Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - Amazon drivers forced to deliver 200 parcels a day with no time for toilet break (mirror.co.uk)

Submitted by schwit1
schwit1 writes: I hopped in a white van to spend a day with one driver and experience first-hand the intolerable pressures they face from “impossible” schedules.

Many routinely exceed the legal maximum shift of 11 hours and finish their days dead on their feet.

Yet they have so little time for food or toilet stops they snatch hurried meals on the run and urinate into plastic bottles they keep in their vans.

Many claim they are employed in a way that means they have no rights to holiday or sickness pay.

And some say they take home as little as £160 for a five-day week amid conditions described by one lawyer as “almost Dickensian”.

Submission + - Secure Apps Exposed to Hacking via Flaws in Underlying Programming Languages (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks. The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi. The expert says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that lead to OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Submission + - Updated Debian Linux 9.3 and 8.10 released

Submitted by Anonymous Coward
An anonymous reader writes: The Debian project is pleased to announce the third update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. The Debian project also announce the tenth update of its oldstable distribution Debian 8 (codename jessie).

Please note that the point release does not constitute a new version of Debian 9 or 8 but only updates some of the packages included. There is no need to throw away old jessie or stretch DVD/CD media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. This stable update adds a few important corrections to packages. New installation images will be available soon at the mirrors.

Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. One can use the apt command or apt-get command to apply updates. A step-by-step update guide is posted here.

Submission + - Chrome 63 Offers Even More Protection From Malicious Sites, Using More Memory (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: To further increase its enterprise appeal, Chrome 63—which hit the browser's stable release channel yesterday—includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

Submission + - The US Is Testing a Microwave Weapon To Stop North Korea's Missiles (vox.com)

Submitted by Anonymous Coward
An anonymous reader writes: According to an NBC News report, the weapon — which is still under development — could be put on a cruise missile and shot at an enemy country from a B-52 bomber. It’s designed to use microwaves to target enemy military facilities and destroy electronic systems, like computers, that control their missiles. The weapon itself wouldn’t damage the buildings or cause casualties. Air Force developers have been working with Boeing on the system since 2009. They’re hoping to receive up to $200 million for more prototyping and testing in the latest defense bill. There’s just one problem. It’s not clear that the weapon is entirely ready for use — and it’s not clear that it would be any more effective than the powerful weapons the U.S. already possesses. The weapon, which has the gloriously military-style name of Counter-electronics High Power Microwave Advanced Missile Project, or CHAMP, isn’t quite ready for action, but it could be soon. Two unnamed Air Force officials told NBC that the weapon could be ready for use in just a few days.

Submission + - What It Looks Like When You Fry Your Eye In An Eclipse (npr.org)

Submitted by Anonymous Coward
An anonymous reader writes: Doctors in New York say a woman in her 20s came in three days after looking at the Aug. 21 eclipse without protective glasses. She had peeked several times, for about six seconds, when the sun was only partially covered by the moon. Four hours later, she started experiencing blurred and distorted vision and saw a central black spot in her left eye. The doctors studied her eyes with several different imaging technologies, described in the journal JAMA Ophthalmology, and were able to observe the damage at the cellular level.

"We were very surprised at how precisely concordant the imaged damage was with the crescent shape of the eclipse itself," noted Dr. Avnish Deobhakta, an assistant professor of ophthalmology at the New York Eye and Ear Infirmary of Mount Sinai Icahn School of Medicine, in an email to NPR. He says this was the most severely injured patient they saw after the eclipse. All in all, 22 people came to their urgent care clinic with concerns about possible eclipse-related damage, and most of them complained of blurred vision. Of those, only three showed some degree of abnormality in the retina. Two of them had only mild changes, however, and their symptoms have gone away. The young woman described in this case report, at last check, still has not recovered normal vision.

Slashdot Top Deals

Neutrinos have bad breadth.

Close