Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Only CGI scripts affected? (399 comments)

Oh I had the same thought....I mean, by the time an "attacker" is modifying arbitrary environment variables in your process,

Which is the case on most Apache Web server configs: the client has full control over the HTTP_REFERER and HTTP_USER_AGENT variables... And the exploit in question works with any environment variable, including those 2.

Well, starting from here, you are vulnerable as soon as:

  1. You have a CGI script written as a #!/bin/bash script on your system
  1. You have /bin/sh symlinked to /bin/bash (used to be common in many Linux distribution), so as soon as a script calls system(), /bin/bash gets executed, along with the scripts full environment...

5 days ago
top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Really? Using bash for CGI? (399 comments)

The problem affects any CGI that *calls* bash, which means any call to system() in any language is going to cause a problem.

Nowadays, on most systems, /bin/sh is a proper Bourne Shell (either ash or dash), and no longer bash. So system() should no longer be an issue, but explicitly calling bash still would be...

5 days ago
top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Test string here: (399 comments)

Or, more easily: the exploit string could be packed into the TERM variable, which almost all ssh's and even telnet daemons pass on the the shell: env TERM='() { :;}; echo vulnerable ssh some_user@some_server'

5 days ago
top

Remote Exploit Vulnerability Found In Bash

ArsenneLupin Re:Full Disclosure can be found on oss-security... (399 comments)

Just ran pacman -Syu

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Good. And now on to the next level:

env X='() { (a)=>\' bash -c "echo /usr/bin/id"; cat echo

5 days ago
top

The UPS Store Will 3-D Print Stuff For You

ArsenneLupin Re:So in the future ... (144 comments)

Captcha: Pervert

Well, actually, there's plenty of sex shops around where you can buy custom-molded dildos, sold by the pound of plastic or latex... (saw some in Brussels, but most likely other large cities have those too).

about a week ago
top

Dremel Releases 3D Printer

ArsenneLupin Re:Wrong type of machine for Dremel (105 comments)

Doesn't all this depend on the software? On a milling machine intended for the end user, the software could know about some of these constraints, and automatically reduce the speed to safe levels where needed. And also, this iModela machine works with soft materials (plastics, woods), not steel, which (probably) means it's not quite as likely to destroy its bits if mis-driven.

about two weeks ago
top

German Court: Google Must Stop Ignoring Customer E-mails

ArsenneLupin Re:What is a customer? (290 comments)

Good to know... if this indeed the case. I just wonder whether they will have to reply to messages from neighbouring countries as well, or only from Germans...

Indeed, google is notoriously hard to reach...

about three weeks ago
top

German Court: Google Must Stop Ignoring Customer E-mails

ArsenneLupin Re:What is a customer? (290 comments)

...when the police starts rounding up board members...

For not replying to an e-mail? I'd only wish :-)

about three weeks ago
top

German Court: Google Must Stop Ignoring Customer E-mails

ArsenneLupin Re:What is a customer? (290 comments)

The court, not being stupid, will probably send a few "canary" emails.

The court, while certainly not stupid, is very probably lazy. And won't continue bothering google out of its own initiative once a "settlement" is reached.

It will take a continued action by the consumer watchdog organization to keep the court interested, but it's a very fine line to walk between "keeping the court interested" and "not annoy the court by pestering it too much"

about three weeks ago
top

German Court: Google Must Stop Ignoring Customer E-mails

ArsenneLupin Re:What is a customer? (290 comments)

If Google decides to discontinue all Google services in Germany as a result, would that really be a "win" for the German consumer?

More likely outcome is that they change the auto-reply text of the mail to "thank you for your valuable feedback", and then still continue to ignore it. The customer will be none-the-wiser, and unable to prove that feedback gets ignored.

about three weeks ago
top

Google Serves Old Search Page To Old Browsers

ArsenneLupin Re:Yes (152 comments)

And even Google Webmaster tools still works with the "old" browser user-agent string. However, in webmaster tools, it doesn't dump the javascripts yet, unfortunately :-(

about a month ago
top

Google Serves Old Search Page To Old Browsers

ArsenneLupin Re:Yes (152 comments)

Please, Google, do continue to not "improve" the experience for "older" browsers. I've had all the UX "improvement" I can take.

Well said! I fullheartedly agree, and set the user agent of my firefox to version 0.10: the experience is a breeze! And yes, it even prevents google from inserting its own tracking into some of the links...

about a month ago
top

Google Serves Old Search Page To Old Browsers

ArsenneLupin Re:Yes (152 comments)

And there are no tracking cookies or similar inserted into the links, just the plain links. Overall a good experience :-)

... however, the normal site (for "recent" browsers) does insert tracking cookies.

I didn't check though whether the results were maybe outdated (newer pages not listed...), that would be nasty...

A test with google news shows that this is fortunately not the case, it shows news from within today. So if it is outdated, it's certainly outdated by less than one day.

about a month ago
top

Google Serves Old Search Page To Old Browsers

ArsenneLupin Re:Yes (152 comments)

I tried it (by setting the user-agent of my firefox to "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"), and I'm delighted. Image search works again and it feels faster too.

I didn't notice the problem you're mentioning about link visited being broken. I searched twice for myself, the first time I clicked on one of my links. After the second search, that link was correctly colored purple, as it should. However, I did notice a small delay before it turned from blue to purple.

And there are no tracking cookies or similar inserted into the links, just the plain links. Overall a good experience :-)

I didn't check though whether the results were maybe outdated (newer pages not listed...), that would be nasty...

about a month ago
top

New Nail Polish Alerts Wearers To Date Rape Drugs

ArsenneLupin Re:The world we live in. (595 comments)

was it really the best idea to go out in a suit made of meat and barbeque sauce?

tasty

about a month ago
top

Researchers Find Security Flaws In Backscatter X-ray Scanners

ArsenneLupin Belly Fat (146 comments)

Indeed, the puppy is very well hidden... but not in belly folds but in buggy html or miguided deep link protection. Anybody has a URL of this picture which accepts to be viewed from Slashdot?

about a month ago
top

Researchers Find Security Flaws In Backscatter X-ray Scanners

ArsenneLupin Hacking the machine (146 comments)

"Hacking the machine" was only one of many attack vectors. The more common attacks desribed were fixing stuff to the side of your body, rather than to the front or to the back (easily twarted by making you turn sideways, or visually looking for the much more obvious bulges if you try to "hide" weapons that way), or hiding the weapons behind a piece of Teflon (which reflects the rays the same way as the body, hiding everything behind it... but there still might be tell-tale contours if not done right)

about a month ago
top

Comcast Training Materials Leaked

ArsenneLupin Re:McDonallds should sue ... (251 comments)

do you want fries with that.

The difference is they take "no thanks" for an answer.

about a month and a half ago
top

Hotel Charges Guests $500 For Bad Online Reviews

ArsenneLupin Re:Libertarians, discuss! (183 comments)

Liability for what? A bad instead of salty taste?

about 2 months ago

Submissions

top

Luxembourg PM Juncker to resign over spy scandal

ArsenneLupin ArsenneLupin writes  |  about a year ago

ArsenneLupin (766289) writes "Luxembourg will hold new elections after Prime Minister Jean-Claude Juncker announced he would resign following a secret service scandal.

Mr Juncker, Europe's longest-serving head of government, told parliament he would step down on Thursday."

Link to Original Source
top

Luxembourg Prime Minister Resigns over Spying Scandal

ArsenneLupin ArsenneLupin writes  |  about a year ago

ArsenneLupin (766289) writes "Luxembourg Prime Minister Jean-Claude Juncker, Europe's longest-serving leader, Wednesday said he would step down over a scandal involving the small country's small secret services, who were alleged to have created a "big mess" by indulging in a spate of misconduct on his (or rather: Mister Mille's...) watch.

When will president Obama follow suite?"

Link to Original Source
top

Pope Benedict XVI resigns due to old age

ArsenneLupin ArsenneLupin writes  |  about a year and a half ago

ArsenneLupin (766289) writes "In a statement released by the Catholic Church, Benedict VXI said that “after having repeatedly examined my conscience before God, I have come to the certainty that my strengths, due to an advanced age, are no longer suited to an adequate exercise of the Petrine ministry.”
Hopefully the new pope (if there will be any...) will be more open-minded and tolerant of minorities"

Link to Original Source

Journals

ArsenneLupin has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?