How to Crack a Website - XSS, Cookies, Sessions 167

Posted by CmdrTaco from the waste-your-time dept.
twistedmoney45 writes "Informit.com provides an insiders look at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to "shell" access, an admin account, and more. XSS attacks are often discussed in theory — this walk through illustrates just how dangerous these types of attacks can be in reality."

RIAA Wants to Depose Dead Defendant's Children 560

Posted by CmdrTaco from the stuff-you-can't-believe dept.
Exchange writes "In Michigan, in Warner Bros. v. Scantlebury, after learning that the defendant had passed away, the RIAA made a motion to stay the case for 60 days in order to allow the family time to "grieve", after which time they want to start taking depositions of the late Mr. Scantlebury's children. Recording Industry vs The People have more details"

Beyond DirectX 10 - A glance at DirectX 10.1 236

Posted by CmdrTaco from the one-percent-more dept.
Hanners1979 writes "Although we still appear to be some way away from the release of Windows Vista, and with it DirectX 10, specifications for the first point release of the 3D graphics API, DirectX 10.1, have already been finalised and largely made public. Elite Bastards looks at what's new and what will be changing in this release, set to become available not all that long after DirectX 10 — There's more to it than you might imagine."

Compress Wikipedia and Win AI Prize 324

Posted by CmdrTaco from the what-does-this-mean dept.
Baldrson writes "If you think you can compress a 100M sample of Wikipedia better than paq8f, then you might want to try winning win some of a (at present) 50,000 Euro purse. Marcus Hutter has announced the Hutter Prize for Lossless Compression of Human Knowledge the intent of which is to incentivize the advancement of AI through the exploitation of Hutter's theory of optimal universal artificial intelligence. The basic theory, for which Hutter provides a proof, is that after any set of observations the optimal move by an AI is find the smallest program that predicts those observations and then assume its environment is controlled by that program. Think of it as Ockham's Razor on steroids. Matt Mahoney provides a writeup of the rationale for the prize including a description of the equivalence of compression and general intelligence."

Botnet Herders Attack MS06-040 Worm Hole 112

Posted by CmdrTaco from the worming-your-way-through-the-net dept.
Laljeetji writes "eweek reports that the first wave of malicious attacks against the MS06-040 vulnerability is underway, using malware that hijacks unpatched Windows machines for use in IRC-controlled botnets. The attacks, which started late Aug. 12, use a variant of a backdoor Trojan that installs itself on a system, modifies security settings, connects to a remote IRC (Internet Relay Chat) server and starts listening for commands from a remote hacker. On the MSRC blog, Microsoft is calling it a very small, targeted attack that does not (yet?) have an auto-spreading mechanism. LURHQ has a detailed analysis of the backdoor."

OpenOffice.org Security 'Insufficient' 184

Posted by CmdrTaco from the taunting-crowds dept.
InfoWorldMike writes "IDG News Service's Robert McMillan reports that researchers at French Ministry of Defense say vulnerabilities with open source office suite OpenOffice.org may rival those of Microsoft's version. With Microsoft's Office suite now being targeted by hackers, researchers at the French Ministry of Defense say users of the OpenOffice.org software may be at even greater risk from computer viruses. "The general security of OpenOffice is insufficient," the researchers wrote in a paper entitled In-depth analysis of the viral threats with OpenOffice.org documents. "This suite is up to now still vulnerable to many potential malware attacks," they wrote. The OpenOffice.org team has already fixed a software bug discovered by the researchers, and the two groups are in discussions about how to improve the overall security of the software. "The one real flaw in the programming logic has been fixed," said Louis Suarez-Potts, an OpenOffice.org community manager. "The others are theoretical.""

Dangerous Apple Power Adapters? 240

Posted by CmdrTaco from the well-thats-just-no-good dept.
An anonymous reader writes "Even with all these exploding Dell notebooks and other notebook safety problems, Apple has seemed relatively immune. Every once in a while, some odd thing came along, but it seemed like relatively calm waters. Not anymore — Apple's notebook power adapters appear to be the source of some serious safety concerns. Every iBook and PowerBook user should read this and keep a close eye on their adapter — the adapters suffer from very poor design including wires that seem prone to short out and burn and zero short circuit protection."

GUIs From 1984 to the Present 263

Posted by CmdrTaco from the gooey-all-over-the-place dept.
alewar writes "This nice gallery shows the evolution in the appearance of Mac OS, Microsoft Windows and KDE through the years, from the first version to the last available. Not technical, but still interesting to recall some memories from the good old days."

DIY Random Number Generator 227

Posted by CmdrTaco from the now-wait-a-minute dept.
Compu486 writes "The guys over at Inventgeek have come up with a project and how artical on building a random number generator that is less than 100.00 utilizing radioactive decay. Using some Linux based open source apps and with a little ingenuity and some parts you probably have laying around your house you can build your own."

OLGA Shut Down by DMCA (again!) 449

Posted by CmdrTaco from the but-how-will-i-know-when-to-change-chords dept.
Gavitron writes "The online Guitar Tablature Archive OLGA.net has been shutdown again, to "ensure that composers and songwriters will continue to have incentive to create new music for generations to come." Scant details exist, but there is more information in forums and blogs."

Hardware Virtualization Slower Than Software? 197

Posted by Hemos from the the-jury-is-still-out dept.
Jim Buzbee writes "Those you keeping up with the latest virtualization techniques being offered by both Intel and AMD will be interested in a new white paper by VMWare that comes to the surprising conclusion that hardware-assisted x86 virtualization oftentimes fails to outperform software-assisted virtualization. My reading of the paper says that this counterintuitive result is often due to the fact that hardware-assisted virtualization relies on expensive traps to catch privileged instructions while software-assisted virtualization uses inexpensive software substitutions. One example given is compilation of a Linux kernel under a virtualized Linux OS. Native wall-clock time: 265 seconds. Software-assisted virtualization: 393 seconds. Hardware-assisted virtualization: 484 seconds. Ouch. It sounds to me like a hybrid approach may be the best answer to the virtualization problem. "

Perseid Meteor Shower To Peak This Weekend 118

Posted by Hemos from the go-out-and-watch-the-sights dept.
Krishna Dagli writes "This weekend provides one of the year's best opportunities to see some "shooting stars". The annual Perseid meteor display is expected to peak on Friday and Saturday night. Meteors are bits of dust or rock that plunge into the Earth's atmosphere and burn up, making bright streaks in the sky. It does not take a large object to produce a visible meteor — most are the size of a grain of sand or a small pebble."

Slashdot Top Deals