Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Do over please (Score 4, Insightful) 73

I think I read that Imgur was inlining images with data urls when viewing the raw image.

So if you visited the source code would look like:
img src="data:image/jpg;base64,R0lGODlhEALMAAOazToeHh0tLS/7LZv/0jvb2 ...... etc.

When uploading an image to Imgur someone figured out how to append code to the end of the raw data to break out of the data url data and append some Javascript to it.

The Javascript pulled down images from 8chan among other things.

Comment Alternative Encrypted Cloud Storage Providers (Score 4, Informative) 128

I've been using for the past year. They've been sort of in beta but releasing features. 5GB free.

SpiderOak is decent but they recently dropped their free plan, so not sure what's going on there.

MEGA was great but said last week in Wired that the company is run by criminals

Tresorit is good but expensive. Maybe that's why they've been around so long.
Bitcasa pulled a Wuala last year and closed down their consumer cloud storage after a lawsuit. That's pretty much it. There's OwnCloud which is do it yourself. And BitTorrent Sync which is kind of do it yourself but they've been adjusting pricing so it's bait and switch as well.

Comment Re:Can confirm (Score 1) 289

Same here. For the past week or two I have been experiencing all sorts of glitches, stoppages and buffering through Netflix. My local ISP on demand service is fine though. Before last week everything was awesome!

Called my ISP about it - they said contact Netflix.

Maybe Netflix should add net neutrality to the House of Cards story arc to get the word out???

Comment death of a "brand" (Score 5, Insightful) 2219

Please consider the following branding points:
  • Why did you make the logo smaller but increase the overall height of the top navbar? (now you have more wasted space up there for what?)
  • Why did you change the "Slashdot Green" colour? We all like the current green (the new green appears washed out).
  • Why are the Icons no longer beside the story titles? (the icons have always been a big part of the Slashdot "brand" and help with readability.)
  • Why did you remove the "Slashdot Green" title bars on all the stories? The title bars are also a big part of the Slashdot "brand" and also help with readability by clearly dividing the stories and providing an easy to see visual cue that delineates the new stories and even the comment threads.
  • Why did you remove the tags and/or make them boring? The tags added some dry humour to the stories (eg. whatcouldpossiblygowrong) which while subtle, was also a part of the Slashdot experience. Little unique details make a difference. Now the tags seem to be gone or just generic boring categorizations.
  • Why are you cutting off the Summary on the Homepage View? (reading the full summary without having to click anything is imperative to ensuring the website is readable.)
  • Why did you remove the Slashdot Green Title Bars from the comment threads? (the green title bars create an easy to see delineation between the comments and are easy to see even when scrolling fast. (they are also part of that Slashdot Brand I was talking about)

  • Why is there so much more padding and spacing between everything? Why are the font sizes so much larger? Did your user base suddenly become senior citizens?

Over the past decade the Slashdot logo, the Slashdot green, the title bars and icons, unique details and config options have become part and parcel of the "Slashdot Brand". It's what makes Slashdot unique. By ignoring this you weaken your brand and your reader's loyalty. You are basically stripping away all that is Slashdot without adding anything useful or new!!!!

Submission Lavabit Case Unsealed: FBI Demands Companies Secretly Turn Over Crypto Keys->

jest3r writes: Lavabit won a victory in court and were able to get the secret court order unsealed. The ACLU's Chris Soghoian called it the nuclear option. The court order revealed the FBI demanded Lavabit turn over their root SSL certificate, something that would allow them to monitor the traffic of every user of the service.

Lavabit offered an alternative method to tap into the single user in question but the FBI wasn't interested.

Lavabit could either comply or shut down. As such no US company that relies on SSL encryption can be trusted with sensitive data. Everything from Google to Facebook to Skype to your bank account is only encrypted by SSL keys, and if the FBI can force Lavabit to hand over their SSL key or face shutdown they can do it to anyone.

Link to Original Source

Comment Re:Not a new exploit (Score 2) 50

All the hacker has to do is embed a link or image into an email and send that email to the Yahoo account of the victim. The victim then logs in and clicks the link or views the images. Assuming Yahoo doesn't filter out he embedded code the hackers gets the victim's cookies.

Simplified example:
Embedded image src in email:<script>alert(document.cookie)</script>

Obviously more complicated because you need to mask your embedded code to get through the filters but that is the basis of the XSS hack that has been hitting Yahoo all year ...

And because the sessions on the server never expire the hacker can gain access. I'm not sure how https would help in this scenario.

- Basically you need to pass a salted, hashed version of the session ID or random string (as a hidden form field) on all page views or form submissions and check that against both the session cookie and the hidden form field to make sure the cookie is coming from the original source (since there would be no way for the hacker to get that string as well). And invalidate the session if it doesn't match up. Also expire and delete the sessions after 6 hours of inactivity would help as well.

Comment Re:IANAL: DMCA and Trademark Infringement (Score 1) 232

If you own a Review Website ... time to move the hosting outside of the USA.

Why does the hosting provider have to get involved anyways? Isn't the content of the website the responsibility of the domain owner? Someone please explain why the hosting company would have shut the entire website down if they didn't remove the page?

Comment Re:Please fly over my house (Score 1) 158

If one of these things is flying over YOUR PROPERTY are you allowed to blast it out of the sky?

Or will doing so bring the wrath of the justice department upon you until you are either bankrupt, in jail, or worse.

It seems like surveillance state / police state is becoming a reality.

You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to...