Domain: dotslash%5breversethis%5d.org
Stories and comments across the archive that link to dotslash%5breversethis%5d.org.
Stories · 9
-
Code Posted For New IE Exploit
PC World is reporting that two days ago hackers posted code for a new vulnerability in Internet Explorer that could allow drive-by takeover of a vulnerable PC. Security companies say that no exploits using the "daxctle" vulnerability have yet been found in the wild, but they are taking the new threat seriously. Symantec calls the bug "critical" and Secunia rates it highly critical, the most severe rating. The hackers who posted the sample code, xsec.org, refer to it as a "0day" exploit. The article quotes another security expert who calls this label "a stretch." Update: 09/17 18:00 GMT by C :Fixed link to XSec. Thanks for pointing that one out, folks. -
Do You Care if Your Website is W3C Compliant?
eldavojohn wonders: " Do W3C standards hold any importance to anyone and if so, why? When you finish a website, do you run it to the validator to laugh and take bets, or do you e-mail the results to the office intern and tell him/her to get to work? Since Opera 9 is the only browser to pass the ACID2 test, is strict compliance really necessary?" We all know that standards are important, but there has always been a distance between what is put forth by the W3C and what we get from our browsers. Microsoft has yet to release a browser that comes close to supporting standards (and it remains to be seen if IE7 will change this). Mozilla, although supportive, is still a ways from ACID2 compliance. Web developers are therefore faced with a difficult decision: do they develop their content to the standards, or to the browsers that will render it? As web developers (or the manager of web developers), what decisions did you made on your projects? Update: 05/20 by C : rgmisra provides a minor correction to the information provided. It is stated above that Opera9 is the only browser to pass the ACID2 test, however "This is not true - Safari was the first released publicly released browser to pass the ACID2 tests." -- Sorry about the mistake. -
Where are the Prosecutors?
a_greer2005 wonders: "In the past 5 years, we have seen plenty of virus writers in the United States brought to justice both criminally and when possible financially. In the past couple of weeks it has been discovered that Sony has shipped a rootkit, which is worse than the common spyware or virus, so I ask you, where are the law suits? Is anyone planning criminal/civil action at all? Does Sony frighten the entire legal industry? If nothing is done about this, will we have ANY right to tell a company 'NO' in the future when it comes to DRM worms -- Is this but a sample of things to come?" Update: 11/12 10:20 PM EDT by C :Whoops! Missed the fact that we've already reported on the fact that California has already started a class action suit against Sony (thanks to the posters that caught this). New York may soon follow. However that is only 2 states out of 50. Is there a possibility of more to follow? -
Fox to Purchase Myspace
jagger writes "News Corp announced on Monday that it has bought Intermix Media, owner of the popular MySpace.com social networking site, for $580 million. This follows an announcement by News Corp on Friday that it is creating an Internet division to hold the company's sports, news and entertainment sites." Update: 07/19 2:40EDT by C :Sorry about the copy errors, folks. They have been fixed. -
Free Open-Source vs. Commercial Security Tools?
sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site. -
Intentional SpyWare Infection?
zagman asks: "I am doing some research on SpyWare / AdWare, and how to prevent/contain the problem, and am looking for some of those 'Bad Sites' - you know, the ones which take advantage of any of the known exploits and installs a whole bunch of software without your knowledge (or sometime with it). I am testing this on IE6 on an XP-SP1 box (no further patches) and also IE6.02 on a XP-SP2 box. Can anyone out there recommend some 'good' bad-sites for me to go? Benjamin Edelman did some similar work, and posted his results, but I also want to compare Mozilla and FireFox's response as well. Thanks out there!" Update: 11/24 4:05pm EDT by C : In case it hasn't been mentioned already, a considerable amount of infection can be obtained from a single website. Any other infectious goodies out there? -
System Shock 2 Retrospect...and Possible Followup?
Starsmore writes: "Gamespot has a retrospective on the 1999 cult classic System Shock 2, which normally isn't that big of a deal on it's own, although it's a nice read for those interested in some of the stories behind the production of System Shock 2. The biggest draw is that tucked at the end of the article (and shown below for those that don't want to RTFA), is this: 'But why even look back at System Shock 2 at this point? Because Irrational has been, and it plans to make a related announcement this Friday (tomorrow). The studio has decided that it wishes to further what it started in System Shock 2--to work on games that promote "emergent" gameplay--open-ended exploration that offers many choices and combinations of options to players. You'll see what we mean tomorrow. Be sure to come back then.' " Could this possibly mean a sequel to the System Shock franchise? Update: 10/09 22:30 EDT by C : As many of you suspected, Irrational is in the process of developing BioShock , a "spiritual successor" to the System Shock games. Here's hoping they can distill much of what made games like System Shock and Thief so successful, yet succeed at their aim of building a game with truly emergent gameplay. -
Advice on Becoming an Independent Contractor?
miyako asks: "I'm 20 years old and going to be graduating soon with a degree in Computer Information Systems. I was thinking recently about the job market available and I began to realize that I don't want to spend the rest of my life using my skills to make someone else money. I've been making money these last few years doing odd computer related jobs, programming, networking, graphic design, but never steadily or on a big scale. What I've come to realize is that when I graduate I'd prefer to work for myself doing contracting jobs. I thought that I would put the question out to Slashdot since a number of you seem to be doing this for a living or to supplement your income. What's the best way to get started, especially for someone without a lot of professional experience under their belt?" Update: 10/08 11:20 EDT by C : After press time, another worthwhile related question popped up. Rather than post another story, it's probably better to handle both issues together. So in addition to the current question, what legal aspects should Independent Contractors consider, especially when it comes to writing contracts? "Is it better to be a generalist, or to specialize in a few areas? What can I do to get myself recognized in the sea of other people doing the same thing? Is the market really there and is it strong enough that someone could make a living only doing this? What do I need to be aware of on the business end of things?
I realize that I might make significantly less, at least at first, than I could working for a company, but I would rather make less money and be more fulfilled working for myself. In short, what advice would Slashdot readers give a new graduate who is looking to start a business doing contracting jobs?"
While considering the issues an independent contractor needs to worry about when starting out, it might also help to consider the aspects a starting contractor will need to tackle when confronted with an important aspect of his job: writing contracts. With that in mind, we have this addition from Clanner: "I've been working as an IT Contractor recently, and I have a few opportunities to do some independent contract work (IE: not through a contracting agency) for a handful of clients. While I plan on consulting an attorney at some point, I'd like to get a few pointers from the Slashdot community as far as things to watch out for in contracts with customers. I'm looking for both items to avoid having in a contract as well as things that I should make sure are included. I plan on using a balanced contract, where neither party is at any severe advantage or disadvantage. I'm sure there are plenty of experienced hands at this in the Slashdot community, and I'd like to hear any suggestions you may have and about your experiences in this type of work (good or bad). Thanks!" -
Is it Safe to Use Win XP SP2, Yet?
An anonymous reader asks: "I have to run Win XP for work. However, I have not had the urge to download and install SP2 due to all of the problems that I've heard. Are lots of people still having problems with it? I know I don't have any viruses or spyware, and no, Linux is not an option. I am a consultant and my hardware has to match the client. I have done plenty of searching, but nobody has really followed up and shown what is currently happening with SP2, just what was happening when it was released. Did M$oft release any patches for SP2 yet to fix some of the reported issues? I do use a wireless network, and heard it messes up the connections. Is that true? Thanks for any help." Update: 09/18 04:15 EDT by C : Apparently there may still be some performance issues with XP-SP2, as this later article illustrates, however it may not be so bad as the article makes it out to be. Some readers are suggesting that the performance hit is due to bounds checking in the code, so it begs the question: Would you prefer a slower app that has more security, or a faster app that suffers from typical vulnerabilities that might bite you big-time, later?