Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Obama Plan Privatizes Astronaut Launchings (nytimes.com)

couchslug writes: President Obama will end NASA’s return mission to the moon and turn to private companies to launch astronauts into space when he unveils his budget request to Congress next week, an administration official said Thursday.The shift would “put NASA on a more sustainable and ambitious path to the future,” said the official, who spoke on condition of anonymity. But the changes have angered some members of Congress, particularly from Texas, the location of the Johnson Space Center, and Florida, the location of the Kennedy Space Center.
“My biggest fear is that this amounts to a slow death of our nation’s human space flight program,” Representative Bill Posey, Republican of Florida, said in a statement.


Submission + - Chrome Apes IE8, Adds Clickjacking, XSS Defenses (computerworld.com)

CWmike writes: Google has announced that it added several new security features to Chrome 4, including two security measures first popularized (sone later shot down as having 'zero impact') by rival Microsoft's IE8 last year. The newest "stable" build of Chrome includes five security additions that target Web developers who want to build more secure sites, said Adam Barth, a software engineer on the Chrome team. The two aped from IE include "X-Frame-Options," a security feature that helps sites defend against "clickjacking" attacks, and cross-site scripting protection. "In Google Chrome 4, we've added an experimental feature to help mitigate one form of XSS [cross-site scripting], reflective XSS," Barth said. "The XSS filter checks whether a script that's about to run on a Web page is also present in the request that fetched that Web page. If the script is present in the request, that's a strong indication that the Web server might have been tricked into reflecting the script."

Submission + - Is there a zero-day OpenSSH exploit in the wild? (dshield.org)

eefsee writes: sans.org reports 'Over the past 24 hours we've had a number of readers tell us that there is an OpenSSH exploit in active use.' It is not clear if this is a real exploit or sysadmin CYA masquerading as exploit, but some web hosts have already turned of SSH in response. On 7/5 HostGator shut down SSH on all its shared servers. Site5 did the same thing the next day. The loss of SSH, of course, kills SFTP on these hosts as well, forcing customers to fall back on FTP. Now that is security!

Take your work seriously but never take yourself seriously; and do not take what happens either to yourself or your work seriously. -- Booth Tarkington