Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Summary misleading, not really a vulnerability (Score 1) 118

The Register article has a bit more information. This isn't really a vulnerability. It's definitely not "remote code execution". It works like this:

- Microsoft provides a tool called AppLocker that can be used to limit the programs that can be run on a system.
- The AppLocker tool is not intended as a tight "security boundary". Instead, it is a way to implement company policies like "no playing games at work", or to help with software licensing, i.e. "the company system image has a copy of Photoshop, but you aren't in the Design department, so you aren't licensed to run it", and perhaps to reduce attack surface area.
- The Microsoft-provided sample AppLocker configuration (intended to show the syntax for AppLocker rules) happens to have a sample rule that whitelists all programs under C:\windows. This is not a "recommended" rule -- it's a "sample" rule.
- If you leave this rule in, there are a large number of ways to escape the sandbox.
- A researcher found another one. Yay, I guess?

The new one is interesting because I wouldn't have considered regsvr32 to be a command that allows for running of arbitrary other commands. On the other hand, it shouldn't belong in a production whitelist in the first place, so being able to use it to escape the sandbox isn't particularly interesting.

Comment Re: No story bias here... (Score 0) 135

Money emerges organically as market participants converge on a commodity that is highly marketable, divisible, portable and durable. No need for a government there. For contract dispute resolution, common law emerges iteratively from case precedents and consensus among arbitrators, no need for a legislature. Central planning didn't work for the Soviets and roofing nails, and it's a testament to our resourcefulness that we still hobble by doing it for law and money and health care.

Comment Re: Uber isn't stupid (Score 4, Insightful) 230

Americans seem to have a gigantic blind spot when it comes to government corruption. Sure, people tend to nod at generic whining about "corrupt politicians" but they are hopelessly incapable of spotting that corruption when it happens. They will blame non-government actors all day long for making and offering bribes. As for the politicians who habitually take bribes? Crickets.

Comment Re: Bullshit narrative ... (Score 4, Insightful) 230

It's the laws that are bullshit. Look at what kind of service Uber facilitates. How is it that only now anyone is introducing a reputation system to this industry? How is it that only now the barrier of entry to this industry is coming down? What exactly does a stringently controlled supply of government-licensed "taxi" drivers do for the consumer anyway?

Comment GOOD. (Score 2, Interesting) 230

Uber is 1000 times better for transportation than the taxi cartel, and no thanks to government's relationship to this industry, lobbying aggressively is an act of self-defense. Instead of denigrating Uber for playing this game, blame the governments which have made this necessary, and blame yourselves for not voting the bastards out when they create cartels.

Slashdot Top Deals

"There are some good people in it, but the orchestra as a whole is equivalent to a gang bent on destruction." -- John Cage, composer