Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Iranian Military Says It's Copying US Drone

jenic Re:Is it just me? (350 comments)

A UAV based MMOG? Priceless.

Someone get this man the start up capital and a lifetime supply of mountain dew and hot pockets. This is happening.

more than 2 years ago
top

Snoozing Pilot Mistakes Venus For Aircraft; Panic, Injuries Ensue

jenic Re:Air Canada? (307 comments)

Beavers aside, I don't actually see what the problem is. What if the situation were reversed? Way, way worse.

You mean if Venus mistook the pilot for another planet?

more than 2 years ago
top

MacControl Trojan Being Used In Targeted Attacks Against OS X Users

jenic Re:Sounds like a vulnerability in a Microsoft prod (187 comments)

Really? Aren't we just getting a little paranoid? Why not take it one step further and suggest to sandbox every application inside the VM OS?

Great idea! Is someone working on that?

more than 2 years ago
top

Cryptome Hit By Blackhole Exploit Kit

jenic Re:Blackhole (49 comments)

Symantec says that Blackhole affects "various Windows platforms". Does Cryptome run on Windows?

Whether or not cryptome runs in windows is not for me to say, however I do believe that cryptome was compromised and made to distribute the blackhole exploit. The following is found on TFA:

Although I'm not a full fledged security researcher, I could shed some light on the script that you found on your server. The basic program flow goes like this when a client loads the script (in your case every time anyone visits one of your pages):

  • the client IP address is compared against a list (net_match(...)) and if it falls within the range of the list it is in scope
  • the client OS is determined and if it is a windows machine, it is in scope
  • the client browser is determined and if it is a internet explorer (6.0 until 8.0) it is in scope
  • if the client is in scope (i.e. all three of the previous are true), a file is created on your webserver (empty text file), the filename is the IP address of the client (probably for later retrieval)
  • an iFrame is loaded in the browser of the client that will be impossible to see (width and height of 1 pixel) and that iframe points to the webpage of 'http://65.75.137.243/Home/index.php'

After step 5 probably the browser is under attack and it will probably be a successful attack since the attackers knows the client to be a windows machine running an internet explorer browser, my guess would be that the client is now infected and part of a botnet to be used in other attacks. The IP address of the attacker is a webserver for the domain http://absolutely-free-meeting.com/ I'm not sure they have anything to do with this attack, probably they are a comprimised server like your webserver was compromised. The WHOIS information for this domain is registered by godady and I include their data and the registrants data below, it would be best to contact both so that they can clean up their server also. Conclusion:

  • your webserver was compromised and a file was uploaded (the attacking script)
  • the attacker was only interested in certain IP address (probably only a certain location)
  • the clients that are infected are infected from another web server (no idea why since that attack script could have been put on your webserver also)

PS: I tried to format that as best I could but slashdot was having none of it

more than 2 years ago
top

Google Updates Algorithm To Punish Websites With Excessive Ads

jenic Re:except google (321 comments)

It has been awhile since I used Adsense but I believe Google's Terms of Use specify a set number of Adsense ads per page and the number cannot be exceeded without breaking said terms. Perhaps they no longer do that though.

more than 2 years ago
top

Chrome Becoming World's Second Most Popular Web Browser

jenic Re:Inevitable. (511 comments)

True enough. There are many advanced features you find in NoScript but not NotScripts, and I can see how one would miss them. But if all you're looking for is to block flash and ad network/tracking scripts, it gets the job done.

It mostly gets the job done. The inline javascript is huge. On the developers own site he admits he cannot currently block inline javascript. Which means a simple <script>while(1){alert('trolololol')}</script> would defeat it. I know Chrome detects this and will not allow an infinite number of alerts but my point is inline scripting is used a lot and NotScripts cannot protect against that.

more than 2 years ago
top

Chrome Becoming World's Second Most Popular Web Browser

jenic Re:Inevitable. (511 comments)

See my post above, I've used NoScript, I use NotScripts on Chrome now, and I don't miss any functionality.

While an average user might not miss any functionality with NotScripts the overwhelming truth is that there are limitations to what NotScripts can do with the limited Chrome API. Let me list some features I use daily:

  • Clickjacking protection
  • inline script blocking
  • Script Surrogates
  • XSS Filtering
  • Application Boundary Enforcement
  • HTTPS Enforcement
  • Secure Cookie Enforcement

I could go on but lets discuss ABE for a moment. Singularly the most awesome part of NoScript. Lets say you allow Facebook.com scripts to run since you have a facebook account. Now lets say you allow slashdot.org scripts to run because you are a masochist. Facebook inclusions will run on slashdot.org because you trust both facebook and slashdot. But not with ABE:
# Facebook XSS
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION

I could still go on but you get the point right?

more than 2 years ago
top

Chrome Becoming World's Second Most Popular Web Browser

jenic Re:Inevitable. (511 comments)

AdBlock Plus runs on Chrome. It's in Google's Chrome Web Store.

Get back to me when they have a fully functioning NoScript.

more than 2 years ago
top

Electronic Contact Lens Displays Pixels On the Eye

jenic Strange Coincidence (126 comments)

A strange coincidence that I happen to be reading Rainbows End right now.

more than 2 years ago
top

OpenPGP Implemented In JavaScript

jenic Jolly Good Idea (167 comments)

I'm sure cryptologist's agree! What could possibly go wrong?!

more than 2 years ago
top

JavaScript JVM Runs Java

jenic Re:This is completely unnecessary. (234 comments)

Fabrice Ballard already wrote an x86 emulator in javascript. Just install the standard x86 JVM inside of that and you're good to go.

Yes, that's why this is completely unnecessary.

more than 2 years ago
top

Hiding Messages In VoIP Packets

jenic Re:Would this really work? (83 comments)

I'd be interested in the further development of this storyline.

more than 2 years ago
top

Hiding Messages In VoIP Packets

jenic Re:Would this really work? (83 comments)

I've always wondered why Alice and Bob are so secretive.

more than 2 years ago
top

Who Owns Your Social Identity?

jenic Unlucky or Unliked (1 comments)

Interestingly, at least to me, is that this is not the first time Danah Boyd has experienced this. The blog post where she details the event also says she hosts her own blog and email service ever since Yahoo! mistook her for a terrorist in 2001.

more than 3 years ago
top

DHS Wants Mozilla To Disable Mafiaafire Plugin, Mozilla Resists

jenic Proud of Mozilla (360 comments)

I normally don't post offhand comments but I just feel really compelled to say how good I feel about the donations I've made to Mozilla. I felt good about them before, but this just makes it that much better!

more than 3 years ago
top

Facebook speeding boast leads to conviction

jenic Corrections and Clarifications (4 comments)

From the article: Vladimir Rigenco boasted about speeding on an online car forum called 5 Series Forums, not on a Facebook group page, as originally reported.

more than 3 years ago

Submissions

jenic hasn't submitted any stories.

Journals

jenic has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>