Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - IE 7.0/8.0b Code Execution 0-day Released! (

SecureThroughObscure writes: "Security blogger and researcher Nate McFeters, of ZDNet and Ernst & Young's Advanced Security Center, blogged about an 0-day exploit released by noted security researcher Aviv Raff today. The flaw is a cross-zone scripting flaw, that takes advantage of the fact that printing HTML web pages occurs in the Local Machine Zone in IE rather than in the Internet Zone.

McFeters states on his blog that cross-zone scripting issues are very serious and that they will be a portion of the presentation that he, Rob Carter (also of Ernst & Young's Advanced Security Center, John Heasman (Director of Research at NGSSoftware), and Billy Rios (from Microsoft) will be giving at Black Hat Vegas this year. McFeters says:

"One of the most concerning things about cross-site scripting is when you can execute your script in a higher privileged zone, as Aviv has here. In some cases, you can actually run arbitrary commands on the operating system, read/write files, and definitely make all the cross-domain requests (with cookies) that you'd like. I'll save this for a different blog posting, because that was always the plan, but if you are interested in seeing more on this, Rob Carter has been hitting this really hard over at his blog."

As McFeters stated, Carter has done a lot of research into this area, pointing out very serious flaws in the web management consoles of Azureus and uTorrent, as well as in the Eclipse platform, which is used to build several other tools.

Aviv Raff's blog also summarizes the technical details of this cross-zone flaw:


Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its "Print Table of Links" feature. This feature allows users to add to a printed web page an appendix which contains a table of all the links in that webpage.

An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the user's machine (i.e. in order to take control over the machine).

Technical details

Whenever a user prints a page, Internet Explorer uses a local resource script which generates an new HTML to be printed. This HTML consists of the following elements: Header, webpage body, Footer, and if enabled, also the table of links in the webpage.

While the script takes only the text within the link's inner data, it does not validate the URL of links, and add it to the HTML as it is. This allows to inject a script that will be executed when the new HTML will be generated.

As I said in a previous post, most of the local resources in Internet Explorer are now running in Internet Zone. Unfortunately, the printing local resource script is running in Local Machine Zone, which means that any injected script can execute arbitrary code on the user's machine.

These are a very interesting class of bug, pretty scary stuff, especially since they appear to work in IE 8 as well.



Submission + - Stop Copyright Term Extension in Europe! ( 1

Stefano Spinucci writes: Charlie McCreevy, the EU's Commissioner for the Internal Market and Services, wants to nearly double the European copyright term in sound recordings — from 50 years to an astounding 95. f you read Commissioner McCreevy's declaration this month to bring American-style copyright terms for sound recordings to the EU, one might have thought that it was all a done deal. He gave the impression that he had consulted with everybody who counted in the matter, balanced all the arguments, and had all the powerful players on his side. We don't think he has. McCreevy still has to persuade his fellow Commissioners and the European Parliament before sound recordings are locked away in Europe for another 45 years. And while the record labels support the government stretching their contracts far into the future, the facts stand against term extension.

Submission + - Spinning the BRM (

tbray writes: "I spent the last week in the ISO OOXML Ballot Resolution meeting. Jason Matusow, who wasn't there, says it was "An Unqualified Success". Andy Updegrove, who also wasn't thre, writing up says "OOXML fails". I reported from inside the room, and so did a Malaysian attendee. Draw your own conclusions."

Submission + - Clinton Campaign Site TOS (

edibobb writes: "The Obama and Hillary Clinton sites both have "Terms of Service," which seems pretty odd for political campaign sites. Obama's TOS seems pretty straightforward, but Clinton's looks like it was written by Washington bureaucrat from Homeland Security.

I don't even have to register in order to be bound by the 4-page agreement, according to Clinton's TOS, and in case that doesn't cover it, "In addition, you shall be subject to any posted guidelines or rules applicable to such Service, which may be posted from time to time."

To top it off, "You agree not to reproduce, duplicate, copy, sell, exploit, or otherwise use any Content, in full or part, or any use or access to the Service, without the express written consent of the Committee."

So much for Fair Use. You would think they would encourage people to copy their material, not threaten them over it."

The Courts

Submission + - Handbook for picking MediaSentry apart (

NewYorkCountryLawyer writes: "p2pnet calls it a "MediaSentry lawyer's kit"; I call it a "Practice tip : collecting materials on MediaSentry relating to (a) illegality, (b) discoverability, and (c) admissibility". Bottom line is that there is going to be lots of litigation in the days ahead over the issues of (a) MediaSentry's unlicensed investigations, which are a crime in most or all states of the United States, (b) the discoverability of the underlying MediaSentry materials, and/or (c) the admissibility of the doctored text printouts, prepared for litigation, upon which the RIAA will seek to base its case. Since the RIAA lawyers will say anything they find convenient at the moment, a good technique for fighting this fight will be to collect and point to inconsistencies in their affidavits and other court papers, which I've begun collecting. If you have any suggestions for additions to my collection, don't hesitate to submit them here; I will review all comments."

Submission + - Muslims Attempt to Censor Wikipedia

Nom du Keyboard writes: As reported on Fox News and The New York Times, some Muslims are attempting to censor Wikipedia because of images of Muhammad contained in the article about him. So does one religion get to tell the rest of the world how they must behave because they'll be offended otherwise, or does the Internet represent all views, even when that view may be offensive to some particular minority?

Submission + - MySpace No Place for Atheists? ( 13

Robotech_Master writes: "According to the article, since MySpace was acquired by Rupert Murdoch it has deleted a 35,000 member atheist/agnostic group, reportedly "the largest collection of organized atheists in the world." Some individual atheists' profiles have also been deleted. Bryan Pesta, Ph.D., the group's moderator, has an updates page."
The Courts

Submission + - RIAA Wants $1.5 Million Per CD Copied (

I Don't Believe in Imaginary Property writes: "Not content with current statutory damages, the RIAA is pushing for higher damages for infringement, damages that would total $1.5 million for copying a CD with ten songs. It's all part of debate over the proposed PRO-IP Act, one which William Patry, a lawyer who wrote the seminal seven-volume reference on US copyright law, called the most 'outrageously gluttonous IP bill ever introduced in the US.'"

Submission + - Microsoft threatens startups over account info (

HangingChad writes: According to Fortune, there are reports that Microsoft is trying to strong arm startups to give preferential treatment to MSN Messenger and are using account information as leverage. "If the company wants to offer other IM services (from Yahoo, Google or AOL, say), Messenger must get top billing. And if the startup wants to offer any other IM service, it must pay Microsoft 25 cents a user per year for a site license." Of course, if the company is willing to use Messenger exclusively "fee will be discounted 100 percent." Getting detailed information is difficult as many of the companies being approached are afraid of reprisals.

Submission + - Some DNS requests ruled illegal in North Dakota ( 1

jgreco writes: "A judge in North Dakota has just ruled that requesting a zone transfer from a public DNS server is criminal activity within the meaning of the North Dakota Computer Crimes Law. A zone transfer is a simple request that a DNS server hand over information in bulk, and a DNS server may be configured to allow or deny such requests. That the owner of a DNS server would configure the server to allow such requests, and then claim such requests were unauthorized, is simply stunning."

The Courts

Submission + - DMCA subpoenas used to protect Internet security ( 1

An anonymous reader writes: Many on Slashdot accuse music and movie companies of violating privacy and legal rights when they send DMCA subpoenas, and generally excoriate the DMCA subpoena process. Will they similarly condemn AVG for sending DMCA subpoenas to search engines and domain registrars in order to discover the identity of sellers of counterfeit antivirus software? Is there a difference?
The Courts

Submission + - Free Software Found. reaches out to RIAA victims 2

NewYorkCountryLawyer writes: "In what has been termed the "the RIAA's worst nightmare", the Free Software Foundation has announced that it is coming to the aid of the victims of RIAA lawsuits, by establishing an Expert Witness Defense Fund to assist defendants in RIAA cases. The purpose of the fund is "to help provide computer expert witnesses to combat RIAA's ongoing lawsuits, and to defend against the RIAA's attempt to redefine copyright law." The funds will be used to pay fees and/or expenses of technical expert witnesses, forensic examiners, and other technical consultants assisting individuals named as defendants in non-commercial, peer-to-peer file sharing cases brought by the RIAA, EMI, SONY BMG, Vivendi Universal, and Warner Bros. Records, and their affiliated companies, such as Interscope, Arista, UMG, Fonovisa, Motown, Atlantic, Priority, and others."

Submission + - Google Throws Lead Paint on Movie Download Market 6

An anonymous reader writes: As promised Google shut down its video store Wednesday — and its DRM made sure all movie files purchased from the store ceased to funtion. This has sparked a firestorm of negative commentary from the Digerati who see it as pure theft. Cory Doctorow called it "...a giant, flaming middle finger, sent by Google and the studios to the customers who were trusting (as in dumb) enough to buy DRM videos". John Dvorak called it "old bait-and-switch tactics" where vendors make promises, but build-in the ability to reneg on those promises if they choose to do so later. Both Dvorak and Doctorow call for the judicial system to step in, but MP3 Newswire says that the abuse to consumer trust will do more damage to the paid download market than anything the courts could inflict. "As a consumer, if you purchase a digital movie file online only to have it unexpectedly repossessed you will probably think twice before ever buying any such download again. If you do consider it again it certainly won't be for the same price as before. Experience made these downloads worth far less to you. So what are feature film downloads that can be revoked at any time worth in the market place? To some Google Video customers the value of a movie download dropped all the way down to zero."

Submission + - An Ebay Sale is a Sale

syousef writes: An Ebay Sale is a Sale says an Australian New South Wales State Judge in a case where a man tried to reneg on the Ebay sale of a 1946 World War II Wirraway aircraft. The seller tried to reneg because he'd received an offer $100,000 greater than the Ebay sale price elsewhere. The buyer who had bid the reserve price of $150,000 at the last minute took him to court. "It follows that, in my view, a binding contract was formed between the plaintiff and the defendent and that it should be specifically enforced," Justice Rein said in his decision. All dollar figures are in AUD.

Slashdot Top Deals

No amount of genius can overcome a preoccupation with detail.