×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spoken Commands Crash Bank Phone Lines

samzenpus posted about a year and a half ago | from the initiate-self-destruct-sequence dept.

Security 178

mask.of.sanity writes "A security researcher has demonstrated a series of attacks that are capable of disabling touch tone and voice activated phone systems, forcing them to disclose sensitive information. The commands can be keyed in using touchtones or even using the human voice. In one test, a phone system run by an unnamed Indian bank had dumped customer PINs. In another, a buffer overflow was triggered against a back-end database. Other attacks can be used to crash phone systems outright."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

178 comments

Good (5, Funny)

Anonymous Coward | about a year and a half ago | (#41362283)

I hate those automated prompts.

Re:Good (3, Interesting)

justforgetme (1814588) | about a year and a half ago | (#41362317)

Especially if after pressing all possible combinations and you finally get to the part where it says "I'll connect you to a human being" the while system blows up and you have to start over. Which in my experience happens approximately 100% of the time.

Re:Good (5, Insightful)

SJHillman (1966756) | about a year and a half ago | (#41362413)

I don't mind a lot of the entirely automated systems (although some are horrible), nor do I mind waiting for a human. However, it's the hybrid systems where you go through anywhere from five to twenty layers of prompts only to be connected to a human who then asks you all of the same questions as the automated system that I really hate.

Re:Good (5, Insightful)

TheCarp (96830) | about a year and a half ago | (#41362761)

I don't even mind the hybrid systems, in theory.

What I mind is the last part. I am on with the machine, it collects all the info that a human operator would need, makes sense....helps speed things along, route calls, and keep the actual time of the operator useful, rather than monotonously getting account details....cool.

In reality though, its exactly as you say.... I spend all that time on with the computer, give it all my info, verify my account...and then... the operator gets on and asks for all that info again....

So it didn't save him from monotony, it didn't keep his time useful.... all it did was waste my time.... yay.

Re:Good (5, Insightful)

h4rr4r (612664) | about a year and a half ago | (#41362855)

Wasting your time is good for them, it reduces the number of hangups. Far more importantly It means hold times don't start until after all the prompts have been exhausted. This makes the call center numbers look great.

Record a stupid metric get a stupid result.

Re:Good (5, Interesting)

SlippyToad (240532) | about a year and a half ago | (#41362973)

the operator gets on and asks for all that info again....

I bitched about that once. Turns out, they are killing time while your screen comes up from their glacially-slow system.

Re:Good (2, Informative)

Anonymous Coward | about a year and a half ago | (#41363895)

I don't know about banks, but I've worked in 2 call center jobs: a utility company and a state government agency.
In both places, info entered by the caller was used only to route the call; none of it was passed on to me.

Re:Good (2, Informative)

Anonymous Coward | about a year and a half ago | (#41362825)

I don't mind a lot of the entirely automated systems (although some are horrible), nor do I mind waiting for a human. However, it's the hybrid systems where you go through anywhere from five to twenty layers of prompts only to be connected to a human who then asks you all of the same questions as the automated system that I really hate.

Say "operator" when you're dealing with an automated system, and it'll generally hook you straight up to a real live homo sapien.

Now you know.

Re:Good (1)

sjames (1099) | about a year and a half ago | (#41363845)

Swearing often helps too. Some systems take it as a sign you're getting angry and try to head it off.

Re:Good (1)

Phreakiture (547094) | about a year and a half ago | (#41363609)

Here are the two worst I have encountered:

One was a customer satisfaction survey. For each question, it asked the question, and then followed it with this entire message: "Press 1 for strongly agree; press 2 for agree; press 3 for neither agree nor disagree; press 4 for disagree; press 5 for strongly disagree." Now, I have no problem with this kind of prompt existing, but seriously, after the first question, I get how it works. Oh, I almost forgot: It would not accept any input until it had finished reading off the entire fucking message!

The other is a bank with which we have a loan. The sequence I go through is this: "Thank you for calling the Very Big Bank customer service line. For account information, press 1. For-" I press 1. "To inquire by account number or social security number, press 1. To inquire-" I press 1, but not too early or it just restarts this message. "Please have your account number or social security number ready. To inquire by account number, press 1. To inquire by-" I pres 1. "Please enter your account number." Let's say, for the sake of the argument that the number is 555555555. "One moment, while we retrieve your account." Two seconds pass. "The account number you entered is. Five. Five. Five. Five. Five. Five. Five. Five. Five. Five. If this is correct, press 1. If-" You couldn't have asked me this before retrieving my account? Okay, fine. I press 1. "For a payoff balance or payment amount, press 1. For-" I press 1. "For payoff balance, press 1. For-" I press 1. "The following message contains payoff information. You will be given an opportunity to receive a fax copy at the end of this message. Acount number. Five. Five. Five. Five. Five. Five. Five. Five. Five. Five. Date of the last payment was. September. Third. Two. Thousand. Twelve. As-of. September. Seventeenth. Two. Thousand. Twelve. Your payoff balance was. Fifteen. Thousand. Five. Hundred. Fifty. Five. Dollars-and. Fifty. Five. Cents." I think it is designed to get peoplel to use the website instead.

Re:Good (3, Interesting)

Lorens (597774) | about a year and a half ago | (#41363775)

[It's] a human who then asks you all of the same questions as the automated system that I really hate.

I have a supplier whose automated system asks for contract number and system ID's and the like. Once, my system was totally down and the different numbers I had were refused by the supplier's IVR. I remembered hearing that some IVR systems detect swearing. I quite deliberately swore a few times at the system, and it beeped and asked "Are you currently experiencing a severity-1 production outage, press one". I did and got a human immediately. I'll never again complain about their system . .

Re:Good (1)

dywolf (2673597) | about a year and a half ago | (#41363063)

usually, in the good systems (natch!), you just keep hitting 0, or saying "Representative" or else something that it can't decipher and it'll take you right to an operator, after only about 15 seconds.

Re:Good (1)

azadrozny (576352) | about a year and a half ago | (#41363755)

Some companies are getting wise to this. Yes, this will take you to a real person, but that person is often nothing more than a switchboard operator. Many times they have routed me back to the same prompt queue I just escaped from.

Re:Good (1)

justforgetme (1814588) | about a year and a half ago | (#41364123)

On lots of the implementations I have seen either the menu loops indefinitely or it just disconnects you. To be honest though this is something I only have noticed in countries in the Mediterranean. So maybe it is somehow related to economic insolvency?

Re:Good (1)

dywolf (2673597) | about a year and a half ago | (#41363033)

I do too. "Please say or key in your PIN/Account/Social Security/Member Number" ... ya I want to say my very important number out loud...
luckily USAA lets you key in the stuff too. I've come across some that dont, and I frankly refuse to use them.

But when I saw this article, my first thought was, what do I say to trigger a money dump into my account?

Social engineering (5, Funny)

BSAtHome (455370) | about a year and a half ago | (#41362335)

How is the turing test doing for social engineering an automated system?

Maybe the system commited suicide after listening to those humans and just decided it was not woth it anymore.

Re:Social engineering--PenTest? (1)

BoRegardless (721219) | about a year and a half ago | (#41362923)

Penetration Testing?

Must not know of such things in India yet. Seriously behind China.

What? (2)

ledow (319597) | about a year and a half ago | (#41362341)

You decided to link to explanations of touch-tones and buffer overflows? On Slashdot? Really?

And yet the article basically parrots the summary with no more information.

Re:What? (4, Insightful)

RaceProUK (1137575) | about a year and a half ago | (#41362445)

buffer overflows

Not everyone on here is a programmer.

Re:What? (5, Funny)

TWX (665546) | about a year and a half ago | (#41362535)

I'm not a programmer and I know what a buffer overflow is...

It's when you use too much polishing compound on your buffer and it squirts out everywhere and ruins the paint on the car, right?

Re:What? (4, Funny)

RaceProUK (1137575) | about a year and a half ago | (#41362579)

Meh, why not?

It fulfills the car-analogy requirement for this article at least.

Re:What? (1)

JustOK (667959) | about a year and a half ago | (#41362727)

But ignores pizza

Re:What? (5, Funny)

TWX (665546) | about a year and a half ago | (#41362747)

Ever contemplate how much pizza you really eat, by volume?

Let "a" be the thickness of the crust, and let "z" be the radius.

So, the volume of your slice, depending on how it's cut, is a fraction of pi*z*z*a.

Re:What? (1)

Anonymous Coward | about a year and a half ago | (#41364433)

I know what a buffer overflow is...
It's when you use too much polishing compound on your buffer and it squirts out everywhere

Buffer eh, that's a new term for it I guess... ;-)))

Re:What? (1)

wonkey_monkey (2592601) | about a year and a half ago | (#41363555)

You decided to link to explanations of touch-tones and buffer overflows? On Slashdot? Really?

That is how hypertext is supposed to work, y'know. No-one forces you to click a link if you don't want any more information.

Re:What? (2)

FireFury03 (653718) | about a year and a half ago | (#41364011)

You decided to link to explanations of touch-tones and buffer overflows? On Slashdot? Really?

That is how hypertext is supposed to work, y'know. No-one forces you to click a link if you don't want any more information.

After reading the article and finding it had no more information than the summary, I clicked the other links expecting them to be a more in-depth article on the same subject... I was disappointed.

Would you like to hear other people's PINs? (5, Funny)

pr0t0 (216378) | about a year and a half ago | (#41362351)

To hear the PINs of our other customers, please press 1, or say "yes" now.

Re:Would you like to hear other people's PINs? (5, Funny)

frostfreek (647009) | about a year and a half ago | (#41362775)

0000
0001
0002
:
9999

Re:Would you like to hear other people's PINs? (1)

GonzoPhysicist (1231558) | about a year and a half ago | (#41363453)

Haha, my PIN isn't on this list. On that note, is there a limit to the number of digits in a PIN?

Re:Would you like to hear other people's PINs? (1)

Anonymous Coward | about a year and a half ago | (#41364005)

Sadly, my bank limits it to four digits.
After mentioning to the bank manager that this not ideal, at least he agreed and offered me a copy of his letter to "corporate" as a template for my own. He didn't to it for me, but he helped quite a bit.

Re:Would you like to hear other people's PINs? (1)

kat_skan (5219) | about a year and a half ago | (#41364159)

That's amazing! I've got the same combination on my luggage!

SQL Injection via voice? (3, Insightful)

Gotung (571984) | about a year and a half ago | (#41362363)

"In one test, a phone system run by an unnamed Indian bank had dumped customer PINs" Sounds like a SQL injection attack, via voice. Lol. Little Bobby Tables strikes again.

Re:SQL Injection via voice? (3, Interesting)

Anonymous Coward | about a year and a half ago | (#41362433)

My money is on it not being purely by voice, but prepped with online banking. The attacker probably set their name or security question to Bobby Tables, then used the standard voice prompts to have the voice system attempt to say the name/security question/etc, which then ran the queries un-escaped

Re:SQL Injection via voice? (1)

LordLimecat (1103839) | about a year and a half ago | (#41362527)

The article indicates that the attack was done by speaking attack commands.

Re:SQL Injection via voice? (3, Funny)

Anonymous Coward | about a year and a half ago | (#41363041)

The article indicates that the attack was done by speaking attack commands.

Attack commands?

"DIE AND BURN IN HELL, YOU STUPID FUCKING PIECE OF SHIT VOICEMAIL SYSTEM!"
"Okay. I will die now."
*sound of distant explosion*
"...huh. Cool. I didn't think it'd be that easy."

Re:SQL Injection via voice? (5, Funny)

Anonymous Coward | about a year and a half ago | (#41362813)

"Thank you for calling Mega Bank. Please say 'Customer Service' or 'Loan Application'."

"SELECT password FROM members"

"It sounds like you're trying to hack our system. Please hold while I access that data."

Re:SQL Injection via voice? (1)

Anonymous Coward | about a year and a half ago | (#41362931)

Some years ago I worked for a small telecom, our system (and everyone else using the voip engine) was (is?) vulnable to injection attacks via. SIP headers; we where very much aware of this, but getting the maintainer to fix it was impossible.

Re:SQL Injection via voice? (0)

Anonymous Coward | about a year and a half ago | (#41363019)

Bobby Tables, or failing that Kevin Mitnik. I'm sure Kevin damn near came when he heard about the possibility of these attacks.

Re:SQL Injection via voice? (0)

Anonymous Coward | about a year and a half ago | (#41363733)

Buffer overflow != SQL injection. They are similar in that both involve submitting an input to a system that the system treats as being shorter than it really is so the rest causes some unintended behavior. The difference is that in a buffer overflow, the size is some fixed buffer length and for an SQL injection, the input is being used in a quoted string inside an SQL code block so the input just includes an end quote and then SQL code to execute. Buffer overflows tend to be significantly more difficult to make into vulnerabilities as opposed to just crashes. Also, there is an easy protection against them (at the cost of performance... which likely doesn't matter for this system) of simply not using a programing language with manual memory management (i.e. C or C++).

1337 (1)

Anonymous Coward | about a year and a half ago | (#41362415)

I noticed that in the video, the sequence 1337 appeared regularly. So either phone systems are especially vulnerable to this sequence, or it is a fake video where they thought it would be 1337 to use that sequence.

The 127.0.0.1 in the top line makes me suspect even more that the video indeed is fake.

Re:1337 (1)

omnichad (1198475) | about a year and a half ago | (#41364197)

Right, because it's only real if they record video evidence of them committing a felony and not using a test system set up to emulate the real-world environment.

Video of the talk (5, Interesting)

Tryfen (216209) | about a year and a half ago | (#41362421)

You can you watch a video of the talk on YouTube [youtube.com] - or read the slides at BlackHat [blackhat.com] .

Fairly interesting to see how buffer-overflows can occur in the most unlikely places.

Re:Video of the talk (2)

jittles (1613415) | about a year and a half ago | (#41363357)

I'm sorry, I know this guy probably isn't a native English speaker, but he is a horrible presenter. One of the worse I have ever seen. It doesn't seem like he practiced or anything, and you can tell he is terribly uncomfortable. The presentation is also very long, and not very interesting most of the time.

Re:Video of the talk (1)

cffrost (885375) | about a year and a half ago | (#41364181)

[H]e is a horrible presenter. One of the worse I have ever seen. It doesn't seem like he practiced or anything, and you can tell he is terribly uncomfortable.

I didn't watch this presentation, but your post reminded me of Elon Musk's appearance on The Daily Show. [thepiratebay.se] Blushing, glistening in sweat, strange answers, etc. It seemed like he'd never spoken in public before, and I was half-expecting him to flee the interview at any moment.

Re:Video of the talk (5, Insightful)

MobyDisk (75490) | about a year and a half ago | (#41363375)

I don't dare run Powerpoint files or Word documents I receive from my relatives. Yet here I am downloading one from Black Hat and I feel perfectly safe. The world has gone mad.

Re:Video of the talk (1)

Anonymous Coward | about a year and a half ago | (#41363539)

I've been involved in the building and testing of IVR systems. Injection and overflow are possible, but less common. Denial of service and brute force attacks are more likely to be successful given the nature of how many applications are built.

IVR applications tend to be written as thin, dumb applications around the data source. On a positive note, banks, and other financial institutions, rarely expose data as a database. Most of the FI interfaces I've experienced are either proprietary (text message blocks are the most common) or if a standards method is available, Web Services. I rarely see IVR applications that validate data and therefore allowing ABCD in. * and # are often terminating characters, but some can still end up with input. If the FI data interface isn't validating the data, there will likely be problems.

Speech reco systems, today, aren't too bad. Grammar design restricts results (semantic interpretation) and most applications just fail if they have an unknown SI value. However, as speaker independent dictation models become more successful, it is possible that raw input might make their way into data requests. However, I suspect when that happens, it will be tied into the same logic used by web servers cutting down the attack surface.

One trick (3, Funny)

kilodelta (843627) | about a year and a half ago | (#41362437)

If you have the knack for it, whenever you encounter and IVR is to repeatedly scream a phrase at it, something like 'agent'. Good systems recognize the word and put you through to a human post haste. Shit systems, which are the predominant type, have something like a 30 or 60 second timeout before requiring human help.

Re:One trick (3, Funny)

P-niiice (1703362) | about a year and a half ago | (#41362691)

I do this and get more and more pissed everytime I have to yell "Agent" at it. My kids get a huge laugh out of it everytime too.

Re:One trick (4, Interesting)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41362765)

If you have the knack for it, whenever you encounter and IVR is to repeatedly scream a phrase at it, something like 'agent'. Good systems recognize the word and put you through to a human post haste. Shit systems, which are the predominant type, have something like a 30 or 60 second timeout before requiring human help.

Some systems may actually be responding to the vocal stress cues. In an effort to pretend to care, while minimzing the number of actual humans needed, some designs will prioritize the ones that sound increasingly angry so as to get them dealth with and out of the way. I find that it generally isn't difficult to convincingly emulate boiling rage, and(depending on whether the phone drone knows he is being dumped into a rage call or not) immediately switching to polite-and-businesslike when the human comes on usually works pretty well.

Re:One trick (5, Interesting)

PRMan (959735) | about a year and a half ago | (#41362871)

Pressing 0 works on a little more than half of systems. Make sure you keep pressing 0 in response to every prompt.

This is... (0)

Anonymous Coward | about a year and a half ago | (#41362469)

The computer equivalent of shouting "jump" at a stock broker who's out on a ledge during a massive margin call...

Very Welcome Message (0)

Anonymous Coward | about a year and a half ago | (#41362481)

"Hello, welcome to abc trading. Please press 1 for customer services, 2 for finance and ##*?\\ for anything else."

User input needs to be filtered, and the interface should ONLY accept certain values (the known inputs) before moving onto the next stage of processing.

Dilbert would be proud (2)

murcon (192204) | about a year and a half ago | (#41362513)

Heh. For some reason this reminds me of the "shower scene" from the very first episode of Dilbert (the animated series), where Dogbert is attempting to hack Dilbert's voice-activated shower temperature control.

http://www.youtube.com/watch?v=7MqhBL9eEts [youtube.com]

Re:Dilbert would be proud (4, Funny)

TWX (665546) | about a year and a half ago | (#41362575)

DNWTFV...

I'm sorry, but "shower scene" and "Dilbert" do not belong anywhere near each other.

I had an involuntary mental image that it'd be like the shower scene from Starship Troopers but with the Dilbert characters, and then I threw up a little bit...

Re:Dilbert would be proud (1)

Anonymous Coward | about a year and a half ago | (#41363181)

Sounds like your brain is vulnerable to relatively unsophisticated hacks. You should probably look into that.

autotune required (1)

jickerson (2714793) | about a year and a half ago | (#41362551)

The commands can be keyed in using touchtones or even using the human voice.

To bad i'm very much tone deaf

Use a Sponge Bob Happy Meal toy (2)

srussia (884021) | about a year and a half ago | (#41362627)

To bad i'm very much tone deaf

Get all the details in next quarter's 2600!

Who cares? Phone service serves no purpose (1)

gelfling (6534) | about a year and a half ago | (#41362701)

Seriously, phone support? That's a waste of all time and effort. So is online chat support, email and talking to anyone in person if they even exist.

Re:Who cares? Phone service serves no purpose (0)

Anonymous Coward | about a year and a half ago | (#41362837)

ESP is the way to go.

Secret phrase (2)

PPH (736903) | about a year and a half ago | (#41362769)

"All your PINs are belong to us!"

Re:Secret phrase (0)

Anonymous Coward | about a year and a half ago | (#41363093)

Tea. Earl grey. Hot.

Re:Secret phrase (1)

Anonymous Coward | about a year and a half ago | (#41363237)

Tea. Earl grey. Hot.

Destruct sequence confirmed, Captain.

Windows! (1)

mccabem (44513) | about a year and a half ago | (#41362959)

If humanity has any luck left this will spell the end of shitty automated phone systems (which is about 99.9% of them). With Windows as my bell weather, I'll not be holding my breath.

Really, Slashdot? (1)

korgitser (1809018) | about a year and a half ago | (#41363183)

Nobody reckognizes TFA as being about phreaking? You know, this kind of stuff dates back ages. Kevin Mitnick even had the superpower to whistle nuclear missiles into flight... True Story(TM).

FUD (0)

Anonymous Coward | about a year and a half ago | (#41363195)

So as far as I can gather the "SQL injection" relies on using the star key to enter a PIN which is converted to a numeric sequence that translates to true (1) or false (0). e.g. 1234*0, 1234*1
And what IVR is stupid enough to do this? The one that he wrote himself - there is absolutely no real world example of any of these vulnerabilities being real world vulnerabilities.

Re:FUD (0)

Anonymous Coward | about a year and a half ago | (#41363447)

Star key is part of DTMF spec, I'm not sure exactly how it applies to this case as I've not yet seen the whole presentation. Also, he did mention that he found a real world bank with this vulnerability, but he doesn't get specific, so it's hard to believe.

http://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling

Re:FUD (0)

Anonymous Coward | about a year and a half ago | (#41363723)

Yes - the buffer overflow error that he finds is in a cgi script that is called by the IVR service - well, presumably the partner web application would also be using that CGI script, so there is no real evidence that IVRs are any more or less vulnerable than any other system. In fact, because of the limitations they are much less vulnerable than systems with broader ranges of input (in my opinion).

Which IVR systems (0)

Anonymous Coward | about a year and a half ago | (#41363299)

Anyone know which IVR systems they're targeting? I work at a mid-sized provider and am curious :D

seen it done. not new. (5, Interesting)

gigne (990887) | about a year and a half ago | (#41363493)

Working in the industry, and having to read low level logs all of the time, I see this frequently.
People will call up, wait for a silence, and after 500ms start pumping down DTMF signals. Often they do this with seemingly random patterns 3-4 times before giving up.
often times they retry promps with longer and longer strings. This is old news.

I am guessing there is a wardialler in ther that is looking for specific systems at the other end. Sort of known phreak attacks.

Weird things like this exist and have existed for a long time. Hardware and software suppliers check for this now. We routinely check for stuff link this in dev and QA.

The submitter is doing nothing new, nothing unknown or even clever. These sorts of phreaks are older than I am. meh.

The fingers you have used to dial are too fat. (0)

Anonymous Coward | about a year and a half ago | (#41364099)

The fingers you have used to dial are too fat. To obtain a special dialing wand, please mash the keypad with your palm now

Re:seen it done. not new. (2)

cffrost (885375) | about a year and a half ago | (#41364325)

In the mid-1990s there was a DOS program called Code Thief, which would dial an 800* number, enter a telephone number known to be answered by modem (e.g., multi-line BBS), enter an authorization code (4-6 digits, IIRC), then keep a log of which codes resulted in successful connection.

* I don't know what these 800 numbers were exactly, but I was told they were intended to allow corporate business travelers to make LD calls from payphones/hotel phones at their employer's expense. The 800 numbers themselves were distributed via HPAVC BBSs and VMBs.

example exchange (1)

goffster (1104287) | about a year and a half ago | (#41363843)

are em minus f slash root
Permission Denied
sudo are em minus f slash root
no home directory

missing content and a few errors (0)

Anonymous Coward | about a year and a half ago | (#41364161)

I'll leave it as an excersize to catch errors (http://www.w3.org/TR/2002/WD-voicexml20-20020424/#dml6.1 -- vxml only/ I think he wanted maxspeechtimeout).

Many of the concerns are valid but not well explained. I also didn't see much mention of Speech-to-Text / Audio Mining. This focuses mainly on ASR
(automated speech recognition). Also, there isn't much mention the many diferrent ways these applications can be written (pure vxml / dynamically generated / non-vxml etc).

The main problem is that IVRs are more vulnerable than operators and systems. It is quite easy to brute force an IVR w/ a few digium cards and a bit of ANI spoofing. Just ask a coporate pbx tech. If they are paying attention, they should see these all the time (mostly trying to find a way to hijack free international long distance).

In b4 (-1)

Anonymous Coward | about a year and a half ago | (#41364299)

You faggerts post something about bobby drop tables.

at the tone (0)

Anonymous Coward | about a year and a half ago | (#41364429)

"at the tone please say your name" *BEEEEP* "admin"

"press 1 to make me your bitch"

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...