Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks (

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains.

In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports.

For IE11 users, a demo page is available here.

Submission + - Java and Python FTP Attacks Can Punch Holes Through Firewalls (

itwbennett writes: Over the weekend, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails. At the same time, he showed that this type of vulnerability can be used to trick the Java runtime to initiate FTP connections to remote servers. After seeing Klink's exploit, Timothy Morgan, a researcher with Blindspot Security, decided to disclose a similar attack that works against both Java's and Python's FTP implementations. 'But his attack is more serious because it can be used to punch holes through firewalls,' writes Lucian Constantin in CSO Online.

Submission + - College Senior Upgrades His Honda Civic to Drive Itself Using Free Software (

holy_calamity writes: University of Nebraska student Brevan Jorgenson swapped the rear view mirror in his 2016 Honda Civic for a home-built device called a Neo, which can steer the vehicle and follow traffic on the highway. Jorgenson used hardware designs and open source software released by Comma, a self-driving car startup that decided to give away its technology for free last year after receiving a letter from regulator the NHTSA. Jorgenson is just one person in a new hacker community trying to upgrade their cars using Comma's technology.

Comment Reset Chromebook and Phone (Score 2) 510

I've been thinking about this since the recent article where a NASA JPL US citizen employee was detained and forced to give up his password.
I have a Chromebook. It's easy to wipe it completely to fresh out of the box factory settings. At the border, you can give them a completely blank computer. (or set up a dummy Chromebook account with nothing on it). Then when you are back safely in the US, just enter your credentials and it will download everything from the cloud and you're back in business.
Phones are a little more difficult. You can factory reset these but your SIM card still has data. You'd need to install a decoy SIM card in it (preferably a burner SIM from some odd place where it won't work in the US). You'll have to deal with your own SIM card by hiding it or mailing it to yourself. Once you reinstall your original SIM and login, the phone apps, etc. will restore themselves.
Either that or just buy a burner phone and ditch it before you return.

Comment Re:Shade, eh? (Score 2) 125

I assume that you think OS X is somehow superior to other OSs. As an primary OS X user (as well as Linux and Windows occasionally) for the past 7 years, I beg to differ. I've always found OS X to be kludgy, toylike and lacking features. I never could get used to its special keys (especially command and option) as well as the odd keyboard layout (no backspace???).
I'm much more comfortable with Linux and its applications. I gave up on Apple hardware and have now adopted Chromebooks (with Crouton Linux) for all my work. Much nicer user experience and better software options.

Comment Re: China and South Korea and Russia can do it (Score 1) 87

Nuclear output can only be reduced by a small amount and only slowly. It can't be increased again due to poisoning of the core.
Coal gasification could be dispatchable but the plants, for the most part, don't exist (only 272 worldwide). They also produce a lot of toxic compounds.

Slashdot Top Deals

Imagination is more important than knowledge. -- Albert Einstein