Comment Re:Is it just me? (Score 1) 350
A UAV based MMOG? Priceless.
Someone get this man the start up capital and a lifetime supply of mountain dew and hot pockets. This is happening.
Comment Re:Air Canada? (Score 5, Funny) 307
Beavers aside, I don't actually see what the problem is. What if the situation were reversed? Way, way worse.
You mean if Venus mistook the pilot for another planet?
Comment Re:Sounds like a vulnerability in a Microsoft prod (Score 2) 187
Really? Aren't we just getting a little paranoid? Why not take it one step further and suggest to sandbox every application inside the VM OS?
Great idea! Is someone working on that?
Comment Re:Blackhole (Score 5, Informative) 49
Symantec says that Blackhole affects "various Windows platforms". Does Cryptome run on Windows?
Whether or not cryptome runs in windows is not for me to say, however I do believe that cryptome was compromised and made to distribute the blackhole exploit. The following is found on TFA:
Although I'm not a full fledged security researcher, I could shed some light on the script that you found on your server. The basic program flow goes like this when a client loads the script (in your case every time anyone visits one of your pages):
- the client IP address is compared against a list (net_match(...)) and if it falls within the range of the list it is in scope
- the client OS is determined and if it is a windows machine, it is in scope
- the client browser is determined and if it is a internet explorer (6.0 until 8.0) it is in scope
- if the client is in scope (i.e. all three of the previous are true), a file is created on your webserver (empty text file), the filename is the IP address of the client (probably for later retrieval)
- an iFrame is loaded in the browser of the client that will be impossible to see (width and height of 1 pixel) and that iframe points to the webpage of 'http://65.75.137.243/Home/index.php'
After step 5 probably the browser is under attack and it will probably be a successful attack since the attackers knows the client to be a windows machine running an internet explorer browser, my guess would be that the client is now infected and part of a botnet to be used in other attacks. The IP address of the attacker is a webserver for the domain http://absolutely-free-meeting.com/ I'm not sure they have anything to do with this attack, probably they are a comprimised server like your webserver was compromised. The WHOIS information for this domain is registered by godady and I include their data and the registrants data below, it would be best to contact both so that they can clean up their server also. Conclusion:
- your webserver was compromised and a file was uploaded (the attacking script)
- the attacker was only interested in certain IP address (probably only a certain location)
- the clients that are infected are infected from another web server (no idea why since that attack script could have been put on your webserver also)
PS: I tried to format that as best I could but slashdot was having none of it
Comment Re:except google (Score 1) 321
It has been awhile since I used Adsense but I believe Google's Terms of Use specify a set number of Adsense ads per page and the number cannot be exceeded without breaking said terms. Perhaps they no longer do that though.
Comment Re:Inevitable. (Score 1) 511
True enough. There are many advanced features you find in NoScript but not NotScripts, and I can see how one would miss them. But if all you're looking for is to block flash and ad network/tracking scripts, it gets the job done.
It mostly gets the job done. The inline javascript is huge. On the developers own site he admits he cannot currently block inline javascript. Which means a simple <script>while(1){alert('trolololol')}</script> would defeat it. I know Chrome detects this and will not allow an infinite number of alerts but my point is inline scripting is used a lot and NotScripts cannot protect against that.
Comment Re:Inevitable. (Score 1) 511
See my post above, I've used NoScript, I use NotScripts on Chrome now, and I don't miss any functionality.
While an average user might not miss any functionality with NotScripts the overwhelming truth is that there are limitations to what NotScripts can do with the limited Chrome API. Let me list some features I use daily:
- Clickjacking protection
- inline script blocking
- Script Surrogates
- XSS Filtering
- Application Boundary Enforcement
- HTTPS Enforcement
- Secure Cookie Enforcement
I could go on but lets discuss ABE for a moment. Singularly the most awesome part of NoScript. Lets say you allow Facebook.com scripts to run since you have a facebook account. Now lets say you allow slashdot.org scripts to run because you are a masochist. Facebook inclusions will run on slashdot.org because you trust both facebook and slashdot. But not with ABE:
# Facebook XSS
Site
Accept from
Deny INCLUSION
I could still go on but you get the point right?
Comment Re:Inevitable. (Score 4, Insightful) 511
AdBlock Plus runs on Chrome. It's in Google's Chrome Web Store.
Get back to me when they have a fully functioning NoScript.
Comment Strange Coincidence (Score 4, Interesting) 126
A strange coincidence that I happen to be reading Rainbows End right now.
Comment Jolly Good Idea (Score 1) 167
I'm sure cryptologist's agree! What could possibly go wrong?!
Comment Re:This is completely unnecessary. (Score 4, Funny) 234
Fabrice Ballard already wrote an x86 emulator in javascript. Just install the standard x86 JVM inside of that and you're good to go.
Yes, that's why this is completely unnecessary.
Comment Re:Would this really work? (Score 1) 83
I'd be interested in the further development of this storyline.
Comment Re:Would this really work? (Score 1) 83
I've always wondered why Alice and Bob are so secretive.
Comment Unlucky or Unliked (Score 1) 1
Interestingly, at least to me, is that this is not the first time Danah Boyd has experienced this. The blog post where she details the event also says she hosts her own blog and email service ever since Yahoo! mistook her for a terrorist in 2001.
Submission + - Who Owns Your Social Identity? (ieee.org) 1
wjousts writes: Who actually owns your username on a website? What rights do you have to use it? What happens if they decide to take it away? IEEE Spectrum reports:
What happens if Facebook or Twitter or, say, your blog hosting service, makes you take a different user name? Sound impossible? It’s happened. Last week, a software researcher named Danah Boyd woke up to find her entire blog had disappeared, and in fact, had been renamed, because her hosting service had given her blog’s name to someone else.
And as important as they are, what protects our accounts are the terms of service agreements. If you read them—and who does?—you’d learn, probably to no surprise, that they protect the provider a lot more then they protect you.
Slashdot Top Deals
Type louder, please.
