Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Sun Pushes Emergency Java Patch 90

Posted by timothy from the emergency-shot-of-soy-latte dept.
Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."

Submission + - white house- what technology should we work on? (whitehouse.gov)

Submitted by way2trivial
way2trivial writes: Your Government needs you- they'd like to ask what technology they should be advancing.
"In February 2010, the Office of Science and Technology Policy and the National Economic Council released a "Request for Information" to collect input from the public regarding the grand challenges identified in the President's innovation strategy, other possible grand challenges, and the partners (e.g. companies, universities, non-profit organizations) that would need to collaboration to achieve these ambitious goals. The deadline for responses is Thursday, April 15th."

Give it to them boys!
Amiga

Submission + - Iraqi-Developed Babylonian Twins is on iPhone/iPad (fingergaming.com)

Submitted by Anonymous Coward
An anonymous reader writes: Unreleased, Iraqi-Developed Babylonian Twins Finds New Life on iPhone and iPad.
16 years ago, a team of students in Baghdad set out to create a puzzle-platformer for the Commodore’s Amiga computer. The game was never released — Iraq’s economic sanctions, combined with Commodore’s declaring of bankruptcy in 1994, ended the project before it could be completed.

Submission + - Apple Blocks Cartoonist From App Store (niemanlab.org) 1

Submitted by ink
ink writes: Here is another troubling anecdote on the iWeb front:

This week cartoonist Mark Fiore made Internet and journalism history as the first online-only journalist to win a Pulitzer Prize. Fiore took home the editorial cartooning prize for animations he created for SFGate, the website for the San Francisco Chronicle... But there’s just one problem. In December, Apple rejected his iPhone app, NewsToons, because, as Apple put it, his satire “ridicules public figures,” a violation of the iPhone Developer Program License Agreement, which bars any apps whose content in “Apple’s reasonable judgement may be found objectionable, for example, materials that may be considered obscene, pornographic, or defamatory.

Whether or not you agree with Fiore's political sentiments, I believe we can all agree that the censorship of his work should be denigrated.
Anime

Submission + - Porn virus publishes web history of victims on the (anguloconsulting.com)

Submitted by FishRep
FishRep writes: A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected. The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan. Masquerading as a game installation screen, it requests the PC owner's personal details. It then takes screengrabs of the user's web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to "settle your violation of copyright law" and remove the webpage. Read summary article Porn Virus Publishes Web History of Victims on the Net at Angulo Consulting Read the original BBC article
Java

Submission + - Sun Pushes Emergency Java Patch (threatpost.com)

Submitted by Trailrunner7
Trailrunner7 writes: In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running “javaws.exe” without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google’s Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response.
Idle

Submission + - Need to fix a grade, a 3'rd grader can help 1

Submitted by Gud
Gud writes: In the Washington Post this morning there is a story about a 9 year old that was able to do anything he wanted to grades in his school in a system supplied by Blackboard.

http://www.washingtonpost.com/wp-dyn/content/article/2010/04/14/AR2010041404159.html?hpid=newswell

This comes on the heals of an other story about high-school students installing key loggers at their high school and going back and changing grades.

The question now is when will all the applicants to Harward submit transcripts that only have A's ?
Medicine

Submission + - Videos of the Argus Artificial Retina In Action (singularityhub.com)

Submitted by kkleiner
kkleiner writes: The Argus line of artificial retinas has been able to give a primitive (low resolution) vision to patients with retinitis pigmentosa for years now. An external camera transmits images to an electrode array implanted directly on the patient’s retina. We’ve been consistently impressed by the capabilities of these implants which were developed for the US Department of Energy’s Artificial Retina Project. Now, as the third phase of development (Argus III) is gearing up, we thought it be a great time to look at some of the amazing accomplishments of this project. We’ve got some awesome videos of patients using the Argus I and Argus II as well as a truly moving clip from National Geographic.
Privacy

Submission + - Young Adults Care About Privacy (ssrn.com)

Submitted by Anonymous Coward
An anonymous reader writes: According to the Associated Press, a new joint UC-Berkeley/U.Penn study finds that young people, contrary to media reports, do care about privacy online:

Although they grew up in the digital age, young people know surprisingly little about their rights to online privacy, the study found. They seem more confident than older adults that the government would protect them, even though U.S. privacy laws offer few such safeguards. The lack of knowledge about the law, coupled with an online environment that encourages people to share personal information, may be one reason young people can seem careless about privacy...
Security

Submission + - School Safety Firms Partner to Introduce The Compr (prlog.org)

Submitted by hawks5999
hawks5999 writes: With State budgets hurting so bad, it's about time someone took a smart approach to school safety and security. Looks like these guys could be on to something here that will make budget dollars go further in really providing safe schools using technology.

Submission + - Iceland Volcano Ash Grounds European Air Travel (cbsnews.com)

Submitted by Ch_Omega
Ch_Omega writes: From the article at CBSNews:
"An ash-spewing volcano in Iceland emptied the skies of aircraft across much of northern Europe on Thursday, grounding planes on a scale unseen since the 9/11 terror attacks. British air space shut down, silencing the trans-Atlantic hub of Heathrow and stranding tens of thousands of passengers around the world.

Aviation officials said it was not clear when it would be safe enough to fly again and said it was the first time in living memory that an ash cloud had brought one of the world's most congested airspaces to a standstill. "

BBC News, Deccan Herald and Barents Observer has more coverage.

Submission + - NSA Warrantless Wiretapping Whistleblower Indicted (wired.com) 1

Submitted by elrous0
elrous0 writes: Thomas Andrews Drake, a former NSA official, was charged Thursday in the U.S. District Court of Maryland with allegedly leaking classified National Security Agency (NSA) documents to an unnamed reporter during his time with the agency. It is widely believed that Drake was one of the unnamed whistleblowers who revealed the NSA's secret (and illegal) warrantless wiretapping program to New York Times reporters in 2005 (along with Justice Department lawyer Thomas Tamm). “Our national security demands that the sort of conduct alleged here — violating the government’s trust by illegally retaining and disclosing classified information — be prosecuted and prosecuted vigorously,” said Assistant Attorney General Lanny A. Breuer in a statement.

Submission + - Quantum number generator created (scientificamerican.com)

Submitted by SpuriousLogic
SpuriousLogic writes: A team of researchers has devised perhaps the world's most intricate coin toss, a device utilizing vacuum chambers, magnetic fields, lasers and microwave pulses to produce a random string of 0s and 1s—each representing heads or tails, essentially. The complexity is necessary to move the generation of random numbers beyond the hard-to-predict but fundamentally deterministic world of classical physics and into the realm of quantum mechanics, where uncertainty takes hold.

Antonio Acín, a physicist at the Institute of Photonic Sciences in Spain and an author of a paper describing the approach in the April 15 issue of Nature, says that true randomness is elusive. "If you go to a casino and play roulette, or you flip a coin, if you had access to the initial position and speed of the ball or coin, you could predict the result with certainty," he says. "The randomness that we have in our world is because of lack of knowledge."

The researchers utilized a pair of ytterbium ions as quantum bits, or qubits, each confined to a private vacuum chamber about a meter apart in an experimental system at the Joint Quantum Institute of the University of Maryland and the National Institute of Standards and Technology. Depending on the state of the ions, a resonant laser pulse will either cause them to emit a photon, representing a binary 1, or remain dark, representing a zero. Each atom's state cannot be known with certainty until it is measured with the laser pulse—that is, it is probabilistic rather than deterministic—so the measurements can be used to generate an intrinsically random string of binary digits.

Acín's group used statistical tests to show that the output from the new device indeed stems from quantum uncertainty rather than from residual deterministic—and hence predictable—effects. Using so-called Bell inequalities, the researchers demonstrated that the two qubits shared a quantum-mechanical link knows as entanglement, meaning that the measurement of one qubit's quantum-mechanical state instantaneously affects that of the other qubit. Bell inequalities, named for Irish physicist John Bell, mark how much correlation a purely deterministic, non-entangled system should have. (In other words, they dictate how the qubits should behave if measurement of one has no effect on the other.) If those inequalities are violated, some unseen and instantaneous link must be in play that allows distant systems to influence each other. Entanglement is not possible in classical physics, so the nature of the system must be governed by quantum randomness.

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close