Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Continue through it (Score 1) 8

I am tired of the shills and astroturfers - they're always very obvious, you just have to leave them to be moderated by others and moderate up other people or at least people who CALL THEM on it.

Unfortunately I wouldn't be surprised if they work together to acquire karma - one person shills, another calls that shill out and then uses his mod points later to get a firstish shill post with high score.

The key is to check the user ID and the history before modding ANYONE.

We can't just give up - I don't see the alternatives right now...

Comment Perfect Brownies (Score 4, Informative) 103

I agree with you.

Just thought I'd share my ultimate brownie recipe with you. Take a saucepan and start melting real butter (125g) and chocolate (185g) and melt on a low heat. Then add 50g flour, 40g Cocoa and 275g sugar. Stir into mixture and then add three eggs. Pour into a greased or papred tin and place in oven for about 25 minutes and they're delicious. They're not to dense or light and they are rich but not overpowering.

You can also mix in chocolate chunks or nuts to make it even nicer.


Submission + - Goldman Sachs' Sex-Trafficking Web Site 1

Hugh Pickens writes writes: "Nicholas Kristof writes in the NY Times that Goldman Sachs in one of the owners of America’s leading web site for prostitution ads and the biggest forum for sex trafficking of girls, some under age or forced into prostitution, holding a 16 percent stake in the company. “We had no influence over operations,” responded Goldman Sach spokeswoman Andrea Raphael when Kristoff began inquiring about its stake as Goldman began working frantically to unload its shares. Although there's no doubt that many escort ads on Backpage are placed by consenting adults, it’s equally clear that Backpage, with 70 percent of the market for prostitution ads, plays a major role in the trafficking of minors or women who are coerced into prostitution. "In one recent case in New York City," writes Kristof, "prosecutors say that a 15-year-old girl was drugged, tied up, raped and sold to johns through Backpage and other sites." In Washington State, the governor recently signed a bill into law that could expose Backpage to criminal sanctions if it advertises under-age girls for sex without verifying their ages and 19 US. senators have written the company asking it to stop abetting traffickers. "For more than six years Goldman has held a significant stake in a company notorious for ties to sex trafficking, and it sat on the company’s board for four of those years," writes Kristof. "After so many years of girls being trafficked on this site, it’s time to hold owners accountable.""

Comment HTTP Policies (Score 1) 273

This is why websites need to publish policy files a bit like ABE (Application Boundaries Enforcer). This would mean that a website would publish what resources that site can request and destinations that are not in that policy are not loaded. Unfortunately if they can intercept anything that you are served then the injector can just modify the policy file too. Perhaps signed policy file could solve this?

Does anyone know if SSL solves the problem? Can a malicious endpoint act as a proxy so the SSL connection is between the endpoint and the real site and then serve you a different SSL certificate with the adverts included. (Although I doubt they can make a certificate look like the legitimate website.) Alternatively they could just drop everything down to HTTP...

(Although the guy who wrote ABE/NoScript should be considered in caution because of what he did to NoScript users in the past. He deliberately removed NoScript blocks for his own website so he could raise money on his plugin update page that opens after updates.)

Comment Dear Slashdot Management (Score 5, Insightful) 410

Your website's profitability depends on the comments posted below. You depend on User Generated Content (UGC). This is where most users extract value from your site and the reason why people actually still visit Slashdot.

It's not the articles themselves, people only rarely read those.

If you allow your user base to be diluted by commercial interests, your profits will dwindle as less users come here to socialize and learn. That is why you need to keep the comments off limits for gaming by media and PR companies. If you post a Slashvertisement, not that I like them at least it is separate from the comment section so you're not pretending to be anything but a shill for another company. However, the comment section should represent real users and trolls -- not shills.

Comment Shill problem (Score 1) 410

You are right, this will be just as abused just like the current moderation system by shills.

I really would like a user preference that lets me block users greater than a certain UID. This is because there are very few genuine users over a certain ID.

Anyone with me? How do we slow down the shills?

Comment It doesn't (Score 5, Informative) 98

It doesn't have to. It contacts the C&C server where someone presumably decides whether to install further bots or more resident exploits.

The exploit seems to be more about stealth distribution and about dropping other malware. This makes sense because if a dropper is detected as malicious, it becomes useless due to its detection. (You can safely assume anything using a dropper is malicious)

This means that anti virus software should in theory only be able to detect the actual dropped malware. Any new malware could have had a field day with this exploit because both the dropper and malware would not have been detected.

From my understanding of the article it actually dropped the Lurk trojan but I get the feeling it could drop anything the C&C wants it to.

Slashdot Top Deals

Memory fault -- Oh dammit, I forget!