If, as the summary and the ZDNet article states*, the school administration asked for her password, they may have engaged in tortious interference -- interfering with a contract between two other parties (the teacher and Facebook).
You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
* (According to an earlier comment, that is not true, the administration asked only to view her pages.)
If you use a VPN, you should be protected from "local" man-in-the-middle (MITM) attacks. By "local", I mean between your computer and the VPN server. A VPN doesn't protect you from a MITM attack between the VPN server and the webserver you are connecting to. But it does protect you to the VPN server if you are at an Internet cafe, hotel, or other untrusted network.
At least that's true for most VPNs that use software based on OpenVPN, which uses OpenSSL for encryption. A copy of an email from James Yonan was recently posted to the OpenVPN User's list. Bottom line of the email: OpenVPN uses OpenSSL for encryption, and OpenSSL has been patched since 2002 for the vulnerability which most people think is exploited by BEAST. As long as your VPN software uses a patched version of OpenSSL you should be covered, at least for the "local" MITM attack.
For example, VPNs based on Tunnelblick, a free and open source GUI for OpenVPN on Mac OS X is not vulnerable.
Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for general information about the company's domain.
If this were changed the problem would be considerably mitigated: foof.google.com would be compromised, but www.google.com wouldn't.
From Paul Vixie's response: "Tom Cross of ISS-XForce correctly pointed out that if your recursive nameserver is behind most forms of NAT/PAT device, the patch won't do you any good since your port numbers will be rewritten on the way out, often using some pretty nonrandom looking substitute port numbers."
Does this mean that a typical small-business setup isn't protected by the patch?
For example, a server which provides recursive DNS and which connects to the Internet by a "cable" modem.
The authors are (apparently, there are no biographies in the paper) computer scientists, not economists.
From the abstract:
This paper presents four alternative economic models for many-core computing. The proposed models recognize that when a many-core chip is bought, the customer may often wish to pay for less number of cores than what is present
on a chip.
This assumes that chips are not a commodity. Commodity prices are usually determined by the cost to the seller. (Non-commodity prices are usually determined by the value to the buyer.)
That's not to say supply/demand don't determine prices -- they do. But the supply of a commodity goes up, driving the price down towards the lowest-cost producer.
Caveat: IANAL, BANAY (I am not a lawyer, but apparently neither are you.)
There seems to be a lot of confusion about the GPL, even among people who like it a lot. The simplicity of the MIT license makes it a no-brainer.
The purpose of the GPL is to ensure that enhancements to a program are freely available. The MIT license doesn't do that. Public domain is even simpler than the MIT license, so is it even more of a no-brainer?
Also, there is some question as to whether or not the GPL is a contract or not. There is the possibility that someone could "take back' the license. As there is no apparent consideration (e.g. you didn't pay for the license, did you?), a court might say, OK, he took it back. There was no contract.
That sort of ambiguity, until put to rest, causes trouble for some.
Consideration does not need to be monetary. I let you use this code -- that's consideration. You provide me and my designees -- everyone -- with any modifications to the code -- that's consideration, too.
SCO has rights to the code IBM claims a copyright in not because of the GPL, but because of another agreement between the two companies. This is part of SCO's original lawsuit against IBM, which is unresolved. (It's the "all your code are belong to us" part of the original lawsuit.)
SCO has rights to distribute the code under the GPL because one or more parts of the GPL are invalid and thus void. Either the part of the GPL which revokes rights under the GPL, or the part of the GPL which describes what constitutes a breach of the GPL could be attacked. If one of these parts were voided, the "eviscerated" GPL would allow copying.
From DSP
Vol. 2, No. 1 - March 2004 by Alex E. Bell, The Boeing Company Self-diagnosis and early treatment are crucial in the fight against UML Fever.
UML
A potentially deadly illness, clinically referred to as UML (Unified Modeling Language) fever, is plaguing many software-engineering efforts today. This fever has many different strains that vary in levels of lethality and contagion. A number of these strains are symptomatically related, however. Rigorous laboratory analysis has revealed that each is unique in origin and makeup. A particularly insidious characteristic of UML fever, common to most of its assorted strains, is the difficulty individuals and organizations have in self-diagnosing the affliction. A consequence is that many cases of the fever go untreated and often evolve into more complex and lethal strains.
Little has been published in medical annals on UML fever because it has only recently emerged as an affliction. The New England Journal of Medicine has been silent on the disease, as has research produced by the world's most prestigious medical institutions. The content of this article represents many years of on-the-job research and characterizes all known strains of UML fever, as well as many of the known relationships recognized to exist between them. The article will conclude with disclosure of the only known antidote for the many and varied strains of UML fever.
Before commencing with the characterization of UML fever and its associated symptoms, it is important to emphasize that UML itself is not the direct cause of any maladies described herein. Instead, UML is largely an innocent victim caught in the midst of poor process, no process, or sheer incompetence of its users. Through no fault of its own, however, UML sometimes does amplify the symptoms of some fevers as the result of the often divine-like aura attached to it. For example, it is not uncommon for people to believe that no matter what task they may be engaged in, mere usage of UML somehow legitimizes their efforts or guarantees the value of the artifacts produced.
This article exploits the fact that the presence and associated severity of many software-related maladies on a program can often be observed and measured in terms of UML: too much, too detailed, and too functional, for example. Some readers may be quick to suggest that the same exploitation could be made regardless of a program's selected modeling approach. There may be some truth here, but no other technology has so quickly and deeply permeated the software-engineering life cycle quite like UML.
The Metafevers
Extensive research has shown that UML fever can be categorized into four well-defined groups, known as metafevers. Their common laboratory names are delusional, emotional, Pollyanna (a person regarded as being foolishly or blindly optimistic), and procedural (see figure 1). Each of these metafevers is described in the following sections, as are the strains associated with them. Although much more is known about each of the strains than written, the objective of this particular article is to describe them to the extent that they are characterized and distinguishable from the others.
Delusional Metafever.The delusional metafever comprises UML fever strains that are considered by many to be among the most deadly. This metafever is best known by its devastating effects on the thought and judgment processes of otherwise healthy managers and engineers. It is very common for the fevers in the delusional category to damage the human immune system to such an extent that the body becomes susceptible to many other UML fever strains (see figure 2).
Utopia fever.Subjects afflicted with utopia fever typically believe that UML is a radical new technology with almost divine origins. Mutterings such as, "How did we get where we are today without UML?" and "Just think how much more advanced our technological revolution would be if we only had UML 20 years ago?" are common amo
Our Constitution in the U.S. prevents Congress from making any law infringing on our natural freedom of speech. To me, P2P is communication, which is speech. Therefore, the federal government has no mandate to restrict it.
Wrong. If P2P is speech, it means the federal government may not restrict it.
Our 9th and 10th amendments to the Constitution allows the State and/or the People to cover anything the federal government can not.
Wrong. State governments may not enact laws which violate people's rights under the federal constitution.
Should California desire to restrict P2P, it should be able to. If you disagree with California's take on this restriction, you can move to Arizona or Delaware, or another state that doesn't have such a restriction.
Adobe Acrobat Reader... can be extended using the XML Forms Data Format or XFDF... XFDF files... are rendered automatically on downloaded [sic] when using applications such as Internet Explorer... When parsing an XFDF document the Adobe Reader suffers from a classic stack based buffer overflow vulnerability... On contacting Adobe, they confirmed that the current version is no longer vulnerable and NGSSoftware urgently advises users of Adobe Reader to upgrade.
You misread the article in two critical respects that negate your criticisms. (At least you apparently did read the article, or at least skimmed it, which is unusual for Slashdot!)
(1) It consists of two pieces (look at the photo), one that attaches to the laptop (like the LoJack in your car), and one that you carry around (like your LoJack keychain). So when you walk away with the "keychain" in your pocket, the protection turns on automatically. Just like your LoJack.
(2) The protection is active only when the "keychain" is more than 15 feet away, not when it is fewer than 15 feet away! When you're working on the computer, the keychain is fewer than 15 feet away from the computer (assuming you keep it in a pocket) and the alarm is disarmed. When you walk away from the computer - more than 15 feet away - that's when the alarm is armed.
because it is so absurd that it's another illustration of what's wrong with the DMCA. I hope the Electronic Frontier Foundation steps up to defend this researcher.
If your ISP won't block it, it's simple to (partially) disable Verisign's power grab on "firewall" Cable/DSL routers, often used on home and small office networks.
On a Linksys BEFSX41, for example, just put "sitefinder.verisign.com" in the "Blocked URL Contents" section of the router's "Firewall" configuration page.
If you mistype a URL (I use the term loosly) Mozilla will put up an alert box: "The document contains no data". Internet Explorer brings up a "The page cannot be displayed" page.
Caveats: (1) many routers don't have this "firewall" feature; (2) this works only for clients downstream from the router. It won't help your ISP bounce spam from "loser@verisignisdoingbadthingstotheinternet.com".
The point of the article is that SCO asserts in their media appearances, press releases, and most importantly, their court filings, that (1) UNIX is a single operating system, (2) all based on the AT&T code, (3) SCO own the AT&T code
The artice demonstrates, that (1) and (2) are false, and SCO must know that.
Yes, that's the point of the article. So what?
The point of the lawsuit isn't about what SCO calls UNIX(R). That SCO's PR, or even their filings with the court or SEC, uses the term UNIX(R) incorrectly is slightly amusing, but irrelevant.
The point of the lawsuit is that SCO claims that
SCO owns copyrights to some code, transferred to it by some contract(s), which are not public, so we know nothing about them;
SCO has licensed IBM to use that code for certain purposes by some contract, which is not public, so we know nothing about it;
SCO's license to IBM gives SCO certain rights to some or all code created by IBM in some way related to the SCO code licensed to IBM by SCO, all under a contract (wait for it...) which is not public, so we know nothing about it;
Some code was created by IBM subject to this contract and SCO therefore has certain rights to that code;
That code was disclosed by IBM in violation of a contract (which is not public, so we don't know what was in it).
SCO offers as proof of the final assertion a further assertion that a portion or portions of the code shows up in Linux.
If you look at the actual specs, and the fact that the enclosure provides "Real-time... Encryption/ Decryption" all this enclosure does is to encrypt the data going out, and decrypt traffic coming in. The data on the actual hard drive does not seem to be encrypted. This enclosure is not going to stop anyone who bothers to actually open the case, remove the hard drive and put in their own enclosure/install it in their own computers. Nobody in their right mind should use this case, unless potential data thieves are going to nicely agree to keep the hard drive in its pretty enclosure, or the manufacturer adds a lock to the case.
Slashdot Mirror
The Facebook Facebook terms of use, section 4.8) says
* (According to an earlier comment, that is not true, the administration asked only to view her pages.)
If you use a VPN, you should be protected from "local" man-in-the-middle (MITM) attacks. By "local", I mean between your computer and the VPN server. A VPN doesn't protect you from a MITM attack between the VPN server and the webserver you are connecting to. But it does protect you to the VPN server if you are at an Internet cafe, hotel, or other untrusted network.
At least that's true for most VPNs that use software based on OpenVPN, which uses OpenSSL for encryption. A copy of an email from James Yonan was recently posted to the OpenVPN User's list. Bottom line of the email: OpenVPN uses OpenSSL for encryption, and OpenSSL has been patched since 2002 for the vulnerability which most people think is exploited by BEAST. As long as your VPN software uses a patched version of OpenSSL you should be covered, at least for the "local" MITM attack.
For example, VPNs based on Tunnelblick, a free and open source GUI for OpenVPN on Mac OS X is not vulnerable.
Cyclomatic complexity? http://en.wikipedia.org/wiki/Cyclomatic_complexity
If this were changed the problem would be considerably mitigated: foof.google.com would be compromised, but www.google.com wouldn't.
So why not do this?
Oops! I meant cable router, not cable modem
From Paul Vixie's response: "Tom Cross of ISS-XForce correctly pointed out that if your recursive nameserver is behind most forms of NAT/PAT device, the patch won't do you any good since your port numbers will be rewritten on the way out, often using some pretty nonrandom looking substitute port numbers."
Does this mean that a typical small-business setup isn't protected by the patch?
For example, a server which provides recursive DNS and which connects to the Internet by a "cable" modem.
This assumes that chips are not a commodity. Commodity prices are usually determined by the cost to the seller. (Non-commodity prices are usually determined by the value to the buyer.)
That's not to say supply/demand don't determine prices -- they do. But the supply of a commodity goes up, driving the price down towards the lowest-cost producer.
(Alaska became the 49th state on January 3, 1959, according to http://xroads.virginia.edu/~CAP/BARTLETT/49state.
Death by UML Fever
From DSP
Vol. 2, No. 1 - March 2004
by Alex E. Bell, The Boeing Company
Self-diagnosis and early treatment are crucial in the fight against UML Fever.
UML
A potentially deadly illness, clinically referred to as UML (Unified Modeling Language) fever, is plaguing many software-engineering efforts today. This fever has many different strains that vary in levels of lethality and contagion. A number of these strains are symptomatically related, however. Rigorous laboratory analysis has revealed that each is unique in origin and makeup. A particularly insidious characteristic of UML fever, common to most of its assorted strains, is the difficulty individuals and organizations have in self-diagnosing the affliction. A consequence is that many cases of the fever go untreated and often evolve into more complex and lethal strains.
Little has been published in medical annals on UML fever because it has only recently emerged as an affliction. The New England Journal of Medicine has been silent on the disease, as has research produced by the world's most prestigious medical institutions. The content of this article represents many years of on-the-job research and characterizes all known strains of UML fever, as well as many of the known relationships recognized to exist between them. The article will conclude with disclosure of the only known antidote for the many and varied strains of UML fever.
Before commencing with the characterization of UML fever and its associated symptoms, it is important to emphasize that UML itself is not the direct cause of any maladies described herein. Instead, UML is largely an innocent victim caught in the midst of poor process, no process, or sheer incompetence of its users. Through no fault of its own, however, UML sometimes does amplify the symptoms of some fevers as the result of the often divine-like aura attached to it. For example, it is not uncommon for people to believe that no matter what task they may be engaged in, mere usage of UML somehow legitimizes their efforts or guarantees the value of the artifacts produced.
This article exploits the fact that the presence and associated severity of many software-related maladies on a program can often be observed and measured in terms of UML: too much, too detailed, and too functional, for example. Some readers may be quick to suggest that the same exploitation could be made regardless of a program's selected modeling approach. There may be some truth here, but no other technology has so quickly and deeply permeated the software-engineering life cycle quite like UML.
The Metafevers
Extensive research has shown that UML fever can be categorized into four well-defined groups, known as metafevers. Their common laboratory names are delusional, emotional, Pollyanna (a person regarded as being foolishly or blindly optimistic), and procedural (see figure 1). Each of these metafevers is described in the following sections, as are the strains associated with them. Although much more is known about each of the strains than written, the objective of this particular article is to describe them to the extent that they are characterized and distinguishable from the others.
Delusional Metafever.The delusional metafever comprises UML fever strains that are considered by many to be among the most deadly. This metafever is best known by its devastating effects on the thought and judgment processes of otherwise healthy managers and engineers. It is very common for the fevers in the delusional category to damage the human immune system to such an extent that the body becomes susceptible to many other UML fever strains (see figure 2).
Utopia fever.Subjects afflicted with utopia fever typically believe that UML is a radical new technology with almost divine origins. Mutterings such as, "How did we get where we are today without UML?" and "Just think how much more advanced our technological revolution would be if we only had UML 20 years ago?" are common amo
Wrong. State governments may not enact laws which violate people's rights under the federal constitution.
Wrong. See above.
According to an NGSSoftware Insight Security Research Advisory posted to NTBugtraq on Wednesday:
No.
You misread the article in two critical respects that negate your criticisms. (At least you apparently did read the article, or at least skimmed it, which is unusual for Slashdot!)
(1) It consists of two pieces (look at the photo), one that attaches to the laptop (like the LoJack in your car), and one that you carry around (like your LoJack keychain). So when you walk away with the "keychain" in your pocket, the protection turns on automatically. Just like your LoJack.
(2) The protection is active only when the "keychain" is more than 15 feet away, not when it is fewer than 15 feet away! When you're working on the computer, the keychain is fewer than 15 feet away from the computer (assuming you keep it in a pocket) and the alarm is disarmed. When you walk away from the computer - more than 15 feet away - that's when the alarm is armed.
because it is so absurd that it's another illustration of what's wrong with the DMCA. I hope the Electronic Frontier Foundation steps up to defend this researcher.
In the last two years or so I've installed Basic ZoneAlarm (free as in beer) on more than a dozen computers and had zero problems.
This is on a mix of Win98, Win2K, and WinXP small office, home, and home-with-teenagers- downloading-and-installing-all-sorts-of-junk computers.
If your ISP won't block it, it's simple to (partially) disable Verisign's power grab on "firewall" Cable/DSL routers, often used on home and small office networks.
.
On a Linksys BEFSX41, for example, just put "sitefinder.verisign.com" in the "Blocked URL Contents" section of the router's "Firewall" configuration page.
If you mistype a URL (I use the term loosly) Mozilla will put up an alert box: "The document contains no data". Internet Explorer brings up a "The page cannot be displayed" page.
Caveats: (1) many routers don't have this "firewall" feature; (2) this works only for clients downstream from the router. It won't help your ISP bounce spam from "loser@verisignisdoingbadthingstotheinternet.com"
The point of the lawsuit isn't about what SCO calls UNIX(R). That SCO's PR, or even their filings with the court or SEC, uses the term UNIX(R) incorrectly is slightly amusing, but irrelevant.
The point of the lawsuit is that SCO claims that
- SCO owns copyrights to some code, transferred to it by some contract(s), which are not public, so we know nothing about them;
- SCO has licensed IBM to use that code for certain purposes by some contract, which is not public, so we know nothing about it;
- SCO's license to IBM gives SCO certain rights to some or all code created by IBM in some way related to the SCO code licensed to IBM by SCO, all under a contract (wait for it...) which is not public, so we know nothing about it;
- Some code was created by IBM subject to this contract and SCO therefore has certain rights to that code;
- That code was disclosed by IBM in violation of a contract (which is not public, so we don't know what was in it).
SCO offers as proof of the final assertion a further assertion that a portion or portions of the code shows up in Linux.The article sheds no new light on this.
There's nothing going on here, people. Move on.
If you look at the actual specs, and the fact that the enclosure provides "Real-time... Encryption/ Decryption" all this enclosure does is to encrypt the data going out, and decrypt traffic coming in. The data on the actual hard drive does not seem to be encrypted. This enclosure is not going to stop anyone who bothers to actually open the case, remove the hard drive and put in their own enclosure/install it in their own computers. Nobody in their right mind should use this case, unless potential data thieves are going to nicely agree to keep the hard drive in its pretty enclosure, or the manufacturer adds a lock to the case.