So all you NASCAR fans coming out of the wood work (and racing fans in general) I have a questions. Are there any motor racing events without restrictions to (at least) the engines?

As a huge nerd...I'd love to see a motor sport that is more about the ability to manufacture some crazy ass vehicle than how good the driver is.

It's primarily to provide an instrumentation platform backed by standardized interfaces. Think something like agents+instrumentation in java. I just /.'d up the title a little :P

Eight instruction can, in fact, be executed simultaneously. Run a parallel CompletableFuture task or something, and this becomes extremely obvious. Each parallel "run" use a ClassTransformer to see the ASM instructions being run with a locking (NOT a re-entrant lock) counter, and a \n every 8 locks/unlocks.

You will see 8 ASM instructions at a time.

That being said...physically they aren't cores, and shouldn't be referred to as such. They should have referred to them with their own term "module." If they didn't...they should be sued.

Javascript doesn't attack a browser in the classical sense. The way you cause damage with JS is poisoning the browser's cache. So you add something sketchy to the cached version of a given webpage.

The classical route of this attack is a proxy that injects code to cache sketchy objects on top of the cache of any page visited. The cache expiration is set to something ridiculously high, so it's not removed without clearing the cache.

So for example injecting an ad that wasn't there before into youtube, slashdot, etc. Every time the user loads the page they load your ad, and get you an impression.

So yes this is strictly limited to browsers, and even within the browser is quite limited.

I asked if you meant Java, because there have been attacks in Java that can escape the browser sandbox and modify system files. Potentially java could be used to infect a server via a means besides a browser.

Flash is not on servers, no one checks email on servers, and no one views word/excel documents on a server. Word/excel files may be "viewed" on a server, but that would be for processing. In which case they would be accessed using something like the mono interop API (C#) or Apache tika/POI. So embedded bytecode wouldn't be executed.

I suppose these things could happen on a windows servers, but if you're admin is browsing and checking his email on a server...ffs

All of those services you configure, run as root, then they are running as services. Its not like you start sshd or cron up everyday. Hell, starting things up often is cron's purpose.

Also ping can be replaced with a script...tcp doesnt need root.

None of these are things you can even do on a nix server. Also...js? You mean java?
Cache poisoning itself doesnt infect you.

I can make bugs that a team wouldnt catch from looking at code alone...c++ templating is incredibly powerful

"overpaid" exec here...chief information officer. If I got to work 60 hours it would be a blessing. Most executives work literally twice the hours, and cause 10x more to happen per given hour than any employee there. Then we go home and file dailies/weeklies and get 4hrs of sleep.

Outside of leviathan-esque companies this is mostly true

This is a lot more of an important question ask than you think. A friend of mine runs a DDoS protection service, and they recently got hit by a 60 gigabit attack (Syn-flood, unamplified obviously) that was from a botnet of surveillance cameras. Shit be whack yo.

Are you insane? From a business standpoint they don't give a shit about your privacy. If anything it should have already been blocked.

Second

As an ISS professional I'm looking forward to the advent of chip-and-pin in the US. All the extra mandatory PCI-compliance auditing, and pen-testing contracts are going to be great.

I'm so excited for all the data breaches after attackers are able to leverage the card as a means to compromise the point of service.

Also the nostalgia of seeing all these super-micro pieces of malware combined with "interesting" hardware hacks is probably going to make me tear up a little bit.

I think of it more as "death by a few billion cuts" followed by the government using a phoenix down on them.

This is actually one of the best posts I've ever read on slashdot. Well done sir.