Become a fan of Slashdot on Facebook


Forgot your password?

Submission Summary: 0 pending, 8 declined, 5 accepted (13 total, 38.46% accepted)

Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Scientiifc study details should not published per

Morty writes: The NSABB (National Science Advisory Board for Biosecurity) has recommended that details of two research papers involving Avian Flu not be published because of security concerns. At least one of the research groups says that their work should be logically reproducible. The NSABB's censorship recommendations do not (currently) have the force of law, but Science and Nature voluntarily delayed publication.

Submission + - DNS rebinding attacks: multi-pin variant

Morty writes: DNS rebinding attacks can be used by hostile websites to get browsers to attack behind firewalls, or to attack third parties. Browsers use "pinning" to prevent this, but a paper describes so-called multi-pin vulnerabilities that bypass the existing protections. Note that, from a DNS perspective, this is a "feature" rather than an implementation bug, although it's possible that DNS servers could be modified to prevent external sources from being able to point at internal resources. Also note that use of noscript to block javascript, java, and flash should also work around this.

"I've seen the forgeries I've sent out." -- John F. Haugh II (jfh@rpp386.Dallas.TX.US), about forging net news articles