Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Chrome 25 to Support Unprefixed Content Security Policy->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel.

One of the many attack vectors that have made life easier for the bad guys in the last few years is cross-site scripting. This attack relies on specific vulnerabilities in Web applications that allow attackers to get their own malicious scripts onto a legitimate Web page. Browsers will then run those scripts as if they were part of the trusted Web page, enabling the attacker to plant malicious code on a victim's machine or steal sensitive data.

Content Security Policy is one mechanism for preventing these kinds of attacks by allowing users to define which content sources they trust. Chrome then will run scripts only from those trusted sources, creating a whitelist of known good content sources and ignoring content from all other sources."

Link to Original Source

Comment: Re:More details here (Score 2, Interesting) 217

by peeping_Thomist (#17512856) Attached to: Pegasus and Mercury Circling the Drain
From http://www.vandenbogaerde.net/pegasusmail/dh_upd1. html:

"I will probably never be able to describe just how horrible it has been to be me for the last three or four years, and I certainly will not insult you now by attempting to do so; suffice it to say that anything must be better than this dubious existence. [...] I will be shutting persephone down for an indeterminite period while I try to work out whether I have a future."

That sounds to me like the guy is borderline suicidal. It's sad.

If you think the system is working, ask someone who's waiting for a prompt.