Changing Other People's Flight Bookings Is Too Easy

“The security of online travel booking systems are stuck in the 1990s, according to security researchers,” reports Computerworld. An anonymous reader quotes their article, which argues that the ancient systems are also “woefully insecure”:
This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem… They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.

The three major Global Distribution Systems operators…store Passenger Name Records for hundreds of millions of travelers at any given time. Any data added or modification made to a booking is stored in their systems and all that’s required to access that information is typically a last name and a six-character booking code. There are multiple access points into these systems and this includes the websites operated by airlines and travel agencies, but also third-party websites like CheckMyTrip… The booking code itself is far from secret. It’s printed on luggage tags that most people throw away after each flight — even if their entire trip has not concluded yet — and is also embedded in the QR codes printed on tickets that an alarmingly large number of travellers photograph and post on social media websites, the researchers said.

Read more of this story at Slashdot.

Creepy Site Claims To Reveal Torrenting Histories

Slashdot reader dryriver writes: The highly invasive and possibly Russian owned and operated website IKnowWhatYouDownload.com immediately shows [a] bittorent download history for your IP address when you land on it. What’s more, it also [claims to] show the torrenting history of any specific IP address you enter, and also of IP addresses similar to yours, so you can see what others near you — perhaps the nice neighbours in the house next door — have downloaded when they thought nobody was looking…
There is also a nasty little “Track Downloads” feature that lets you send a “trick URL” to somebody else. When they click on the URL — thinking its something cool on Facebook, Twitter or the general internet — THEY see what they URL promised, but YOU get sent their entire torrenting history, including anything embarrassing or otherwise compromising content they may have downloaded in private… The website appears to offer an API, customized download reports and more to interested parties in the hopes of generating big cash from making other people’s torrenting activities public.
It’s not clear whether this site is really revealing the information it claims to — or whether it can filter out the fake IP addresses provided by many downloaders. But putting that aside, it does raise an important question. Is it technologically possible to build a site that tracks and reveals torrenting histories based on IP addresses?

Read more of this story at Slashdot.

Let's Raise A Glass To The Many Tech Pioneers Who Died In 2016

In technology, you’re always “standing on the shoulders” of those who came before you — and together, each individual’s contribution becomes part of a larger ongoing story. So as this year finally winds to a close, click through to see our list of some of the pioneers who left us in 2016. And feel free to share any memories and reflections of your own in the comments.

Read more of this story at Slashdot.

Google and Facebook Dominate The List of 2016's Top Ten Apps

After surveying over 9,000 Android and iPhone users, Nielsen’s “Electronic Mobile Measurement” has calculated the 10 most popular apps of 2016. Interestingly, the #1 and #2 most popular apps of the year were Facebook and Facebook Messenger.

BrianFagioli writes: Facebook holds the first, second, and eighth spots — remember, the company owns Instagram too. Google has the most number of spots in the top 10, with three, four, five, six, and seven [YouTube, Google Maps, Google Search, Google Play, and Gmail]. Rounding out the bottom of the list is Apple [for Apple Music] and Amazon. Google Play is sort of a weird inclusion, however, as it is the app which downloads other apps — it probably should have been excluded. Amazon saw insane growth, seeing a massive 43 percent year-over-year gain. Instagram comes in at second place with 36 percent. Facebook Messenger scores the third spot. The biggest surprise is that Apple Music is the top streaming music app, beating apps like Pandora and Spotify…because other music apps had huge head-starts.

Read more of this story at Slashdot.

Can Learning Smalltalk Make You A Better Programmer?

Slashdot reader horrido shares an article that “has done more for Smalltalk advocacy than any other article in memory.” It was the second-most popular article of the year on the Hewlett Packard Enterprise site TechBeacon (recently passing 20,000 views), with Richard Eng, the founder of the nonprofit Smalltalk Renaissance, arguing that the 44-year-old language is much more than a tool for teachers — and not just because Amber Smalltalk transpiles to JavaScript for front-end web programming.
It’s a superlative prototyping language for startups. It’s an industrial-strength enterprise language used by businesses both big and small all around the globe… Smalltalk’s implementation of the object-oriented paradigm is so excellent that it has influenced an entire generation of OO languages, such as Objective-C, Python, Ruby, CLOS, PHP 5, Perl 6, Erlang, Groovy, Scala, Dart, Swift, and so on. By learning Smalltalk, you’ll understand how all of those useful features in today’s OO languages came to be.
The article also argues that Smalltalk pioneered just-in-time compilation and virtual machines, the model-view-controller design paradigm, and to a large extent, even test-driven development. But most importantly, Smalltalk’s reliance on domain-specific languages makes it “the ‘purest’ OO, and one of the earliest… It is often said that programming in Smalltalk or Python is rather like Zen; your mind just flows effortlessly with the task. This is the beauty and value of language simplicity, and Smalltalk has this in spades… Smalltalk, by virtue of its object purity and consistency, will give you a profoundly better understanding of object-oriented programming and how to use it to its best effect.”

Read more of this story at Slashdot.

Slashdot's 10 Most-Visited Stories of 2016

Slashdot’s most-visited story of the year was “Microsoft Live Account Credentials Leaking From Windows 8 And Above,” which was visited more than 330,910 times since we published it August 16. And our second and third most popular stories came in the spring — Apple Is Fighting A Secret War To Keep You From Repairing Your Phone and Google Chrome To Disallow Backspace As a ‘Back’ Button. Click through for a complete list of Slashdot’s 10 most-visited stories of 2016.

Read more of this story at Slashdot.