oncee - Slashdot User

Sun Pushes Emergency Java Patch 90

Posted by timothy on Thursday April 15, 2010 @03:53PM from the emergency-shot-of-soy-latte dept.

Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."

Fastest (and Most Compact) Stellar Spinner Confirmed 47

Posted by Soulskill on Saturday March 13, 2010 @11:45AM from the getting-dizzy-now dept.

gregg writes "HM Cancri has been confirmed as a binary system of two white dwarfs orbiting each other so closely that they complete one orbit every 5.4 minutes; they are separated by a mere 8 Earth diameters. 'These are the burnt-out cinders of stars such as our Sun, and contain a highly condensed form of helium, carbon and oxygen. The two white dwarfs in HM Cancri are so close together that mass is flowing from one star to the other. HM Cancri was first noticed as an X-ray source in 1999, showing a 5.4 minutes periodicity, but for a long time it has remained unclear whether this period also indicated the actual orbital period of the system. It was so short that astronomers were reluctant to accept the possibility without solid proof. '"

Final Decision Deferred On ".xxx" Domains 127

Posted by Soulskill on Saturday March 13, 2010 @11:19AM from the thinking-long-and-hard dept.

Hugh Pickens writes "The Associated Press reports that the board of the Internet Corporation for Assigned Names and Numbers has deferred a decision until June on whether to create a '.xxx' Internet suffix as an online red-light district, beginning a 70-day process of consultations on a domain that could help parents block access to adult sites. ICM Registry LLC first proposed the '.xxx' domain in 2000, and ICANN has rejected it three times already since then, but an outside panel last month questioned the board's latest rejection in 2007, prompting the board to reopen the bid. Backers of '.xxx' have billed the proposal as a way for the adult-entertainment industry to clean up its act, though some adult sites worry that governments would wind up mandating the use of '.xxx' and that sites with the '.xxx' suffix could easily be blocked by government web filters in the future. 'I am very concerned and fearful of censoring adult material that should be made available for adults. It scares the hell out of me,' says Malcolm Day, head of AdultShop.com, adding that if adult websites weren't allowed to have '.com' domains and could only register under the '.xxx' address, then 'many governments (across the world) would try to block them.'"

Four Threats For '09 You Haven't Heard of 126

Posted by ScuttleMonkey on Friday January 02, 2009 @04:02PM from the fear-mongering dept.

ancientribe writes "Security experts are cautiously on the lookout for some lesser-known but potentially lethal threats that could be more difficult to prepare for and defend against in 2009. These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats — attacks that knock out sections of the Internet infrastructure, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable: human casualties as a result of a cyberattack." Also known as the new group of things the fear mongers will use to make you do their bidding.

NSA Patents a Way To Spot Network Snoops 161

Posted by CmdrTaco on Monday December 22, 2008 @01:15PM from the welcome-to-the-holidays dept.

narramissic writes "The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"

5 Things the Boss Should Know About Spam Fighting 168

Posted by Zonk on Saturday February 17, 2007 @05:36PM from the never-give-up-never-surrender dept.

Esther Schindler writes "Sysadmins and email administrators were asked to identify the one thing they wish the CIO understood about their efforts to fight spam. The CIO website is now running their five most important tips, in an effort to educate the corporate brass. Recommendations are mostly along the lines of informing corporate management; letting bosses know that there is no 'silver bullet', and that the battle will never really end. There's also a suggestion to educate on technical matters, bringing executives into the loop on terms like SMTP and POP. Their first recommendation, though, is to make sure no mail is lost. 'This is a risk management practice, and you need to decide where you want to put your risk. Would you rather risk getting spam with lower risk of losing/delaying messages you actually wanted to get, or would you rather risk losing/delaying legitimate messages with lower risk of spam? You can't have both, no matter how loudly you scream.'"

Comment Re:Appletalk? (Score 5, Insightful) 709

by oncee on Friday January 19, 2007 @02:43PM (#17684404) Attached to: Mac OS X Versus Windows Vista, The Rematch

The only reason to use Appletalk would be because you have an extremely old printer that didn't do TCP/IP. Appletalk is pretty much dead after OS X came around.

Slashdot Top Deals