Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Scorpions may have lessons to teach aircraft designers (economist.com)

elloGov writes: ""THE north African desert scorpion, Androctonus australis, is a hardy creature. Most animals that live in deserts dig burrows to protect themselves from the sand-laden wind. Not Androctonus. It usually toughs things out at the surface. Yet when the sand whips by at speeds that would strip paint away from steel, the scorpion is able to scurry off without apparent damage."
Dr Han Zhiwu of Jilin University and colleagues have found that surface irregularity in aircraft design could substantially minimize atmospheric dust damage that aircrafts endure. What implications if at all significant would such design have on drag and lift?"


Submission + - Fake Google Analytics Code Redirecting Victims to Black Hole Exploit Kit (threatpost.com)

Trailrunner7 writes: Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique has seen attackers employing code that is meant to look like Google Analytics snippets, but instead sends victims off to a remote site that's hosting the Black Hole Exploit Kit. Not the desired result.

Researchers at Websense discovered the ongoing attack recently, and found that the code being used to hide the fake Google Analytics tags is heavily obfuscated, making analysis quite difficult. The malicious code, which is being injected into benign pages on legitimate sites, is designed to look just like actual Google Analytics code and to appear as though it's referring to common domains. But there are some tell-tale signs that this isn't the case.

Social Networks

Submission + - xBook response to social hacking on Facebook

Keanu writes: Another controversy has emerged on Facebook with third party advertisers using users' photos for generating customized advertisements. Facebook has refuted this as "rumors" in their recent blog posting and claimed that "the advertisements that started these rumors were not from Facebook but placed within applications by third parties." This has created a huge buzz among the concerned Facebook users with thousands sharing their opinions on the blog. It can be also be observed that the understanding of Facebook users regarding the security mechanisms behind Facebook — or how their private data is handled — is limited. While Facebook might not be responsible for passing the photos directly to the advertisers, there is an inherent weakness in the Facebook design that allows third-party applications to leak users' data to outside parties (such as advertisers). These applications are only bound with an agreement with Facebook and Facebook has no way to police that the agreement is being followed. Since Facebook allows anyone to develop an application for its platform, this has lead to a frequent violation of the agreement by the third-party applications.

In a recently published work at USENIX Security conference, researchers at GerogiaTech and Google (with contributions from IBM Research) have proposed the design of xBook, a novel framework for building privacy-preserving social networking platforms in view of these third-party applications. They use information flow techniques to control what untrusted applications can do with the information they receive, thereby preventing any data leaks to outside parties such as the advertisers in the aforementioned case. They have also developed a prototype implementation of their system. The paper is available here. Here is the abstract from the paper:

"Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being asked to trust each third-party application they use in a similar manner. This has left the users' private information vulnerable to accidental or malicious leaks by these applications. In this work, we present a novel framework for building privacy-preserving social networking applications that retains the functionality offered by the current social networks. We use information flow models to control what untrusted applications can do with the information they receive. We show the viability of our design by means of a platform prototype. The usability of the platform is further evaluated by developing sample applications using the platform APIs. We also discuss both security and non-security challenges in designing and implementing such a framework."

Submission + - Dead Stars Tell Story of Planet Birth (spacefellowship.com)

RobGoldsmith writes: "Observations made with NASA's Spitzer Space Telescope reveal six dead "white dwarf" stars littered with the remains of shredded asteroids. This might sound pretty bleak, but it turns out the chewed-up asteroids are teaching astronomers about the building materials of planets around other stars. So far, the results suggest that the same materials that make up Earth and our solar system's other rocky bodies could be common in the universe. If the materials are common, then rocky planets could be, too. Read more about this discovery!"

Submission + - Computer game helps autistic kids (computerworld.co.nz)

Rob O'Neill writes: "A computer game aiming to help autistic children is being developed by a New Zealand start-up. The Flash game, called Click the Clam, will be available as a download from January. The game aims to train children on the autistic spectrum identify emotions from different facial features, says Fraser Hurrell, who started the company together with Yvette Ahmad, a clinical psychologist and co-director of The Starfish Clinic in Whangarei and Auckland."

Charity Refuses Donation Because of D&D Connection Screenshot-sm 216

An anonymous reader writes "This year's GenCon Charity Auction raised over $17,000 which they intended to donate to Gary Gygax's favorite charity, Christian Children's Fund. However, the charity refused the donation when they learned of its connection to Dungeons & Dragons." It seems to me all they would need to do is cast remove curse or dispel evil and the money would be fine to use.

Discuss the US Presidential Election & Education 1515

In 24 hours, many of you will be able to vote. So as we come down to the wire, this is really our last chance to talk about the issues. We've already discussed Health Care, the War, and the Economy. Today I'm opening up the floor to discuss education. Perhaps no other issue will matter more in 50 years. Which candidate will make the next generation smarter?

6 Languages You Wish the Boss Let You Use 264

Esther Schindler writes "Several weeks ago, Lynn Greiner's article on the state of the scripting universe was slashdotted. Several people raised their eyebrows at the (to them) obvious omissions, since the article only covered PHP, Perl, Python, Ruby, Tcl and JavaScript. As I wrote at the time, Lynn chose those languages because hers was a follow-up to an article from three years back. However, it was a fair point. While CIO has covered several in depth, those five dynamic languages are not the only ones developers use. In 6 Scripting Languages Your Developers Wish You'd Let Them Use, CIO looks at several (including Groovy, Scala, Lua, F#, Clojure and Boo) which deserve more attention for business software development, even if your shop is dedicated to Java or .NET. Each language gets a formal definition and then a quote or two from a developer who explains why it inspires passion."

Submission + - Karl Rove's Deceptive McCain Debate Strategy (thejunction.net)

mrinternet writes: "If there ever was a topic McCain was suppose to command in the Presidential debates was Foreign Policy and McCain could not close the deal in the first debate with Barack Obama . This was McCain's best shot at scoring significant points with Independent voters with his huge advantage of 26 years in Congress (21 of those years in the Senate), but..."

Submission + - Mastered By Muppets: Guitar Hero saved Metallica (cnet.co.uk)

An anonymous reader writes: Content with having destroyed Napster, Metallica have now turned their destructive tendencies on their own music. The battle of loudness and compression in digital music reached its climax when Metallica released Death Magnetic this month — an album crippled by distortion and insane volume. Fans are rebelling, petitioning for a remaster, and even more angry still that the version released for Guitar Hero suffers no loudness at all, as discussed by CNet, Wired and others. Will the loudness war ever stop? Or is music doomed to be destroyed by volume?
The Internet

Submission + - Internationalizing Domains a Double-Edged Sword (circleid.com)

netzer writes: ICANN is under constant pressure from non-English speaking countries to implement internationalized domain names (IDN) and ensuring that URLs, including top-level domains, are available in other languages and non-ASCII characters. However there is a flip side to this decade-long effort: In a column on CircleID, Alexa Raad, CEO of Public Internet Registry (organization managing .ORG top-level domain) says: 'the very same governments that are often cited for repressive controls, are the very same ones who are demanding their very own internationalized Top-Level Domain (TLD), and very soon.' It's quite likely that while IDN, in theory, is expanding the Internet and fulfilling national prides, it might in fact be used as a tool for the fragmentation and suppression of the Internet.

Submission + - Climate: Random Guy vs World's Greatest Minds (magheap.com)

Sportsqs writes: "In May of 2006, I had the chance to attend the China-US Climate Change Forum hosted by the University of California at Berkeley. To an eco-geek, the list of speakers was star-studded with Nobel laureates, professors from top universities, famous innovators, and leaders from the business communities in China and the United States. The conference opened with the premier of Al Gore's An Inconvenient Truth, just before it hit theaters. Before a university worker's strike altered plans, Al Gore himself was slated to join the stage. But it was a random guy in the audience who stole the show with a single insightful comment in the closing moments."
Social Networks

Submission + - StupidFilter Can Find Message Board Idiots (appscout.com)

DigitalDame2 writes: "The StupidFilter is an open-source, automated, Bayesian filter approach to determining which online message board comments are stupid. No joke! StupidFilter doesn't filter by content; rather, it looks for the prose style most frequently used by stupid people: text messaging abbreviations or leetspeak and excessive or missed punctuation. YouTube has probably the stupidest commenters on the Web, so AppScout passed a bunch of YouTube comments full of homophobic slurs through the filter, and it flagged the stupid-ometer."
The Military

Submission + - Guantanamo: Interrogation Techniques Made in China

copponex writes: In an ultimate irony, it has been revealed that interrogation techniques used inside Guantanamo are based from experience in the Korean War, modeling Chinese torture methods. The only change from the chart created in 1957, copied verbatim and used at the prison, is the title, which used to be "Communist Coercive Methods for Eliciting Individual Compliance." Even more shocking is the fact that they were designed to illicit false information.
The Internet

Submission + - What defines a web-based application

IceCat12 writes: I'd like to pose a question on what the definition of a "web based application" should be. Many, many companies are promoting hosted applications on the internet, but many require software to be installed on the desktop. I am getting distraught by the many different things that need to be installed (activeX, Java, flash, $ilverlight, client side applications, etc) in order to support many of these hosted applications. Rightly so there are requirements for certain hosted systems that need client side apps (online backup etc) but some requirements are just plain silly. The silliest of which was a web-based SVG mapping site that gave specific instructions on how to turn off Firefox's SVG viewer to use the Adobe SVG viewer. Some systems I think get it right (Google, Salesforce) but recently i have come across many different "web based" systems that require ActiveX components to be installed. This just does not work well with Mac, Linux, other non-M$ platforms or corporate, restricted PCs. Why do i need an ActiveX component just to do my online payroll? Should it really be required to install anything but Java and a standards compliant browser (not IE... yet) for a web based system to run? What do we need to do to convince companies to develop web-based systems that are not Micro$oft centered that will run on other platforms the way the web intended?

Slashdot Top Deals

Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig