Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:"maliciously coded image file"? (Score 1) 36

WTF is a "maliciously coded image file"?

What is the format of this file? JPG? PNG? How, precisely, is it exploiting the image viewer? Via buffer overrun?

Details are not available yet. According to one story, the people who discovered the exploit are not talking about details until it has been patched. I don't know if it's relevant but the story specifically mentions SVG and today i learned that you can embed Javascript code into an SVG image file. Since the only SVG image viewer that most people have is a web browser, this could be one possible attack vector.

In the first link from the summary, there's a video embedded a bit down. At 0:27, there's a screen shot containing a "Notepad" dump of the HTA file, here you can see that the opening bytes represent a standard JPEG (JFIF) format image. When I worked in Imaging and ECM (FileNet Corp.), I knew many programs that relied on the "magic number" (opening bytes) of a file to identify the format; ignoring the file extension which can sometimes be wrong.

So (I'm guessing) Facebook assumes it's a regular ol' JPEG image based on the header bytes, when in reality it's an HTA (HTML Executable). When Facebook tries to serve it to the user, the web browser knows it's not a JPEG and forces the download so Windows Explorer can handle it. The user then double-clicks on the HTA and that's when the exploit takes place. If you still have file extensions hidden in Windows, you'd never know it wasn't a JPEG to begin with.

One wonders why Microsoft still clings to the idea that hiding file extensions is a good idea. It's still the default behavior even in Windows 10.

Comment Re: Supply and demand (Score 1) 587

Well, let's see. I'm going to be 50 soon. That's supposedly a detriment in IT. I make a lot more money than my younger colleagues. That's supposed to hurt me too. I don't know an H1B worker who can even do my job, so I guess I must be worth it. Don't get me wrong. The latter probably exists. I just don't see them lining up to replace me.

Where I used to work (3-letter acronym), there wasn't anyone who could do my job either, but that surely didn't stop them from laying me off. There are countless others who were talented, well trained, but weren't of "optimal" age and salary who were also let go. At some point, apparently, it doesn't matter if anyone can do your job. The big wigs and bean counters are well aware that the structure is hollow. So long as the big name still lights up, there will be some customers, and I suppose that's good enough. I was involved in customer engagements up to the week I left, and I was the last one of my team to go. The guy who was supposed to replace me is presumably there, but we never spent more than 2 minutes discussing things. I shudder to think of how bad it's gotten...

Comment Oh yes, envy me... (Score 1) 558

Motherboard: ASUS F2A85-V PRO
Processor: AMD A10-5800K Trinity 3.8GHz FM2 Quad
Memory (part number): G.SKILL Ripjaws Z Series 4 x 8GB DDR3 1866
Display Chip: AMD A85X (Hudson D4) [Integrated graphics, not a gamer)
Display LCD: Monoprice 30" IPS CCFL Backlit LCD Panel
Hard Drive (System): SAMSUNG 840 Pro Series MZ-7PD256BW 2.5" 256GB SATA
Hard Drive (Storage): Hitachi HDS724040ALE640 (0S03355) 4TB
CPU Cooler: COOLER MASTER Hyper 212 CPU Fan
Case: Antec-300 PC Case
Power Supply: Rosewill FORTRESS-450w 80 Plus Platinum
UPS: CyberPower CP1500AVRLCD 1500VA
OS: Windows 7 (64-bit) Professional

Comment Re:WoW? (Score 2) 277

Most people back then didn't go to arcades and had never even heard of Pac-Man.

Pac-Man was ubiquitous because the video game craze extended well beyond the arcade. You could find them at movie theaters, liquor stores, pizza parlors, bowling alleys, kiosk space in the mall, even just past the checkout lanes at the grocery store. I don't know anyone who hadn't heard of Pac-Man by 1981.

Comment Re:Duh? (Score 1) 327

Depends, I'm still grandfathered under the "unlimited data" plan, so AT&T cannot legally cap the amount of data I am using.

Lucky for them (and for me?), I'm not one of the high bandwidth users who watch videos all day on my phone ... but if someday I need to use that much data off the 3G network, I did pay for it (have been for 2-3 years), and it should be readily available to me.

Comment Re:Seagate reliability (Score 1) 467

I have about a dozen 1.5TB Seagate 7200rpm drives purchased intermittently over the past ~2 years from ~4 different vendors. The most recent purchase was at the end of Nov 2009.

So far, no problems (knock on wood). They tend to run 24/7, but don't necessarily see that much disc activity (media server).

I did have one Seagate drive die on me, but I think it was a 750GB drive ... and that was a couple of years ago. I have at least 8 of those drives, plus four older 300gb drives ... all are off-line now, but they were working fine when they were in use.

Never tried the 5900rpm drives...

Comment Re:ISA slots (Score 1) 622

I also have a parallel-port EPROM burner that I use more frequently, the Xtronics Pocket Programmer ... however, it is not fully compatible with all of the older EPROM chips that I occasionally use.

At least their website is still active, and the latest Pocket Programmer runs off the USB port. Right now, I have no need for a $249.95 upgrade, but will keep it in mind.

Do you have a link to your preferred USB-to-ISA product?

For the record, I did find that the PB-10 would not necessarily run on newer (faster) computers. Maybe some of the internal timing has changed?

Comment ISA slots (Score 1) 622

The oldest I have in service is a Cyrix 6x86 system running Windows 98 SE. I need it for the ISA slots so that I can run my *Needhams PB-10 EPROM burner.

* Since www.needhams.com doesn't come up anymore, I wonder if they are even still in business. :-(

Comment Re:Last sentence is stupid (Score 2) 369

Not to defend them, but the summary indicates GB caps not MB. 100GB is alot harder to pull down in a month, not that I haven't managed to do it on a crappy DSL line, thus making it even more likely someone with a nice fat cable pipe could do it.

I can easily do 100gb in a week, now that all these 1080p MKV files are out there.

You know, ummm ... backups for my BluRay discs. :-)

Slashdot Top Deals

I have a very small mind and must live with it. -- E. Dijkstra