Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Submission + - Lack of CSPRNG in WordPress Threatens Millions of Sites

Submitted by Trailrunner7
Trailrunner7 writes: WordPress has become a huge target for attackers and vulnerability researchers, and with good reason. The software runs a large fraction of the sites on the Internet and serious vulnerabilities in the platform have not been hard to come by lately. But there’s now a bug that’s been disclosed in all versions of WordPress that may allow an attacker to take over vulnerable sites.

The issue lies in the fact that WordPress doesn’t contain a cryptographically secure pseudorandom number generator. A researcher named Scott Arciszewski made the WordPress maintainers aware of the problem nearly eight months ago and said that he has had very little response.

The consequences of an attack on the bug would be that the attacker might be able to predict the token used to generate a new password for a user’s account and thus take over the account. Arciszewski has developed a patch for the problem and published it, but it has not been integrated into WordPress. He said he has had almost no communication from the WordPress maintainers about the vulnerability, save for one tweet from a lead developer that was later deleted.

Arciszewski said he has not developed an exploit for the issue but said that an attacker would need to be able to predict the next RNG seed in order to exploit it.

“There is a rule in security: attacks only get better, never worse. If this is not attackable today, there is no guarantee this will hold true in 5 or 10 years. Using /dev/urandom (which is what my proposed patch tries to do, although Stefan Esser has highlighted some flaws that would require a 4th version before it’s acceptable for merging) is a serious gain over a userland RNG,” he said by email.

Submission + - Five Years After The Sun Merger, Oracle Says It's Fully Committed To SPARC (itworld.com)

Submitted by jfruh
jfruh writes: Sun Microsystems vanished into Oracle's maw five years ago this month, and you could be forgiven for thinking that some iconic Sun products, like SPARC chips, had been cast aside in the merger. But Oracle claims that the SPARC roadmap is moving forward more quickly than it did under Sun, and while the number of SPARC systems sold has dropped dramatically (from 66,000 in Q1 '03 to 7,000 in Q1 '14), the systems that are being sold are fully customized and much more profitable for the company.

Submission + - Q: Empirical study on how C devs use goto in practice? A: Not harmfully. (peerj.com)

Submitted by Mei Nagappan
Mei Nagappan writes: By qualitatively and quantitatively analyzing a statistically valid random sample from almost 2 million C files and 11K+ projects, we find that developers limit themselves to using goto appropriately in most cases, and not in an unrestricted manner like Dijkstra feared, thus suggesting that goto does not appear to be harmful in practice.

Submission + - Programming with computers

Submitted by Whiteox
Whiteox writes: After a 25 year break from programming on MS DOS and Apple machines, I've decided to take it up again as a hobby for fun (and maybe profit). I had a knowledge of BASIC and macro-assembly compilers. When I dug up my old documentation, most of it was eaten by mice, water damaged — basically unusable. Years ago I tried to convert a compiled basic program to visual basic with disastrous results, so I realize that I need to retrain.
I'm not sure if *nix O/S is more suitable than WinX as a platform of choice either. Whichever way I go, I'll need good support from books and the programming community.
I'm looking for a language that has a short learning curve, good documentation and would lead me towards command and control.
What language/direction should I take?

Submission + - Driving Force Behind Alkali Metal Explosions Discovered (nature.com) 1

Submitted by Kunedog
Kunedog writes: Years ago, Dr. Philip E. Mason (aka Thunderf00t on Youtube) found it puzzling that the supposedly "well-understood" explosive reaction of a lump of sodium (an alkali metal) dropped in water could happen at all, given such a limited contact area on which the reaction could take place. And indeed, sometimes an explosion did fail to reliably occur, the lump of metal instead fizzing around the water's surface on a pocket of hydrogen produced by the (slower than explosive) reaction, thus inhibiting any faster reaction of the alkali metal with the water. Mason's best hypothesis was that the (sometimes) explosive reactions must be triggered by a Coulomb explosion, which could result when sodium cations (positive ions) are produced from the reaction and expel each other further into the water.

This theory is now supported by photographic and mathematical evidence, published in the journal Nature Chemistry. In a laboratory at Braunschweig University of Technology in Germany, Mason and other chemists used a high-speed camera to capture the critical moment that makes an explosion inevitable: a liquid drop of sodium-potassium alloy shooting spikes into the water, dramatically increasing the reactive interface. They also developed a computer simulation to model this event, showing it is best explained by a Coulomb explosion.

The Youtube video chronicles the evolution the experimental apparatuses underwent over time, pursuant to keeping the explosions safe, contained, reliable, and visible.

Submission + - Samsung Smart TVs forcing ads into video streaming apps (cnet.com) 1

Submitted by mpicpp
mpicpp writes: Just days after its TV voice recognition software came under fire for invading privacy, Samsung users are reporting unwanted Pepsi ads appearing while they watch their Smart TVs.

Reports are emerging that Samsung smart TVs have begun inserting short advertisements directly into video streaming apps, with no influence from the third-party app providers.

The news comes just days after Samsung made headlines for another incursion into user's lounge rooms, when it was revealed that its TV voice recognition software is capable of capturing personal information and transmitting it to third parties. The issue was discovered in the fine print of Samsung's voice recognition privacy policy, but the company says it has since changed the policy to "better explain what actually occurs" during this voice capture process.

The latest complaints directed at the South Korean electronics giant relate to a Pepsi advertisement that has reportedly started to appear during content streamed through Smart TV apps from personal media libraries and video streaming services.

The issue has been reported on the Plex streaming service — a brand of media player that allows users to stream their own video from a personal library or hard drive and push it to a smart TV.

One Plex user took to the company's customer forum to complain about the constant intrusion of ads on his Samsung TV.

"I have recently upgraded my Plex Media Server to version 0.9.1101 and every 10-15 minutes whilst watching content on my Samsung TV I get a Pepsi advertisement showing!" user Mike wrote. "At first I thought I was seeing things but no it repeats. Sometimes I can get out of it and go back to my media, others it hangs the app and the TV restarts."

Submission + - NASA confirms results for 'impossible' space drive that uses no rocket fuel (examiner.com) 1

Submitted by MarkWhittington
MarkWhittington writes: Last August, NASA’s Eagleworks, an advanced space propulsion lab located at the Johnson Spaceflight Center south of Houston, created a great deal of excitement when it announced that it had tested a prototype of something called a Cannae Drive. Using microwaves, the device seemed to exert a minute but measurable degree of thrust when mounted on a pendulum in a vacuum chamber. NextBigFuture provided an update on the experiments on an engine that uses no fuel and seems to violate Newtonian physics.

In essence, the team at Eagleworks has been able to replicate the results of the original experiment, exerting a thrust in the area of 50 micro-Newtons. The team has been hampered by a lack of funding to fight through equipment failures. Nevertheless, they are working, very slowly, to scale up the thrust to 100 micro-Newtons. At that point, they intend to take the device to the Glenn Research Center for another replication effort.
Science

The Search For Neutrons That Leak Into Our World From Other Universes 212

Posted by Soulskill from the why-you-always-stain-before-putting-on-the-finish dept.
KentuckyFC writes: One of the more exciting predictions from "braneworld" theories of high energy physics is that matter can leak out of other universes into our own, and vice versa. The basic idea is that our three-dimensional universe or brane is embedded in a much larger multi-dimensional cosmos. These branes can become coupled so that a quantum particle such as a neutron can exist in a superposition of states in both universes at the same time. When the neutron collides with something, the superposition collapses and the particle must suddenly exist in one brane or the other. That means neutrons from our universe can leak into other branes and then back again. Now physicists are devising an experiment to look for this neutron leakage. They plan to put a well shielded neutron detector next to a shielded nuclear reactor that produces neutrons at a research facility in France. All this shielding means the detector should not see any neutrons from inside the reactor. However, if the neutrons are leaking into another brane and then back into our world, they can bypass this shielding and trigger the detector. The team has not yet set a date for the experiment but the discovery of neutrons (or anything else) leaking into our universe would be huge.

Submission + - The Search For Neutrons That Leak Into Our World From Other Universes

Submitted by KentuckyFC
KentuckyFC writes: One of the more exciting predictions from "braneworld" theories of high energy physics is that matter can leak out of other universes into our own, and vice versa. The basic idea is that our three-dimensional universe or brane is embedded in a much larger multi-dimensional cosmos. These branes can become coupled so that a quantum particle such as a neutron can exist in a superposition of states in both universes at the same time. When the neutron collides with something, the superposition collapses and the particle must suddenly exist in one brane or the other. That means neutrons from our universe can leak into other branes and then back again. Now physicists are devising an experiment to look for this neutron leakage. They plan to put a well shielded neutron detector next to a shielded nuclear reactor that produces neutrons at a research facility in France. All this shielding means the detector should not see any neutrons from inside the reactor. However, if the neutrons are leaking into another brane and then back into our world, they can bypass this shielding and trigger the detector. The team has not yet set a date for the experiment but the discovery of neutrons (or anything else) leaking into our universe would be huge.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close