot wouldnt know quality and stability if it strolled up and kicked them in the throat with a size 13 HiTec Magnum boot Any mention of how a Firewall running OpenBSD with pf is far superior to Linuxs pathetic offering will soon see you as 1 Troll Much like the post youre reading now Yearning for yesteryear Although most comments are written by first year wannabeCSguru students or links to goatsecx there is still the fallout dregs of the dot com boom lurking around slashdot You can get 5 Insightful for telling how you were so badly treated after the bubble burst Whining about the lack of jobs where you get paid to fire foam darts at colleagues is a good start Dont forget to mention how youve now been out of work for months It starts a Im about to graduate and theres nothing going fuckfest which can spill over into hundreds of comments Although all the staff who were any good simply got hired into another company it makes Good Karma Senseto hide the fact that your passing familiarity with Perl and C simply cant get you a job This is also a prime opportunity to show your egregious personality as Slashdot rewards arrogance and elitism DONT FORGET TO MOD ME DOWN

-pwpbot