Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Should AWS spin out of Amazon? (networkworld.com)

Brandon Butler writes: Last week when Amazon released financial figures for Amazon Web Services ($6 billion annual revenue run rate, $680 million in annual profit) and in doing so it proved its cloud division is big enough to be its own company. But would Amazon ever spin AWS out? Amazon.com lost $50 million in the first quarter of this year, and that's with AWS contributing a $165 million profit. It's doubtful Amazon would shed the AWS cash-cow any time soon, but some analysts are calling for it.

Submission + - How The U.S. Government Is Leaving Us Vulnerable To Cyberattacks (dailydot.com) 1

erier2003 writes: An MIT study argues that weak government investment is leaving the country vulnerable to a wide range of intrusions and exploits. The solution, according to the MIT team, is twofold: completely redesign the world's computers to eliminate inherent flaws and implement a stronger method of authentication.

Submission + - New Zero Day Disclosed in WordPress Core Engine

Trailrunner7 writes: WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.

Juoko Pynnonen of Klikki Oy reported a new and unpatched stored cross-site scripting vulnerability in the platform; a similar bug was patched this week by WordPress developers, but only 14 months after it was reported.

The vulnerability allows an attacker to inject JavaScript in the WordPress comment field; the comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed, Pynnonen said.

“An unauthenticated attacker can store JavaScript on WordPress pages and blog posts. If triggered by an administrator, this leads to server-side code execution under default settings,” Pynnonen said. “A usable comment form is required. It looks like the script is not executed in the admin Dashboard, but only when viewing the post/page where the comment was entered. If comment moderation is enabled (the default setting) then the comment won’t appear on the page until it has been approved by an admin/moderator. Under default settings, after one ‘harmless’ comment is approved, the attacker is free from subsequent moderation and can inject the exploit to several pages and blog posts.”

Submission + - A Short Synopsis On Ebola Virus Outbreak (inscolacademy.com)

Inscol writes: Ebola virus is contagious and spreads through close contact with contaminated animals including fruit bats and Chimpanzees. This virus spreads in humans via direct contact with infected bodily fluids, blood or organs. Follow the source link to know more about Ebola Virus Disease.

Submission + - Culberson charges NASA with the 'development of the first interstellar rocket' (examiner.com)

MarkWhittington writes: Rep. John Culberson, R-Texas, the chair of the House Appropriations subcommittee that determines NASA funding, has been the driving force behind a mission to Jupiter’s moon Europa. However, according to a story in Space Policy Online, the congressman has an even greater challenge for the space agency. During a hearing on the FY 2016 NASA budget request, Culberson charged NASA Administrator Charles Bolden to further “the development of the first interstellar rocket propulsion system that would carry us to Alpha Centauri and beyond.” Culberson is very keen to start the exploration of exoplanets that have been discovered by the Kepler Space Telescope. Considering NASA's experiments in warp drive and the em drive, there may be some method to the congressman's madness.

Submission + - Researcher Finds Tor Exit Node Adding Malware to Downloads

Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.

Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many users know that if they’re downloading files from some random torrent site in Syria or The Marshall Islands, they are rolling the dice. Malware runs rampant on these kinds of sites.

But the scenario that worries security experts much more involves an attacker being able to control the download mechanism for security updates, say for Windows or OS X. If an attacker can insert malware into this channel, he could cause serious damage to a broad population of users, as those update channels are trusted implicitly by the users’ and their machines. Legitimate software vendors typically will sign their binaries and modified ones will cause verification errors. What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code.

In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators.

“SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted,” he said via email.

Submission + - Tetris - how fast can you get 100% code coverage? (rapitasystems.com)

An anonymous reader writes: We were somewhat surprised and shocked to discover that Tetris turned 30 this year. As our own celebration of this classic game, we've added our own twist to it: you can now measure the structural code coverage as you play. There is a download link to this at the bottom of this blog post.

We've built a subset of RapiCover into a Tetris executable. This displays four different types of code coverage metrics, which are updated as you play:

Function coverage. Has each function in the program been called?
Statement coverage. Has each statement in the program been executed?
Decision coverage. Has each branch of each decision been executed?
Modified condition/decision coverage (MC/DC). Each condition should affect the decision outcome independently (An introduction to modified condition/decision coverage). This type of coverage is typically required for the most critical safety software (see for example DO-178B, DO-178C or ISO 26262 standards/guidelines for aerospace and automotive).

Submission + - Google Search Finally Adds Information About Video Games

An anonymous reader writes: Google has expanded its search engine with the capability to recognize video games. If your query references a game, a new Knowledge Graph panel on the right-hand side of Google’s search results page will offer more information, including the series it belongs to, initial release date, supported platforms, developers, publishers, designers, and even review scores. Google spokesperson: “With today’s update, you can ask questions about video games, and (while there will be ones we don’t cover) you’ll get answers for console and PC games as well as the most popular mobile apps.”

The trouble with being poor is that it takes up all your time.