Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Cloudflare Reverse Proxies are Dumping Uninitialized Memory (medium.com)

skirmish666 writes: Tavis Ormandy (Tavis Ormandy) of Google’s Project Zero uncovered a major vulnerability in the Cloudflare Internet infrastructure service. Essentially, web requests to Cloudflare-backed sites received answers which included random information from other Cloudflare-backed sites! This information could potentially include confidential information (private messages on dating sites, emails), user identity information (Personally Identifying Information (PII), and potentially in a healthcare context, Protected Health Information (PHI), or user, application, or device credentials (passwords, API keys, authentication tokens, etc.)

Comment Re:Last sentence is (almost) BS. (Score 1) 267

I'm saying this as someone who's used and enjoyed Apple products for over 10 years, brought family friends and colleagues over from Apple's competitors simply by being enthusiastic about the products I enjoyed using:

If at any time what you say comes to pass and these devices replace the pre-Cook era functional and usable devices that I've found so enjoyable to use, I will take my business elsewhere.

Comment Re: The point (Score 1) 532

Are you referring to this part?

In that analysis, 9.6 percent of Medicare spending, 15.2 percent of Medicaid spending and 32.8 percent of other government healthcare spending by sources such as the Veterans Affairs department, Tricare and the Indian Health Service, were attributable to smoking.

Comment Re: Does anyone speak technical here anymore (Score 1) 337

I'm not sure who you think you're going to convince with that story, but alright I'll play along. I could use a laugh. Thanks for replying to some of the message I put to not-obfuscon AC but not other parts because it wasn't really your AC post. Am very appreciative. One thing I haven't been able to work out is: what is your point? You seem very keen to educate us unknowledgables. Please enlighten us with your wisdom. Looking forward to hearing from you, the poster not formerly known as AC.

Comment Re: Does anyone speak technical here anymore? (Score 1) 337

Hi Obfuscant.

>> Web servers do understand the concept of folders or directories, however you like to refer to the concept

Would you like clarification on this? The part where I mention you're free to refer to the concept using different terms that is.

>> I would bet anything that this story is NOT in a folder "story/16/09/14/2242216/"

You sound fairly confident, good for you. I'm sure you have plenty of evidence if you're willing to risk it all? Please, if I'm wrong I'd love to learn from my mistake. I'm not sure if you read the line "from the perspective of the end user", but if so please show me how from the view you have that this story isn't in that location on the website.

>> Being a tech site, these news sources should understand the difference between a folder and an URL. And so should you.

Should I? Ok, if you say so my friend. But then again, I didn't make the claim that the terms URL and folder have a one to one relationship so I'm not sure why you brought up the fact that I should know that they don't.

Comment Re: Does anyone speak technical here anymore? (Score 2) 337

I (and my browser) know exactly what directory (from the perspective of the end user) this story is in, it's story/16/09/14/2242216/ . It doesn't matter what physical directory the folder is in on the device serving the content, as long as from a logical perspective it's '/speedtest'.

What makes you think the network level requires this knowledge, and it can't be implemented at proxy / firewall level based on the logical directory in the URL?

A redirect to a captive portal for all but certain white-listed content is trivial to setup, source: Years of experience doing exactly this.

Comment Re: Does anyone speak technical here anymore? (Score 1) 337

I'd assume in this context (web servers) that a folder with '/' prefix means it's a folder off the root, not that the folder has a '/' in the name. Possibly this is just a reference to it being a folder named speedtest thought.

Web servers do understand the concept of folders or directories, however you like to refer to the concept. The URL of this story is in the '/story' directory.

There are a few ways this could be implemented, I'd assume that the T-Mobile firewall blocks all content or redirects to the payment page on an unpaid account unless the content is in the directory '/speedtest', and that the hacker is passing URL requests as an argument to a file located in a folder of the name '/speedtest'. I could be wrong.

Hope that helps.

Comment Re:Free content (Score 1) 119

I've tried a couple of audit only courses, and to be honest I don't learn well without having to apply some knowledge and process the material.

I couldn't care less about certification or grading, but the courses I've tried on the new platform don't provide me with any feedback on whether I understand the material or not.

Comment Re:While I doubt the seriousness of the claims her (Score 2) 588

Ok, the rest of your points aside:

Could it cause cancer/whatever? Maybe, otherwise I wouldn't be able to actively detect it

I can detect red, salt, rough, smooth, acceleration, loud, hot + many more things. Some of these are in the form of radiation. The ones I mentioned don't cause cancer/whatever. Your argument is flawed.

and I'm sure there are people more sensitive than me.

How? You'd better have some studies or you're only as sure about it as people who are sure the earth is flat. I'm open to evidence here as long as there is some.

And yes, I'm completely willing to submit to any test anyone wants to perform. I have done so many times so far and they're always surprised that my sensory disorder is real.

Dropbox + scanned image of diagnosis document + link in reply might not get you on the 6:00 news, but it's a start.

Comment Re:Ah memories (Score 4, Interesting) 284

I remember... reinstalling Win95 during high school so often I had the serial key memorised.

Was having some trouble with my laptop so the school IT desk wanted to do a clean install. Their face when I told them the serial key: priceless.

Comment Re:wish this existed in silicon valley (Score 1) 258

I think you should do a city swap with this guy, if you think London is worse than Mexico City for cycling in I suspect you are deeply mistaken.

I take it you've cycled in both to come to that conclusion? I haven't cycled in or commented on the safety of either, so I'm interested how you came to the conclusion that I think Mexico City is safer than London for cycling.

Neither you nor OP have demonstrated is how dedicated cycling infrastructure is detrimental to i. Cyclist safety, ii. Other road users. If that is the position you're taking please clarify yourself. That is the point being discussed, not the relevant safety of one city to another.

Slashdot Top Deals

Time to take stock. Go home with some office supplies.