simonplexus writes: With all of the talk about iphone and android location security lately, I thought id share something I came up with a while ago. I saw some talk of getting users router MAC addresses then using this data to talk to google Geolocation API to pull the location from their big wifi database. The methods I saw involved mainly exploiting browsers, then exploiting vulnerable routers to pull the MAC. I figured this needs a better attack vector, something which is less dependent on vulnerable browsers or routers. Java delivered me the answer.
Using signed Java applets under default security settings, Java is allowed access to system calls. Using these calls, one can calculate the default gateway IP of a site visitor (netstat -rn) and then use the ARP table to determine the MAC address of the users default gateway (arp -a).
Plugging that MAC address into Goolge's Geolocation API gives either a pretty accurate location, or a GeoIP only location if google does not know the MAC address. Unscrupulous site operators could then use JSON or AJAX from the running applet to send the resulting location back to their systems and locate website users, with the minimum level of accuracy being GeoIP, the maximum level of accuracy being as accurate as google's DB (it locates me to the house next door)
theMany writes: From an e-mail on April 24, 2011 --------------------------------------------- Dear Valued Verizon Customer, Good news! Below please find the description of changes to the Verizon Online Terms of Service (TOS) effective 4/19/11. ---------- snip ------------------------- 3. Home Router Password Changes. Section 10.4 was updated to clarify that Verizon may in limited instances modify administrative passwords for home routers in order to safeguard Internet security and our network, the security and privacy of subscriber information, to comply with the law, and/or to provide, upgrade and maintain service. The administrative password for your home router is used to access the “administrative” controls for the router and to make changes to your router’s internal settings. We will use reasonable means to notify Subscribers whose home router administrative passwords are changed, which may include email notice to your Primary Email Address and/or an announcement on the My Verizon portal. ----------- snip ------------------ 1. Does this policy bother others like it bothers me? 2. How may a user be held responsible for their TOS obligations when Verizon can essentially prevent them from administering access to the broadband from their side of the interface? For example, Verizon could prevent user control of the wireless access point to include management of passwords, encryption/type, SSID broadcast, MAC access table, etc. 3. What are the legal implications? 4. What are the privacy implications? 5. Ref the AcionTek routers used by Verizon: Is there a way to prevent modification of the admin password at the user site that requires Verizon to actually interact with a human there — first? (internal settings, board-level jumper, etc.)
mikejuk writes: Google is funding an AI project that will introduce the technical concept of regret into programs — but there's a big difference between regret and being sorry. In fact regret is just the difference between maximum possible reward and the actual reward received and the project is about optimization. There are two things to learn from this situation. The first is that just because some numerical measure is called "regret" it doesn't mean it has anything to do with the common use of the term. Secondly if you are going to invent an AI technique then picking emotive words for your jargon is a good way to ensure publicity.
autospa writes: Are you desperate to take your video game performance to the next level – and willing to indulge in some high-risk behavior? Hint: you’ll need a 9-volt battery and a wet sponge! Researchers in New Mexico claim that a faint electric massage to the brain improved the performances of volunteers playing the war simulator games. The electric current was produced by a device running on a 9-volt battery and delivered to the volunteers via a moistened sponge applied to their right temple.
jbrodkin writes: Tech workers pulled in an average of $79,384 last year, an increase of 0.7% over 2009. It was the "second straight year of nearly flat salaries," according to Dice.com, the online job site which surveyed nearly 20,000 tech pros in North America between Aug. 31 and Nov. 15. Silicon Valley is making a comeback, though, with average salaries approaching six figures. While overall tech salaries improved slightly, technology professionals just entering the field now can expect to make less than if they got their first jobs a few years ago. "For the second straight year, the average salaries of technology professionals with less than two years' experience have declined, and are six percent below their peak average wages in 2008," Dice said. Silicon Valley is a bright spot, with tech workers getting a 3% salary increase to $99,028, after a decline the previous year. Several fields within high-tech are offering average salaries in the six-figure range. Advanced business application programming, for example, clocks in at $105,887. But the most in-demand skills are Oracle; J2EE/Java; and C, C++, C#.
"This is the first stable release of the Tomcat 7 branch," developer Mark Thomas wrote in an e-mail announcing the release on various Tomcat developer mailing lists.
While not a full application server, Tomcat implements the functionality described in the Java Enterprise Edition Web profile specifications. Most notably, it supports version 3.0 of the Servlet API (application programming interface) and version 2.2 of JavaServer Pages, both part of the recently ratified JEE 6. A servlet container manages Java-based applications that can be accessed from a Web browser.
One big area of improvement is in configuration management for Web applications. Previous versions required all Web app configuration changes to be entered in a central file called web.xml, a process that led to unwieldy web.xml files as well as security risks.
from the in-context-it's-barely-vulgar dept.
An anonymous reader writes "Usually, when installing a new operating system, the hope is that it's as up-to-date as possible. After installation there's bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different; it's shipped in as vulnerable a state as possible. As the DVL website explains: 'Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn't built to run on your desktop – it's a learning tool for security students.'"
from the nocturnal-excursions dept.
Ponca City, We love you writes "Live Science reports that researchers say playing video games before bedtime may give gamers an unusual level of awareness and control in their dreams, which could provide an edge when fighting nightmares or even mental trauma. 'If you're spending hours a day in a virtual reality, if nothing else it's practice,' says Jayne Gackenbach, a psychologist at Grant MacEwan University in Canada, who says that hardcore gamers represent the leading edge of immersion in virtual worlds that increasingly has come to define a large part of contemporary entertainment and communication. 'Gamers are used to controlling their game environments, so that can translate into dreams.' One intriguing theory holds that dreams are a sort of threat simulation where nightmares help organisms hone their skills in a protective environment, and ideally prepare organisms for a real-life situation. To test that theory, Gackenbach conducted a study using independent assessments that coded threat levels in after-dream reports and found that gamers experienced less or even reversed threat simulation (in which the dreamer became the threatening presence), with fewer aggression dreams overall. In other words, a scary nightmare scenario turned into something 'fun' for a gamer."