The US National Institute for Standards and Technology is updating its
Digital Authentication Guideline
Responding to recent cases where SMS-based two-factor authentication
systems were hijacked to rack up charges on premium-rate phone numbers,
it is now saying that sending a text message is no longer good enough.
At least the service sending the messages needs to be sure they are
going to a real mobile phone.
Interestingly, it is posting review documents on GitHub, as an addition
to the usual publication channels.
I'm the holder of the WLUG library but as you're aware I haven't brought
it along the meeting much.
Would anyone care to be the caretaker of it for a while? I can bring it
along to next Monday's meeting.
Fernando Perez, one of the key developers behind Project Jupyter, has
posted a link to a long, detailed report on the workings of Open Source
If you don’t have time to read the whole thing, there is also an
“executive summary” in the form of a series of Twitter postings.
Summary summary: getting companies to fund Open-Source projects, even
ones that they might depend crucially on, is often a matter of luck.
'Canonical announced on Friday that Ubuntu forums have been hacked.
The company adds that data such as IP address, username, and email
address of over two million users have been compromised. BetaNews
Keep in mind, this does not mean that the operating system has
experienced a vulnerability or weakness. The only thing affected are
the online forums that people use to discuss the OS. Still, such a
hack is embarrassing as it happened due to Canonical's failure to
install a patch.
In a blog post, Jane Silber, Chief Executive Officer, Canonical said,
"after some initial investigation, we were able to confirm there had
been an exposure of data and shut down the Forums as a precautionary
measure. Deeper investigation revealed that there was a known SQL
injection vulnerability in the Forumrunner add-on in the Forums which
had not yet been patched."'
-- source: https://it.slashdot.org/story/16/07/15/1533236
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
from the very end of the article posted:
"It seems the argument came down to licensing rules, because an idea of
moving Nano to Github was incompatible with the GNU license."
Can someone please explain this statement to me? I am completely out of the
loop in understanding this.
You may have heard of the ongoing case where the US FBI is demanding
Microsoft turn over data held on servers in Ireland. The US Government
is claiming that, because the Irish operation is under the control of
Microsoft’s headquarters in the US, that it falls under US jurisdiction
and so the company can be compelled to turn over the data with nothing
more than a warrant issued by a US court.
The appeals court has disagreed
The peculiar thing is, there are already international arrangements
under which the US can ask the Irish Government to request one of their
courts to order the surrender of the data. But they don’t seem to want
to do that.