Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.
Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.
Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and learn more about it. Thanks for reading, and for making the site better!
tdalek hasn't commented recently.
Sniffing browser history for awareness & art
tdalek (990756) writes "web2.0collage.com uses browser history sniffing to determine what websites you visit and then creates a collage of them. While the collage is kind of nifty, it also graphically illustrates just how easy it is for people to sniff your browser history. Before you get too worried, it uses a white-list of SFW sites, so the collage will (probably) be appropriate (unless you don't want your colleagues knowing about your slashdot habits). However, just because these people play nice is no guarantee that everyone else will. Other potential benign applications including customizing bookmark-lets, but the less than benign (say advertising or even hr site) implications or troublesome. An interesting application of potentially scary technology. For slashdotters not interested in warnings or explanations, you can jump straight to the browser history sniffing"
Security flaw in Yahoo mail exposes auth info
tdalek (990756) writes "After patching its plaintext authentication gaffe, Yahoo! Zimbra Desktop has fumbled the security and privacy ball once again. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
Tapping the iPhone, brought to you by Yahoo!
tdalek (990756) writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more that other Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead."
Canadians get behind the OpenMoko/FreeRunner
mario (990756) writes "Now that the OpenMoko platform has stabilized enough to provide the OM2008 image (supporting the three major toolkits), things are starting to heat up.Linuxdevices is reporting on the start of a port of Devicescape's connect application.Koolu (another Canadian company) is also doing development for it's W.E. phone (a branded FreeRunner). Which leads me to ask, where are the American companies?"
Gmail reveals the name of all users
ihatespam writes "Have you ever wanted to know the name of email@example.com? Now you can! (its "smart ass" btw) The catch however is, that through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account your self. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
tdalek (990756) writes "Today a new source code search engine, All The Code launched with a substantially different take on source code search engine than previous companies. Traditional source code search engines have relied solely on the code within a file, however this new engine looks at how code is used to help determine the relevance of source code. Presently All The Code only supports the java language, but its still quite interesting to see how this technology works."
tdalek has no journal entries.