Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

New JavaScript-Based Timing Attack Steals All Browser Source Data

mrnobo1024 Re:Yes, there is a simple fix (167 comments)

How is even a malicious javascript code on one web page going to see the the content of a page that I have manuallly opened up in an entirely separate window?

It can't, but it can load that same page's URL in an iframe, and it will contain the same confidential information. Browsers try to prevent pages from reading the contents of cross-domain iframes, which is extremely difficult to do in a completely airtight manner. A much better solution would be not sending cookies on cross-domain requests and thus making it impossible for one site to load the secrets a different site is storing for you, but so far everybody is focused on treating the symptoms and not the disease.

about a year ago
top

ITU Approves H.264 Video Standard Successor H.265

mrnobo1024 Re:Patent-encumbered standards are stupid (182 comments)

This is the ITU, the same geniuses behind the "leap second" that crashed computer systems all over the world last June (because god forbid our clocks should ever be out of synch with the Earth's rotation by more than one second - never mind that given the way time zones are set up, many places are off by over an hour anyway). I'd be surprised if they even know what a patent is let alone why it's a bad thing to have on a standardized file format.

about a year and a half ago
top

Mario Bros. Clone Released For Atari 2600

mrnobo1024 Re:Simply amazing (90 comments)

From the linked atariage.com post:

Press the fire button to jump.
Press Up to run and to shoot fireballs if you are FireMario.

about 2 years ago
top

Windows 8 Changes Host File Blocking

mrnobo1024 Re:Calm down (1030 comments)

The hosts file can only be modified by administrators. Any additional protection is useless because if malware has gotten itself running as administrator, it can just kill or modify windows defender anyway.

about 2 years ago
top

The Cost of Crappy Security In Software Infrastructure

mrnobo1024 Re:Yeah, yeah, yeah. (156 comments)

The designers of Java tried to do two things regarding security:
1. allow running untrusted code (applets) without letting it break out of its sandbox
2. prevent unsafe memory access by bounds checking, type checking on casts, no explicit deallocation

#2 is a prerequisite for #1, since if code can write to arbitrary memory locations then it can take over the Java runtime process. However, #1 is not a prerequisite for #2. Java has in practice done poorly at meeting goal #1 but has been quite solid at #2.

more than 2 years ago
top

McAfee Claims Successful Insulin Pump Attack

mrnobo1024 Re:wow, McAfee has fallen to new lows! (196 comments)

Finding a security vulnerability is not "making viruses". Would you prefer that this be first discovered by someone who's not so nice as to disclose their findings, so that insulin pumps just start mysteriously "malfunctioning" and killing patients?

Regardless of what you may think of the quality of McAfee's software, they're not being anything besides white-hat here.

more than 2 years ago
top

McAfee Claims Successful Insulin Pump Attack

mrnobo1024 Re:McAfee for insulin pumps next (196 comments)

That could have been believable back in the DOS days, when most viruses seemed to have no real purpose besides amusement, but today the vast majority of malware is written for profit. Selling antivirus software would be counterproductive if you're making a lot more money from owning a botnet and the antivirus would eat into that.

more than 2 years ago
top

Innocent Or Not, the NSA Is Watching You

mrnobo1024 Re:Conflicted (410 comments)

From the summary:

It is, in some measure, the realization of the 'total information awareness' program created during the first term of the Bush administration

Your "small-government" Republicans are just as much on board with this as the "big-government" Democrats.

more than 2 years ago
top

Anonymous Hacks UK Government Sites Over 'Draconian Surveillance'

mrnobo1024 Re:They have a right to be angry ... (151 comments)

So-called "democracy" as it exists in countries like the US is a complete sham. The government can act against the public interest on literally every single issue and still stay in power: any individual is only going to be knowledgeable about a small fraction of what the government does, and a majority of people will just take the media's word for it that they're doing right on most everything else.

The only issues on which the public actually has any influence are those which our rulers recognize to be of relatively minor importance, so the parties can put on a show of virulently disagreeing on them, which makes people feel like they're actually making a difference when they throw out corporate-owned party A and put into power corporate-owned party B. On the most important issues, there's always bipartisan agreement on the wrong side.

more than 2 years ago
top

The Optimum Attack Rate For SSH Bruteforce? Once Every Ten Seconds

mrnobo1024 Re:I have a portknocking setup (167 comments)

TCP port numbers are unencrypted so a serious attacker will be able to find out your sequence anyway. All you're doing is wasting your own time by making legitimate connections take longer.

more than 2 years ago
top

Adobe Releases Last Linux Version of Flash Player

mrnobo1024 Re:yeah, go away flash! (426 comments)

Only garbage websites don't work properly without javascript

I agree. But unfortunately, Sturgeon's Law applies - 90% of websites are garbage, so if you want to use the web you'll have to go "dumpster diving" (enabling JS) a lot.

more than 2 years ago
top

Adobe Releases Last Linux Version of Flash Player

mrnobo1024 Re:Yay! (426 comments)

I used to think of Flash as a CPU hog, but it pales in comparison to Javascript/HTML5. Even simple 2D games in Javascript will run at about 3 frames per second despite constantly using 100% CPU, and they often hog memory too (which Flash has never been all that bad about in my experience, unless you leave a dozen YouTube tabs open or something).

Annoying ads won't go away just because Flash does; they'll move to HTML5 and will be just as annoying, more resource hungry, and harder to block (disabling Javascript everywhere makes the Web unusable; a whitelist system like NoScript is going to be a necessity).

more than 2 years ago
top

China Plans To End Executed Prisoner Organ Donations Within 5 Years

mrnobo1024 Re:why ? (214 comments)

Are judges and jury members more likely to need organ transplants than anyone else? If not, it makes no sense to say there's a perverse incentive for them to order more executions; they have no more interest in it than the rest of the public does.

more than 2 years ago
top

Mozilla Debates Supporting H.264 In Firefox Via System Codecs

mrnobo1024 Re:WebM (320 comments)

WebM supporters: Free Software Foundation, Participatory Culture Foundation, Xiph, Android, Codecian, Collabora, CoreCodec, Digital Rapids, FFmpeg, Adobe Flash Player, Flumotion Services, Google Chrome, Grab Networks, iLink, Inlet Technologies, Oracle Java, Matroska, Moovida, Mozilla, ooVoo, Opera, Oracle, Harmonic Rhozet, Skype, SightSpeed, Sorenson, Telestream, Tixeo, Ucentrik, VideoLAN, Wildform, Winamp Media Player, Wowza Media Server, XBMC Media Center, Allwinner Tech, AMD, Anyka, ARM, Broadcom, Chinachip, Chips&Media, C2 Microsystems, DSP Group, Freescale, GeneralPlus, Hisilicon, Hydra Control Freak, Imagination Technologies, Shanghai InfoTM Microelectronics, Leadcore Technology, Logitech, Marvell, MIPS, MStar Semiconductor, nVidia, Qualcomm, Rockchip Microelectronics, RayComm Group, SEUIC, Socle Technology Corp., ST-Ericsson, Texas Instruments, Verisilicon, Videantis, ViewCast, ZiiLABS, ZTE Corporation, Anevia, Brightcove, Delve Networks, Encoding.com, EntropyWave, Flumotion Services, HD Cloud, HeyWatch.com, Kaltura, Media Core, MetaCDN, ooyala, Panda, Panvidea, Sorenson 360, thePlatform, VideoRX.com, VMIX, YouTube, Zencoder

more than 2 years ago
top

Pi Day Is Coming — But Tau Day Is Better

mrnobo1024 Re:tau is wrong (241 comments)

Sure there is: e^(tau * i) + 0 = 1.

Hey, it's really not any more ridiculous than "... + 1 = 0".

more than 2 years ago
top

Khan Academy Chooses JavaScript As Intro Language

mrnobo1024 Re:Since when is JavaScript an unorthodox choice? (355 comments)

If you type {} + [] into the console, it's not actually parsing as addition, it's an empty block followed by a +[] expression (unary plus operator used to convert an empty array to a number).

more than 2 years ago
top

Mozilla Releases Rust 0.1

mrnobo1024 Re:Ok, I give up (232 comments)

And worse, to supposedly "protect" the programmer from himself (pointers are evil, GAHHHHH)? If the developer does not know how to make a good program in one language, it will still not know how to do in any other language.

It's not about "protecting the programmer from himself", it's about protecting the users. Practically nobody can write secure code in C or C++, where a very significant portion of bugs allow an attacker to run arbitrary code.

more than 2 years ago
top

Google Demonstrates Chrome Native Client With Bastion

mrnobo1024 Re:Or You Could... You Know... (154 comments)

And if you don't want that application to put your security at risk via the arbitrary code execution exploit du jour, all you have to do is run that application in a separate limited user account. And make sure all your important files' ACLs prohibit access from that account. And don't use runas, use an actual separate login session, because of window shatter attacks. It's so easy, I bet everyone runs their applications this way. I'm sure you do. ...Right?

more than 2 years ago
top

As a target for malware, my main computer is ...

mrnobo1024 Re:Windows 7 + VM + Not an Idiot (429 comments)

99% of avoiding Malware is simple not being an idiot and not going to places you shouldn't

You mean shady websites like mysql.com?

"It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge," say the researchers. "The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection."

more than 2 years ago
top

Ask Slashdot: Recovering Data From 20-Year-Old Diskettes?

mrnobo1024 Re:Brute Force? (375 comments)

all possible bit combinations for the bad sectors

A floppy disk sector is 512 bytes, so even with just a single unreadable sector there are 256^512 possible combinations, more than there are atoms in the universe.

more than 2 years ago

Submissions

mrnobo1024 hasn't submitted any stories.

Journals

mrnobo1024 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>