Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Malvertising Campaign Infected Thousands of Users per Day for More than a Year (softpedia.com)

An anonymous reader writes: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaign ever discovered, with signs that this might have actually be happening since 2013.

Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month.

The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, ArsTechnica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.

Comment Re:dark patterns huh? (Score 1) 120

Is it any wonder that UX designers are getting a horrible reputation among some segments of the tech-savvy crowd?

The main reason for this is that people who self-describe as UX experts, as opposed to HCI experts, tend to be the ones that favour form over function and ignore the last 40 or so years of research into how to design useable interfaces. Most of them wouldn't know Fitts' Law if it dragged them to the corner of the screen and made them infinitely long.

Comment Re:How do you regression test that stuff? (Score 1) 307

There isn't much testing of the C bindings. They're also in the process of being deprecated in favour of machine-generated ones that are less API stable and have no ABI stability guarantees (precisely because most people don't actually use them from C, they use them from some other language with C bindings). For everything else, there's a bit regression test suite that works by feeding some code (source code when testing clang, IR or assembly when testing bits of LLVM) into one of the tools and then checking that the output matches. Bugs still slip in quite easily, unfortunately. The second tier of tests involves compiling and running a bunch of benchmarks and similar sample code and checking that they haven't got slower (by a statistically significant margin) and that they still produce the right answers. There's a network of buildbots that runs on a variety of operating systems and architectures that first builds and runs the regression test suite on every commit and then (less frequently) runs the executable tests. These catch most regressions, but not all - the rest are caught by users testing betas and filing bug reports.

There's been a lot of research work on improving this. The LLVM Miscompilation Detector, for example, had a semantic model of LLVM IR and would feed real and randomly-generated IR through the optimisation pipeline and then use a theorem prover to attempt to prove that the semantics of the before and after versions were the same. This could then be combined with the LLVM bugpoint tool to find the optimisation pass that performed an invalid transform.

Comment Re:As a C programmer (Score 1) 307

It's a tradeoff. Blowing away the i-cache is a good way of killing performance, but so is having a load of function calls that do almost no work. If you had to do a virtual method call for comparing two unsigned integers and a different virtual function call for comparing two signed integers when inserting them into a set then you'd have a lot more overhead. In a typical std::set implementation, the compare operations are inlined and so the costs are very low.

The real problem with C++ is that the programmer has to make the decision about whether to use static or dynamic dispatch up front and the syntax for both is very different, so you can't trivially switch between them when it makes sense to do so.

Comment Analysis of the study (Score 1) 302

One, they must have been using ancient devices. They are talking about variable voltage settings on the devices. Modern ecigs are set in terms of wattage (they measure resistance and compute the voltage setting). It would be more helpful if they would report on coil temperature directly since that appears to be the actual significant factor. The voltage tells us practically nothing about the actual temperature (that would vary GREATLY based on the coil).

Since most good e-cigs (read, not the ones produced by the tobacco companies or advertised on TV) have temperature control, knowing the temperatures involved would obviously be useful.

Note that while 'cloud chasers' inhale for 5 seconds, others are closer to 3 or less. I observed myself today and found I inhale for about 3 seconds for the first puff (and sometimes the second) after letting it sit for a while and then take a few additional puffs of a bit less than a second each. Sometimes the followup puffs don't reach my lungs at all.

Next, they show that the worst case was 1/4th the level of a cigarette. That certainly sounds safer to me. Nobody I know of has claimed e-cigs to be perfectly safe, just significantly safer than smoking. It is known that many far more potent carcinogens in cigarette smoke are absent from e-cigs.

It would be useful to know the levels emitted by other common activities likely to involve decomposition, such as cooking or exposure to auto exhaust.

Comment Re:Rules for thee, not for me (Score 5, Informative) 211

It's statutory damages as set by law. It's tripled because Getty is a repeat offender. Unlike the many cases of *AA vs. Grandma where the same statutory damages were applied, Getty is exactly the sort of defendant the lawmakers had in mind when they wrote the law and the evidence is much more clear.

If the courts do not award the full amount, they will demonstrate once and for all that natural people are second class citizens.

Slashdot Top Deals

"Show business is just like high school, except you get paid." - Martin Mull

Working...