Cody Taylor

FormOfActionBanana writes “The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results. According to the blog entry, ‘This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management.’ Of particular interest, Professor Ron Rivest’s (the “R” in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schneier’s Skein, also previously Slashdotted, came through defect-free.”

Read more of this story at Slashdot.

pcardno writes “It seems it’s not just Microsoft that have spotted a good opportunity to distribute their software through Firefox Addons. On installing the latest annoying, sysbar bubble based Java update, my Firefox informed me that I had a wonderful new Java addon automatically. Here’s the addon screenshot. Yes, I could opt out of it, but why are Sun installing Addons to my Firefox without me making specific choices in the application itself? To be clear — I have never chosen to install this Addon, yet it has been installed without my permission with the latest Java Update.”

Read more of this story at Slashdot.

lwbrown writes with this excerpt from Government Computer News about a concept being explored at Oak Ridge National Laboratory: “UNTAME is the product of a long-term program by the division’s Cyber Security and Information Intelligence Research Group to develop futuristic security functionality for increasingly large, complex environments. The cybots differ from traditional software agents in that they form a collective and are aware of the condition and activities of other cybots in the collective. ‘You give it a mission and tools to work with, such as mobility and intrusion sensors, and it uses those tools and cooperates with other cybots to accomplish the mission,” said Lawrence MacIntyre, one of the project’s developers.'”

Read more of this story at Slashdot.

If you are an aspiring Graphic designer you should be already familiar with blender by now, but if you are thinking about being a game developer or a graphic designer you should know that Blender is not only the best free and open source choice but also rivals all commercial 3d applications out there.

Drupal developers are abuzz with the realization that the White House’s new Recovery.gov site was built using the free and open-source content management platform Drupal. Pre-Recovery.gov, the perhaps highest-profile use of Drupal had been the Onion website. But that’s not the only reason that Drupal fans are excited.

Google has put out a casting call for developers to show off their Google-based apps.

mir writes “It looks like if you use CPAN to install modules, Apple’s latest security update might just have broken your Perl. According to Tatsuhiko Miyagawa ‘The Security Update brings (old) IO.bundle with version 1.22 but your IO.pm has been updated to the latest 1.23 on CPAN shell. (But hey, 1.23 was released in 2006…Why do you bring that ancient version back, Apple!?)’.”

Read more of this story at Slashdot.

cemaco writes in with news that TelTech, developers of the infamous SpoofCard service, have come out with something even more controversial: a set of services for revealing blocked caller ID numbers. The services take advantage of a loophole in the way caller ID blocking works — it has never been effective when calling an 800 number, because the recipient is paying for the call. So TelTech instructs you how to forward blocked calls (transparently) to their 800 number; the call comes back to your phone in seconds with the formerly hidden caller ID revealed. Advocacy groups for victims of domestic violence are concerned. Victims of annoying calls hiding behind caller ID blocking are rejoicing.

Read more of this story at Slashdot.