Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Re:We Got Hit By This (Score 5, Informative) 288

by gbrayut (#32541596) Attached to: Mass SQL Injection Attack Hits Sites Running IIS

Here is a great overview of the technique that was used:

http://www.virusbtn.com/pdf/conference_slides/2009/Maciejak-Lovet-VB2009.pdf

While they are targeting IIS and MSSQL the real issue is developers that don't sanitize the parameters that get sent to the database. The SQL is encoded in at least 2 different layers, so the only keywords that appear in the URL are ;dEcLaRe%20@s%20vArChAr(8000) and ;EXEC%20(@S); and It would be pretty difficult for Microsoft to block those without affecting legitimate usage. If you are using LINQ, Stored Procedures, or Parameterized Queries based on SqlCommand then this wouldn't work against your site or library. Mainly queries created as raw text strings have this vulnerability, and in this case it appears that some library or module used by a number of sites used raw SQL strings instead of the best practices recommended by Microsoft and every other SQL and web server vendor.

Submission + - Police fuck up redaction, lifelock gets the blame (slashdot.org) 2

Submitted by logjon
logjon writes: Today, slashdot reached a new low when it took the chance to point the finger at a private corporation for a government fuckup. A police report was improperly redacted, yet the finger was pointed at LifeLock for taking action when it came to light, ignoring the fact that LifeLock did absolutely nothing wrong, but in fact, took preemptive action against this data leak. One can only conclude that slashdot editors are fucktards, oblivious to the fact that police reports are public records, and that said editors cannot even be assed to rtfa. Details at 11.
Microsoft

Submission + - Apple worth more than Microsoft (reuters.com)

Submitted by batkid
batkid writes: After over 20 years, Apple is finally worth more than Microsoft in market value. Maybe that's why Apple is not getting all the government attention.

Comment Apple Says iPhone Jailbreaking is Illegal (Score 3, Informative) 482

by gbrayut (#32353714) Attached to: FSF Asks Apple To Comply With the GPL For Clone of <em>GNU Go</em>

Jailbreaking an iPhone constitutes copyright infringement and a DMCA violation, says Apple in comments filed with the Copyright Office as part of the 2009 DMCA triennial rulemaking. This marks the first formal public statement by Apple about its legal stance on iPhone jailbreaking.

Link to full article on EFF

Comment Re: Microsoft Surface... check out Hard Rock Cafe (Score 1) 277

by gbrayut (#31137692) Attached to: Bing Maps Wows 'Em At TED2010
I just saw a video on Channel 9 showing that the Hard Rock Cafe is using Microsoft Surface and other touchscreen devices in a few of their restaurants. Considering the device was only release about 2 years ago and has such a large price tag I am still impressed with what they have done. Check it out:

http://channel9.msdn.com/posts/LarryLarsen/The-Tech-Behind-The-Hard-Rock-Cafe/Default.aspx

Wikipedia mentions AT&T, Harrah’s, Disneyland, Sheraton Hotels and MSNBC as users of the Microsoft Surface too. I have yet to see one, but it still is making it's way into the market.

Comment Parallels Workstation 4.0 EXTREEEEEMMMMEEEE!!!! (Score 1) 289

by gbrayut (#30464178) Attached to: VMware Workstation vs. VirtualBox vs. Parallels
I use VirtualBox for building a test environment and it works very well. Also the graphics acceleration worked fine for the games that I tested with. Parallels Workstation 4.0 Extreme looks interesting, but the only "Certified hardware platform" is a HP Z800 Workstation, which costs $2000 to $5000. Add in $400 for the Parallels license and that gets to be a bit steep. Plus the announcer on the video sounds like he is trying to sell you a used car.
News

FOSS Sexism Claims Met With Ire and Denial 1255

Posted by ScuttleMonkey from the girls-don't-write-foss dept.
Last Friday Bryce Byfield gave us a little insight into the fallout surrounding his article on sexism in the FOSS world. Unfortunately it seems that FOSS junkies did little better than the rest of the world with respect to sexism, displaying similar levels of denial, abuse, and ignorance. "But the real flood of emotion comes from the anti-feminists and the average men who would like to deny the importance of feminist issues in FOSS. Raise the subject of sexism, and you are met with illogic that I can only compare to that of the tobacco companies trying to deny the link between their products and cancer. Because I took a feminist stance in public, I have been abused in every way possible — being called irrelevant, a saboteur, coward, homosexual, and even a betrayer of the community. I know that many women in the community have been attacked much more savagely than I have, so I'm not complaining. Nor am I a stranger to readers who disagree with me, but the depth of reaction has taken me back more than once. I think the reaction is an expression of denial more than anything else."
Businesses

Banking Via Twitter? 193

Posted by ScuttleMonkey from the what-not-to-do dept.
In the latest example of how just because you can do something doesn't mean you should, one credit union has decided to offer a new feature, dubbed "tweetMyMoney," that allows members to interact with their accounts via Twitter. Can't wait for the next version, "tweetSomeoneElsesMoney." "tweetMyMoney, available exclusively to Vantage members! With tweetMyMoney, you can monitor your account balance, deposits, withdrawals, holds and cleared checks with simple commands. And, you can even transfer funds within your account. It's all available on Twitter, 24/7!"

Comment Video from Channel 9 (Score 3, Informative) 123

by gbrayut (#29461885) Attached to: Microsoft Rushes Out Office Web Apps Preview
There was a video showing the features of Excel Web App, Powerpoint Web App, and Word Web App here on channel 9: http://channel9.msdn.com/posts/dtzar/Office-Live-Applications-First-Look/ They look a little slow and not as responsive as Google Docs, but they do have more feature. Interesting to see the final product.
Communications

GMail Experiences Serious Outage 408

Posted by timothy from the works-here-never-mind dept.
JacobSteelsmith was one of many readers to note an ongoing problem with Gmail: "As I type this, GMail is experiencing a major outage. The application status page says there is a problem with GMail affecting a majority of its users. It states a resolution is expected within the next 1.2 hours (no, not a typo on my part). However, email can still be accessed via POP or IMAP, but not, it appears, through an Android device such as the G1." It's also affecting corporate users: Reader David Lechnyr writes "We run a hosted Google Apps system and have been receiving 502 Server Error responses for the past hour. The unusual thing about this is that our Google phone support rep (which paid accounts get) indicated that this outage is also affecting Google employees as well, making it difficult to coordinate."
Television

Futurama Voices Could Be Recast 260

Posted by Soulskill from the bite-my-shiny-metal-*** dept.
Svippy writes "According to reports surfacing on the Internet, Futurama may be recast. The animated series is due to return next year on Comedy Central, but may not be the same as we once knew it. 'As part of the announcement, the show's producers said stars including West, Sagal and DiMaggio had all signed on to return. Turns out that wasn't true. The stars had all expressed interest in returning. But with the budget for Futurama dramatically slashed, the salary offers came in well below what the thesps were asking.' Phil LaMarr posted 20th Century Fox's request for auditions on his Facebook page. However, some are skeptical about whether it's a real casting call or purely a stunt to reduce the salaries of the voice actors."

Comment What about the opportunity to learn something new? (Score 2, Interesting) 59

by gbrayut (#28059935) Attached to: Sunlight Labs Offers $25,000 For Data.gov Apps
When Resolver Systems started their $25,000 competition for the best spreadsheet examples for Resolver One, I saw it as a great opportunity to learn IronPython and play around with a new program that looked interesting. I spent some free time having fun coding in a new language, and the Texas Holdem Monte Carlo Hand Evaluator worksheet that I made ended up being pretty useful. Oh... and it won one of the rounds, so I see it as time very well spent :-P

Now this competition is a bit more structured and has much less of a "fun" factor, but it still is a good incentive to look at the data that is available and try and think of new ways to visualize or use it.

Slashdot Top Deals

Crazee Edeee, his prices are INSANE!!!

Close