apoc.famine - Slashdot User

Submission + - Browser-in-the-Browser Attack new kind of MITM (arstechnica.com)

Submitted by apoc.famine on Monday March 21, 2022 @03:58PM

apoc.famine writes: Hundreds of thousands of sites use the OAuth protocol to let visitors login using their existing accounts with companies like Google, Facebook, or Apple. Instead of having to create an account on the new site, visitors can use an account that they already have—and the magic of OAuth does the rest.

The Browser-in-the-Browser (BitB) technique capitalizes on this scheme. Instead of opening a genuine second browser window that’s connected to the site facilitating the login or payment, BitB uses a series of HTML and cascading style sheets (CSS) tricks to convincingly spoof the second window. The URL that appears there can show a valid address, complete with a padlock and HTTPS prefix. The layout and behavior of the window appear identical to the real thing.

While the method is convincing, it has a few weaknesses that should give savvy visitors a foolproof way to detect that something is amiss. Genuine OAuth or payment windows are in fact separate browser instances that are distinct from the primary page. That means a user can resize them and move them anywhere on the monitor, including outside the primary window.

BitB windows, by contrast, aren’t a separate browser instance at all. Instead, they’re images rendered by custom HTML and CSS and contained in the primary window. That means the fake pages can’t be resized, fully maximized or dragged outside the primary window.

Submission + - FAA Considers Relaxing Licensing Requirements for Rockets (regulations.gov)

Submitted by apoc.famine on Monday August 19, 2019 @04:23PM

apoc.famine writes: In a proposed change to the licensing of spaceflight operations, the FAA writes:

"This action would fundamentally change how the FAA licenses launches and reentries...by proposing a regulatory approach that relies on performance-based regulations rather than prescriptive regulations.....This action would also enable flexible timeframes, remove unnecessary ground safety regulations, redefine when launch begins to allow specified pre-flight operations prior to license approval, and allow applicants to seek a license to launch from multiple sites. This proposal would significantly streamline and simplify licensing of launch and reentry operations, would enable novel operations, and would result in net cost savings."

The proposal is out for public comment at the link provided. Numerous companies engaged in spaceflight operations (ULA, Boeing, Blue Origin, Sierra Nevada, etc.) have requested clarifications about what this proposal means. Concerns about public safety are understandably being voiced as well.

Submission + - Is Statistical Significance Significant? (npr.org)

Submitted by apoc.famine on Wednesday March 20, 2019 @10:43PM

apoc.famine writes: In the early 20th century, the father of statistics, R.A. Fisher, developed a test of significance. It involves a variable called the p-value, that he intended to be a guide for judging results. Over the years, scientists have warped that idea beyond all recognition, creating an arbitrary threshold for the p-value, typically 0.05.

"The world is much more uncertain than that," says Nicole Lazar, a professor of statistics at the University of Georgia. She is involved in the latest push to ban the use of the term "statistical significance." An entire issue of the journal The American Statistician is devoted to this question, with 43 articles and a 17,500-word editorial that Lazar co-authored.

In a nutshell, what the statisticians are recommending is that we embrace uncertainty, quantify it, and discuss it, rather than set arbitrary measures for when studies are worth publishing. This way research which appears interesting but which doesn't hit that magical p == 0.05 can be published and discussed, and scientists won't feel pressured to p-hack.

Submission + - Playing Follow the Leader from Italy to China (npr.org)

Submitted by

apoc.famine

on Tuesday July 20, 2010 @06:19PM

apoc.famine writes: "Driverless technology from the University of Parma's VisLab was deployed in a real-world test on Tuesday. Two driverless chase vehicles will attempt to follow two lead vehicles across multiple continents, over the course of several months. The journey will cover over 8,000 miles, (~13,000 km) as the chase vehicles use lasers and cameras to attempt to navigate hazards along the way. The team expects to collect about 100 TB of data, which, as you can imagine, requires a pretty hefty electronics and battery load. The scale is such that the cars can only run for about three hours before needing 8 hours to recharge the batteries.

This is being billed as just a test, and far from a real world application. The vehicles don't go more than about 35mph, and need a person behind the wheel to take over at a moment's notice. "What we are trying to do is stress our systems and see if they can work in a real environment, with real weather, real traffic and crazy people who cross the road in front of you and a vehicle that cuts you off," said project leader Alberto Broggi.

The goal is not to produce just road vehicles, but to improve the technology so it can be used in military and agricultural roles as well. The team hopes to have helped mature the technology within the next 10-20 years to the point that it can be used on the road. At the moment, it looks like it has a long way to go."

Slashdot Top Deals