Light303 - Slashdot User

Comment Technical Background (Score 5, Insightful) 156

by Light303 on Thursday December 29, 2011 @09:59AM (#38525830) Attached to: Microsoft Issuing Unusual Out-of-Band Security Update

Just to make it clear - this affects a whole lot of systems and is based on a flaw in the design of hash-tables:

http://packetstormsecurity.org/files/108209/n.runs-SA-2011.004.txt

Basically you can pre-calculate a huge set of POST parameter names which will all be hashed to the same value. Since these are stored in a hash-map by most web-frameworks - this will lead to a o(n) lookup time instead of a o(1) lookup time, when testing the hash-map for a given parameter name.
This will max out your cpu quite quickly depending on how many lookups you perform per request.

Since the attack has "script kiddie" difficulty, this needs to be patched ASAP by all vendors ... or we will see a lot a downtime on many public servers.

Rumors of Higgs Boson Discovery At LHC 225

Posted by samzenpus on Sunday April 24, 2011 @08:51AM from the maybe-maybe-not dept.

Magnifico writes "LiveScience is reporting that scientists are abuzz over a controversial rumor that the 'God particle' has been detected by a particle-detection experiment at LHC at CERN. The Higgs boson rumor is based on what appears to be a leaked internal note from physicists at the Large Hadron Collider (LHC), a 17-mile-long particle accelerator near Geneva, Switzerland. It's not entirely clear at this point if the memo is authentic... The buzz started when an anonymous commenter recently posted an abstract of the note on Columbia University mathematician Peter Woit's blog, Not Even Wrong. This could be a flat-out hoax or a statistical anomaly or... confirmation of the particle that bestows mass on all the other particles."

Microwave Map of Entire Moon Revealed 82

Posted by samzenpus on Wednesday September 22, 2010 @02:31PM from the quickest-route-mode dept.

Zothecula writes "The first complete microwave image of the Moon taken by Chinese lunar satellite Chang'E-1 has been revealed. Chang'E-1 is China's first scientific mission to explore planetary bodies beyond Earth and the on-board Lunar Microwave Radiometer has made it possible for the first time to globally map the Moon in microwave frequencies. Radar observations of the Moon are unable to provide thermal information, and microwave observations taken from Earth cannot reach the far side of the moon. So Chang'E-1's (CE-1) orbit was conducted at an altitude of 200km (124 miles) and allowed it to observe every location of the moon with a nadir view and at high spatial resolution."

Comment html 5 is not ready yet (Score 1) 541

by Light303 on Saturday May 23, 2009 @12:16PM (#28067841) Attached to: HTML 5 As a Viable Alternative To Flash?

i wonder that nobody yet pointed to this webpage: http://ishtml5readyyet.com/ ...

in this way flash is a lot like google gears. We get the features of tomorrow delivered today (or even earlier considering the age of flash)... and in the case of flash on 97% of browsers with the small cost of being a plugin.

So all the flash bashing folks should think a second about the bad plugin management of todays browsers. maybe html 5 should also define a better way to handle browser and plugin interaction. this would make copy+paste/drag and drop from plugin to html content much easier.

Google To Monitor Surfing Habits For Ad-Serving 219

Posted by CmdrTaco on Wednesday March 11, 2009 @08:44AM from the do-you-see-what-i-see dept.

superglaze (ZDNet UK) writes "Google is gearing up to launch cookie-based 'interest-based' advertising, which involves monitoring the user's passage across various WebSense partner sites. The idea is to have better-targeted advertising, which is not a million miles away from what Phorm is trying to do — the difference, it seems at first glance, is that Google is being relatively up-front about its intentions."

RIAA, Stop Suing Tech Investors! 114

Posted by kdawson on Sunday March 01, 2009 @08:15AM from the stifling-innovation-in-the-crib dept.

The RIAA isn't just suing tens of thousands of music consumers; they've also begun filing lawsuits naming the directors of and investors in tech companies that they believe contribute to copyright infringement. NewYorkCountryLawyer writes: "ZDNet urges the big recording industries to stop suing tech investors, and cites the draft legislation that I posted, which would immunize from secondary copyright infringement liability any work done by a director in 'his or her capacity as a member of the board of directors or committee thereof,' and any conduct by an investor based solely upon his or her having 'invested in any such corporation, including any oversight, monitoring, or due diligence activities in connection therewith.'"

Do Video Games Cost Too Much? 763

Posted by Soulskill on Friday February 20, 2009 @06:02AM from the depends-how-the-pirate-bay-trial-goes-right dept.

Valve's Gabe Newell gave the keynote address at this year's Design, Innovate, Communicate, Entertain (DICE) Summit about the cost of games, the effect of piracy, and how to reach new players. Valve undertook an experiment recently to test how price affected the sales of their popular survival-horror FPS, Left 4 Dead. They Reduced the price by 50% on Steam, which "resulted in a 3000% increase in sales of the game, posting overall sales that beat the title's original launch performance." They also tested various other price drops over the holidays, seeing spikes in sales that corresponded well to the size of the discount. This will undoubtedly add to the speculation that game prices have risen too high for the current economic climate. G4TV ran a live blog of Newell's presentation, providing a few more details.

Security Researcher Kaminsky Pushes DNS Patching 57

Posted by samzenpus on Thursday February 19, 2009 @07:14PM from the protect-ya-neck dept.

BobB-nw writes "Dan Kaminsky, who for years was ambivalent about securing DNS, has become an ardent supporter of DNS Security Extensions. Speaking at the Black Hat DC 2009 conference Thursday, the prominent security researcher told the audience that the lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. 'DNS is pretty much our only way to scale systems across organizational boundaries, and because it is insecure it's infecting everything else that uses' DNS, the fundamental Internet protocol that provides an IP address for a given domain name, said Kaminsky, director of penetration testing at IOActive. 'The only group that has actually avoided DNS because it's insecure are security technologies, and therefore those technologies aren't scaling.'"

Half the Charges Against Pirate Bay Dropped 347

Posted by timothy on Tuesday February 17, 2009 @09:40AM from the duh-it's-not-a-pirate-submarine dept.

eldavojohn writes "Half the charges have been dropped in the second day of the trial against the Pirate Bay. The charges dropped are those relating to 'assisting copyright infringement,' so the remaining charges are simply 'assisting making available.' No information on how this affects the size of the lawsuit or a settlement."

UK University Making Universal Game Emulator 217

Posted by Soulskill on Thursday February 12, 2009 @06:28AM from the it's-good-to-have-ego-strength dept.

Techradar reports that researchers at the University of Portsmouth in England are working on a project to create a game emulator that will "recognise and play all types of videogames and computer files from the 1970s through to the present day." One of the major goals of the project is to preserve software from early in the computer age. David Anderson of the Humanities Computing Group said, "Early hardware, like games consoles and computers, are already found in museums. But if you can't show visitors what they did, by playing the software on them, it would be much the same as putting musical instruments on display but throwing away all the music. ... Games particularly tend not to be archived because they are seen as disposable, pulp cultural artefacts, but they represent a really important part of our recent cultural history. Games are one of the biggest media formats on the planet and we must preserve them for future generations."

Washington State Wants DNA From All Arrestees 570

Posted by CmdrTaco on Thursday February 05, 2009 @12:04PM from the i-feel-safer-already dept.

An anonymous reader writes in to say that "Suspects arrested in cases as minor as shoplifting would have to give a DNA sample before they are even charged with a crime if a controversial proposal is approved by the Legislature. "It is good technology. It solves crimes," claims Don Pierce, executive director of the Washington Association of Sheriffs and Police Chiefs. Under the bill, authorities would supposedly destroy samples and DNA profiles from people who weren't charged, were found not guilty or whose convictions were overturned. Others believe that this is just another step in the process to build a national DNA database with everyone in it."

Why Your Pop-Up Blocker Doesn't Work Anymore 653

Posted by CmdrTaco on Thursday February 05, 2009 @09:59AM from the hate-them-so-much dept.

An anonymous reader writes "If you've noticed that pop-up ad windows seem to have made an unwelcome return into your life, it's because they're not using the same easily blockable technology as before. The Adimpact system uses DHTML to annoy you, and there's no immediate prospect of a solution."

Smart Robot Capable of Hunting For Its Own "Food" 191

Posted by Soulskill on Thursday January 29, 2009 @09:31AM from the note-to-robots-i-am-not-food dept.

coondoggie writes "Ok, maybe this is getting a little too close to bringing Terminator-like robots to life. For starters, eco-friendly engine builder Cyclone Power this week inked a contract from Robotic Technologies, Inc. (RTI) to develop what it calls a beta biomass engine system that will be the heart of RTI's Energetically Autonomous Tactical Robot (EATR). The purpose of EATR is to develop and demonstrate an autonomous robotic platform able to perform long-range, long-endurance missions without the need for manual or conventional re-fueling — in other words it needs to 'eat.' According to researchers, the EATR system gets its energy by foraging, or what the firms describe as 'engaging in biologically-inspired, organism-like, energy-harvesting behavior which is the equivalent of eating. It can find, ingest, and extract energy from biomass in the environment as well as use conventional and alternative fuels (such as gasoline, heavy fuel, kerosene, diesel, propane, coal, cooking oil, and solar) when suitable.'" We can only hope they don't team up with the Multi-Robot Pursuit System project to "search for and detect a non-cooperative human."

Miscalculation Invalidates LHC Safety Assurances 684

Posted by timothy on Wednesday January 28, 2009 @06:07PM from the philosophy-of-science dept.

KentuckyFC writes "In a truly frightening study, physicists at the University of Oxford have identified a massive miscalculation that makes the LHC safety assurances more or less invalid (abstract). The focus of their work is not the safety of particle accelerators per se but the chances of any particular scientific argument being wrong. 'If the probability estimate given by an argument is dwarfed by the chance that the argument itself is flawed, then the estimate is suspect,' say the team. That has serious implications for the LHC, which some people worry could generate black holes that will swallow the planet. Nobody at CERN has put a figure on the chances of the LHC destroying the planet. One study simply said: 'there is no risk of any significance whatsoever from such black holes.' The danger is that this thinking could be entirely flawed, but what are the chances of this? The Oxford team say that roughly one in a thousand scientific papers have to be withdrawn because of errors but generously suppose that in particle physics, the rate is one in 10,000."

Plug-In Architecture On the Way For GCC 342

Posted by kdawson on Tuesday January 27, 2009 @05:53PM from the extending-it dept.

VonGuard writes "This year marks the 25th anniversary of the GNU Operating System. A major part of that system has always been the GNU Compiler Collection. This year, some of the earliest bits of GCC also turn 25, and yet some of the collection's most interesting years of growth may still be ahead. The GCC team announced today that the long-standing discussion over how to allow plug-ins to be written for GCC has been settled. The FSF and the GCC team have decided to apply the GPL to plug-ins. That means all that's left is to build a framework for plug-ins; no small task to be sure. But building this framework should make it easier for people to contribute to the GCC project, and some universities are already working on building windows into the compilation process, with the intent of releasing plug-ins."

Slashdot Top Deals