How this got modded 5 insightful is beyond me. I've lived in cosmopolitan societies for a long time, one thing I've noticed that all races tend to stick together, the more of one kind in one place tends to let other kinds know in many ways they are not welcome. Disagree? Prove me wrong. Those that are tolerant like that naive person I am replying to are in a minority.
Unless you think that your gene-pool and culture should disappear, the struggle of your ancestors to go in wane, support unchecked immigration, because that is precisely what is going to happen, and it won't take all that long either. Mark my words.
Cities have their "business core" usually located in their centers, likewise mass transit lines are most efficient getting from outskirts to the downtown core.
Current fashion with tech companies is to minimize costs by leaving city centers and move to "cheaper" locations located in city outskirts. Assuming even distribution of company's employees around a city, the move to outskirts only helps employees that have the luck to live in the general quadrant of the city. Due to (usually) star shaped mass transit topology this dramatically increases the commute to work of everyone else.
I am a long slashdot member, I don't usually post comments as I prefer reading them, but one look at the new BETA site caused me to break my habit.
The new BETA sucks shit!
- I've been a frequent visitor to Reddit, I don't go there anymore after their version 4 redesign which was as bad as the new Slashdot BETA!
- I've been forced to read Slashdot through this abomination of a mobile version of the site on my tablet. Thankfully I've been able to revert to Slashdot classic.
- If I am forced to read slashdot through this unholy thing that is the BETA, I will do Reddit and stop reading Slashdot altogether.
So, seriously FUCK BETA
I am fully prepared to join the boycott that is planned for February 10-17, please KILL BETA.
I am a long slashdot member, I don't usually post comments as I prefer reading them, but one look at the new BETA site caused me to break my habit.
The new BETA sucks shit!
- I've been a frequent visitor to Reddit, I don't go there anymore after their version 4 redesign which was as bad as the new Slashdot BETA!
- I've been forced to read Slashdot through this abomination of a mobile version of the site on my tablet. Thankfully I've been able to revert to Slashdot classic.
- If I am forced to read slashdot through this unholy thing that is the BETA, I will do Reddit and stop reading Slashdot altogether.
So, seriously FUCK BETA
I am fully prepared to join the boycott that is planned for February 10-17, please KILL BETA.
Malicious code/malware can be technologically mitigated. Here in Europe my bank requires an authorization code for each action I make that is sent as a text message to my phone. With such system, both devices would have to be compromised (unless I use the same device for both internet and phoning)...
There are a couple of aspects of online voting that can never be solved with technology:
1) In order to be truly secure, each voter would have to receive a unique identifier. Voter anonymity would be lost.
2) When not in voting booth voter can be made to cast his vote under duress.
* Voting booths provide secure location where voter can cast his vote anonymously (answer to both)
All it takes is one malicious content source for a mashup site's security to be compromised.
Advice to users, stay away from mashups unless you trust its makers ensure third party content is 100% safe.
If you do end up using a mashup site, make sure that you observe all safe browsing tips, especially logging out of you web mail/banking services before entering.
I don't see this vulnerability being any different than your average Phishing scam. The only difference is the fact that the entire attack can happen without user's interaction. A visit to a malicious site is enough.
I feel that the primary responsibility still sits with the user of the web application, browsing only trusted sites is the only way you can protect yourself.
It would be nice for an AJAX developer to ensure that the users of his/her application are not vulnerable to these kind of attacks, but until the browser community secures the use of frames and iframes (which I believe are the biggest culprits here), there is not much a developers can do.
A simple rule for the browser to follow here would be:
A secure page loaded from a URL address can only rely on resources loaded from the same address. period.
Slashdot Mirror
How this got modded 5 insightful is beyond me. I've lived in cosmopolitan societies for a long time, one thing I've noticed that all races tend to stick together, the more of one kind in one place tends to let other kinds know in many ways they are not welcome. Disagree? Prove me wrong. Those that are tolerant like that naive person I am replying to are in a minority. Unless you think that your gene-pool and culture should disappear, the struggle of your ancestors to go in wane, support unchecked immigration, because that is precisely what is going to happen, and it won't take all that long either. Mark my words.
Cities have their "business core" usually located in their centers, likewise mass transit lines are most efficient getting from outskirts to the downtown core.
Current fashion with tech companies is to minimize costs by leaving city centers and move to "cheaper" locations located in city outskirts. Assuming even distribution of company's employees around a city, the move to outskirts only helps employees that have the luck to live in the general quadrant of the city. Due to (usually) star shaped mass transit topology this dramatically increases the commute to work of everyone else.
I am a long slashdot member, I don't usually post comments as I prefer reading them, but one look at the new BETA site caused me to break my habit.
The new BETA sucks shit!
- I've been a frequent visitor to Reddit, I don't go there anymore after their version 4 redesign which was as bad as the new Slashdot BETA!
- I've been forced to read Slashdot through this abomination of a mobile version of the site on my tablet. Thankfully I've been able to revert to Slashdot classic.
- If I am forced to read slashdot through this unholy thing that is the BETA, I will do Reddit and stop reading Slashdot altogether.
So, seriously FUCK BETA
I am fully prepared to join the boycott that is planned for February 10-17, please KILL BETA.
I am a long slashdot member, I don't usually post comments as I prefer reading them, but one look at the new BETA site caused me to break my habit.
The new BETA sucks shit!
- I've been a frequent visitor to Reddit, I don't go there anymore after their version 4 redesign which was as bad as the new Slashdot BETA!
- I've been forced to read Slashdot through this abomination of a mobile version of the site on my tablet. Thankfully I've been able to revert to Slashdot classic.
- If I am forced to read slashdot through this unholy thing that is the BETA, I will do Reddit and stop reading Slashdot altogether.
So, seriously FUCK BETA
I am fully prepared to join the boycott that is planned for February 10-17, please KILL BETA.
Malicious code/malware can be technologically mitigated. Here in Europe my bank requires an authorization code for each action I make that is sent as a text message to my phone. With such system, both devices would have to be compromised (unless I use the same device for both internet and phoning)...
There are a couple of aspects of online voting that can never be solved with technology:
1) In order to be truly secure, each voter would have to receive a unique identifier. Voter anonymity would be lost.
2) When not in voting booth voter can be made to cast his vote under duress.
* Voting booths provide secure location where voter can cast his vote anonymously (answer to both)
All it takes is one malicious content source for a mashup site's security to be compromised.
Advice to users, stay away from mashups unless you trust its makers ensure third party content is 100% safe.
If you do end up using a mashup site, make sure that you observe all safe browsing tips, especially logging out of you web mail/banking services before entering.
This must be one of the patents Microsoft claims is being infringed upon!
I don't see this vulnerability being any different than your average Phishing scam. The only difference is the fact that the entire attack can happen without user's interaction. A visit to a malicious site is enough.
I feel that the primary responsibility still sits with the user of the web application, browsing only trusted sites is the only way you can protect yourself.
It would be nice for an AJAX developer to ensure that the users of his/her application are not vulnerable to these kind of attacks, but until the browser community secures the use of frames and iframes (which I believe are the biggest culprits here), there is not much a developers can do.
A simple rule for the browser to follow here would be:
A secure page loaded from a URL address can only rely on resources loaded from the same address. period.