Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:why? (Score 4, Informative) 778

by Giorgio Maone (#44158513) Attached to: Firefox 23 Makes JavaScript Obligatory

Are there still security issues with having JS enabled?

Fresh from the summary of the upcoming BlackHat talk by Jeremiah Grossman, A Million Browser Botnet:

With a few lines of HTML5 and javascript code we’ll demonstrate just how you can easily commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes and even help brute-force passwords. [...] no zero-days or malware is required. Oh, and there is no patch. The Web is supposed to work this way.

Comment Re:Agreed (Score 4, Informative) 778

by Giorgio Maone (#44158383) Attached to: Firefox 23 Makes JavaScript Obligatory

There is ZERO chance I'm going to use a browser which doesn't allow me to default JS to being disabled. NoScript is also FAR advanced beyond other similar tools, so it would REALLY SUCK to have to use Chromium's lame equivalent, but I will if it is the only choice. At least in other respects Chromium is pretty good.

In what ways is NoScript more advanced than ScriptSafe?

Besides some "minor" features first introduced by NoScript, which advanced the state of the art of browser security (such as the most effective in-browser XSS filter, the ClearClick anti-Clickjacking technology and the Application Boundaries Enforcer module), NoScript holds a modest advantage over all its Chrome-based "clones": basic script blocking which actually works ;)

Comment Not that simple (Re:Online Advertising Response) (Score 5, Informative) 369

by Giorgio Maone (#42991759) Attached to: Firefox Will Soon Block Third-Party Cookies

The patch is not exactly a one-liner, because the implemented behavior is not as straight-forward as just "block 3rd party cookies".

It's "block cross-site cookies from origins which I've not visited yet as a 1st party websites and have already 1st party cookies from".

This means, for instance, that Facebook, Google and Twitter gets likely a free-pass to track almost anybody.

And that once you (accidentally or not) click any ad box, you give a free-pass to its advertising agency too.

Privacy

Submission + - Stallman on Unity: Canonical will have to hand over users' data to governments (benjaminkerensa.com)

Submitted by
Giorgio Maone
Giorgio Maone writes: "Ubuntu developer and fellow mozillian Benjamin Kerensa chatted with various people about the new Amazon Product Results in the Ubuntu 12.10 Unity Dash. Among them, Richard Stallman told him that this feature is bad because: 1. "If Canonical gets this data, it will be forced to hand it over to various governments."; 2. Amazon is bad. Concerned people can disable remote data retrieval for any lens and scopes or, more surgically, use sudo apt-get remove unity-lens-shopping."

Comment Re:Inflated Chrome stats because of page prerender (Score 2) 212

by Giorgio Maone (#39585041) Attached to: Chrome Beats Internet Explorer On Any Given Sunday

I doubt they measure number of pages when measuring market share here.

Wrong, that's exactly what they do: Why do you base your stats on page views rather than unique visitors?

And yes, they're aware of the prerendering Chrome stats inflation problem, even though they believe it doesn't significantly skew their stats, for some reason they're unable to explain themselves (sounds like "faith" or "we're too lazy to adjust our data even though we could").

Comment Re:Only a partial list (Score 5, Informative) 131

by Giorgio Maone (#39387581) Attached to: Websites Can Detect What Chrome Extensions You've Installed
Two tiny corrections:
  1. He will find all your installed extensions among the ones he's looking for, because every Chrome extension have a manifest.json file. This means that he just needs to crawl https://chrome.google.com/webstore/category/extensions for GUIDs of all the installable extensions, and he can detect your full extensions list.
  2. There's no such a generic detection method for Firefox extensions. You can detect some (e.g. adblockers) by testing for their specific behavior and effects on web pages (e.g. how some DOM elements have been removed/hidden/inserted), but you can't develop a catch-all detection script, because Firefox extensions are generally undetectable.

Submission + - The tunnel between CERN and Central Italy (google.com)

Submitted by fph il quozientatore
fph il quozientatore writes: The Italian ministry for university and research complimented the researchers for the recent (supposed) discovery of faster-than-light neutrinos. Her press release (Google machine translation) mentions that Italy funded the construction of a "tunnel between the CERN [in Geneva] and Gran Sasso [the labs in Central Italy]". Google maps reports the distance between the two labs as over 900km — but of course once the tunnel is open to traffic the trip will be much faster.
Censorship

Submission + - Police Seizes Blog over "Kill Berlusconi" Satire (savonaeponente.com) 2

Submitted by Giorgio Maone
Giorgio Maone writes: Italian Police just seized the Savona e Ponente Blog because the 60 years old journalist Valeria Rossi posted a satiric article titled "I want to kill Berlusconi", writing that "you can't feel guilty of wishing him death, because he's not human: he's an alien, with incredible psychic powers." Otherwise, how could such a clown, with multiple pending trials for corruption, tax offenses, abuse of power and even child prostitution, convince the majority of the other politicians and a consistent slice of Italian people to keep him as their prime minister for almost 20 years now?

Here's a mirror of the incriminating text (Italian).

Slashdot Top Deals

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Close