Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Continue through it (Score 1) 8

by improfane (#40427199) Attached to: What can be done about the Microsoft astroturfers?

I am tired of the shills and astroturfers - they're always very obvious, you just have to leave them to be moderated by others and moderate up other people or at least people who CALL THEM on it.

Unfortunately I wouldn't be surprised if they work together to acquire karma - one person shills, another calls that shill out and then uses his mod points later to get a firstish shill post with high score.

The key is to check the user ID and the history before modding ANYONE.

We can't just give up - I don't see the alternatives right now...

Comment: Perfect Brownies (Score 4, Informative) 103

by improfane (#40290789) Attached to: Google and Facebook Top Biggest Web Tracker List

I agree with you.

Just thought I'd share my ultimate brownie recipe with you. Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, 40g Cocoa and 275g sugar. Stir into mixture and then add three eggs. Pour into a greased or papred tin and place in oven for about 25 minutes and they're delicious. They're not to dense or light and they are rich but not overpowering.

You can also mix in chocolate chunks or nuts to make it even nicer.

Comment: Equivalent in History? (Score 2) 65

by improfane (#39754717) Attached to: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

Can anyone think of anything equivalent to this in history? Where people were under extensive surveillance? What happened?

There has to be a crunching point for things like this, society is meant to limp forward gradually. Hopefully it will get better after it gets worse...


+ - Goldman Sachs' Sex-Trafficking Web Site 1

Submitted by
Hugh Pickens writes
Hugh Pickens writes writes "Nicholas Kristof writes in the NY Times that Goldman Sachs in one of the owners of America’s leading web site for prostitution ads and the biggest forum for sex trafficking of girls, some under age or forced into prostitution, holding a 16 percent stake in the company. “We had no influence over operations,” responded Goldman Sach spokeswoman Andrea Raphael when Kristoff began inquiring about its stake as Goldman began working frantically to unload its shares. Although there's no doubt that many escort ads on Backpage are placed by consenting adults, it’s equally clear that Backpage, with 70 percent of the market for prostitution ads, plays a major role in the trafficking of minors or women who are coerced into prostitution. "In one recent case in New York City," writes Kristof, "prosecutors say that a 15-year-old girl was drugged, tied up, raped and sold to johns through Backpage and other sites." In Washington State, the governor recently signed a bill into law that could expose Backpage to criminal sanctions if it advertises under-age girls for sex without verifying their ages and 19 US. senators have written the company asking it to stop abetting traffickers. "For more than six years Goldman has held a significant stake in a company notorious for ties to sex trafficking, and it sat on the company’s board for four of those years," writes Kristof. "After so many years of girls being trafficked on this site, it’s time to hold owners accountable.""

Comment: HTTP Policies (Score 1) 273

by improfane (#39607459) Attached to: Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages

This is why websites need to publish policy files a bit like ABE (Application Boundaries Enforcer). This would mean that a website would publish what resources that site can request and destinations that are not in that policy are not loaded. Unfortunately if they can intercept anything that you are served then the injector can just modify the policy file too. Perhaps signed policy file could solve this?

Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...

(Although the guy who wrote ABE/NoScript should be considered in caution because of what he did to NoScript users in the past. He deliberately removed NoScript blocks for his own website so he could raise money on his plugin update page that opens after updates.)

Comment: Dear Slashdot Management (Score 5, Insightful) 410

by improfane (#39596171) Attached to: Slashdot Coming Attractions

Your website's profitability depends on the comments posted below. You depend on User Generated Content (UGC). This is where most users extract value from your site and the reason why people actually still visit Slashdot.

It's not the articles themselves, people only rarely read those.

If you allow your user base to be diluted by commercial interests, your profits will dwindle as less users come here to socialize and learn. That is why you need to keep the comments off limits for gaming by media and PR companies. If you post a Slashvertisement, not that I like them at least it is separate from the comment section so you're not pretending to be anything but a shill for another company. However, the comment section should represent real users and trolls -- not shills.

Comment: It doesn't (Score 5, Informative) 98

by improfane (#39406757) Attached to: Java Web Attack Installs Malware In RAM

It doesn't have to. It contacts the C&C server where someone presumably decides whether to install further bots or more resident exploits.

The exploit seems to be more about stealth distribution and about dropping other malware. This makes sense because if a dropper is detected as malicious, it becomes useless due to its detection. (You can safely assume anything using a dropper is malicious)

This means that anti virus software should in theory only be able to detect the actual dropped malware. Any new malware could have had a field day with this exploit because both the dropper and malware would not have been detected.

From my understanding of the article it actually dropped the Lurk trojan but I get the feeling it could drop anything the C&C wants it to.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis