Given that the machines have to have the acoustic networking software installed on them (requiring already having root access), this is at worst a covert communications channel that could be used to bypass network security controls in order to exfiltrate information from an otherwise secure network. It has no impact on whether machines can be hacked to begin with.
I don't know why people keep submitting this garbage from Espresso Logic, who is just taking advantage of the fact the the term "reactive" has been overloaded to mean different things to exploit the hype surrounding the Reactive Manifesto and related technologies (e.g., Akka, Rx, Node.js, etc.) to push their own, completely unrelated product, which is based on the more traditional (i.e., the one you find in Wikipedia) definition of "Reactive Programming".
"Reactive programming", as defined by the Reactive Manifesto (which is what all the hype is about), is about designing applications that operate in an entirely asynchronous and non-blocking manner, so as to maximize CPU utilization and fully exploit parallelism, and ensure that the system is always responsive to new events (user input, incoming data streams, errors, changes in load, etc.) rather than having resources tied up waiting for external processes (e.g., blocking on I/O). It has nothing to do with "reactive databases".
Many early tanks (up through WW2) had anti-tank capabilities (indeed, the first tanks had no reason to have anti-tank capabilities - there were no other tanks to fight against). The main distinguishing features of a tank are its armor (which need not necessarily be very heavy - just enough to deflect small arms fire), its tracks, and the fact that it has some sort of weapon mounted on a turret.
The Panzer I was classified as a light tank but was armed only with MG13 machine guns. The British Vickers Light Tank Mk VI likewise only had.50cal and.303cal machine guns.
Rhino runs an interpreter that first compiles JavaScript into its own pseudo-bytecode, and then interprets the pseudo-bytecode. I believe what Oracle is proposing is to compile JavaScript directly into Java bytecode, using the new features of the JVM to handle the dynamic aspects that weren't possible with previous versions of the JVM.
Me too! I even still have Pidgin set up to log into it (along with every other account I have), though my ICQ contacts are so old I pretty much never talk to any of them.
If the domain changes hands, that's going to break a lot of XML files containing xsi:schemaLocation attributes and DTD references pointing to documents within http://java.sun.com/xml/ns/j2ee/ .
You should just put a big banner across the top of the screen that reads: "BIG BROTHER IS WATCHING YOU." The government in 1984 gave full disclosure as well.
That said, they are your children, and by extension it's probably your computer as well (or at the very least, your Internet connection), so you're well within your rights to monitor how it is used. It isn't really even necessary to actually do any monitoring. As long as they believe they're being monitored, the effect should be the same.
If any of you had bothered to read TFA, you'd notice that sharing your address and phone number is entirely optional for the user on a per-app basis. They just split the "Request for Permission" dialog into two options instead of one: 1. Access my basic information (the only option up until now) and 2. Access my contact information. Why anyone would actually choose the second option is beyond me (maybe they anticipate someone developing some sort of app that sends notifications via text messages), but it's not as if they're forcing you to share the information, or even making it likely that you'd accidentally share it.
Drive-by downloads are not typically downloaded by your browser (except in the case of exploits targeting vulnerabilities in the browser itself). They are usually downloaded by browser plugins (such as Flash, Adobe Reader, various ActiveX controls, etc.) that contain vulnerabilities that are exploited (either via JavaScript or by specially crafted media files), and the payload of the exploit (the "shellcode") downloads and executes some Trojan EXE. It has absolutely nothing to do with downloads that are initiated by your browser via Java Script (which must always be authorized by the user in all major browsers, generally via a Save/Open/Cancel dialog).
I bought a Brother printer a few months ago when my Canon printer became irreparably clogged. It has worked quite well for me so far. The ink even comes in individual per-color cartridges.
If you look at the pictures in TFA, you'll note that they've moved Print Screen to share space with the Insert key. To invoke Print Screen instead of Insert, you have to hold down the Fn key.
That's the trojan that's being installed by the exploits served up by the injected IFRAME. It is not the vulnerability that is allowing the IFRAME to be injected to begin with.
ISP contacts customer, says "you appear to have a virus that is doing bad things on the network. Please fix it." or pops a web page with the same message and probably a link to an antivirus solution.
Popping up a web page would be an extraordinarily bad idea, given how many popup/banner ads, malicious web pages, and adware are already out there selling fake antivirus software.
I wish the Tomcat developers would read RFCs. Or perhaps they consider it a "feature" that I can undeploy my webapp by hitting my browser's Back button while logged into the Manager application....
They can define the term "bit" to mean whatever they want for that legal document. However, if they make any promises about bandwidth, the same definitions apply. So, if, for example, they are guaranteeing you 10 megabits/second bandwidth, that had better mean you can download a 100MB file in 10 seconds.
Slashdot Mirror
I'm an Android user that does not use Chrome. I use Opera.
You have been eaten by a gru. Feel better now?
Given that the machines have to have the acoustic networking software installed on them (requiring already having root access), this is at worst a covert communications channel that could be used to bypass network security controls in order to exfiltrate information from an otherwise secure network. It has no impact on whether machines can be hacked to begin with.
I don't know why people keep submitting this garbage from Espresso Logic, who is just taking advantage of the fact the the term "reactive" has been overloaded to mean different things to exploit the hype surrounding the Reactive Manifesto and related technologies (e.g., Akka, Rx, Node.js, etc.) to push their own, completely unrelated product, which is based on the more traditional (i.e., the one you find in Wikipedia) definition of "Reactive Programming".
"Reactive programming", as defined by the Reactive Manifesto (which is what all the hype is about), is about designing applications that operate in an entirely asynchronous and non-blocking manner, so as to maximize CPU utilization and fully exploit parallelism, and ensure that the system is always responsive to new events (user input, incoming data streams, errors, changes in load, etc.) rather than having resources tied up waiting for external processes (e.g., blocking on I/O). It has nothing to do with "reactive databases".
And what are they going to do for the remaining 6 hours of the night during winter?
Dammit! That should have read "had NO anti-tank capabilities".
Many early tanks (up through WW2) had anti-tank capabilities (indeed, the first tanks had no reason to have anti-tank capabilities - there were no other tanks to fight against). The main distinguishing features of a tank are its armor (which need not necessarily be very heavy - just enough to deflect small arms fire), its tracks, and the fact that it has some sort of weapon mounted on a turret.
The Panzer I was classified as a light tank but was armed only with MG13 machine guns. The British Vickers Light Tank Mk VI likewise only had .50cal and .303cal machine guns.
Rhino runs an interpreter that first compiles JavaScript into its own pseudo-bytecode, and then interprets the pseudo-bytecode. I believe what Oracle is proposing is to compile JavaScript directly into Java bytecode, using the new features of the JVM to handle the dynamic aspects that weren't possible with previous versions of the JVM.
document structure != layout
The header and footer are part of the structure of the document.
The fact that they appear at the top and bottom of the screen is part of the layout.
Only if they're targeting you by your DNS name and not your IP address.
Me too! I even still have Pidgin set up to log into it (along with every other account I have), though my ICQ contacts are so old I pretty much never talk to any of them.
Gadahi/Kadaffy/Qaddafi/whatever did say he declared a ceasefire. Meanwhile, Libyan tanks continued to roll into Benghazi to "disarm to protesters".
If the domain changes hands, that's going to break a lot of XML files containing xsi:schemaLocation attributes and DTD references pointing to documents within http://java.sun.com/xml/ns/j2ee/ .
You should just put a big banner across the top of the screen that reads: "BIG BROTHER IS WATCHING YOU." The government in 1984 gave full disclosure as well.
That said, they are your children, and by extension it's probably your computer as well (or at the very least, your Internet connection), so you're well within your rights to monitor how it is used. It isn't really even necessary to actually do any monitoring. As long as they believe they're being monitored, the effect should be the same.
If any of you had bothered to read TFA, you'd notice that sharing your address and phone number is entirely optional for the user on a per-app basis. They just split the "Request for Permission" dialog into two options instead of one: 1. Access my basic information (the only option up until now) and 2. Access my contact information. Why anyone would actually choose the second option is beyond me (maybe they anticipate someone developing some sort of app that sends notifications via text messages), but it's not as if they're forcing you to share the information, or even making it likely that you'd accidentally share it.
Huh... are you against eating mutton?
Drive-by downloads are not typically downloaded by your browser (except in the case of exploits targeting vulnerabilities in the browser itself). They are usually downloaded by browser plugins (such as Flash, Adobe Reader, various ActiveX controls, etc.) that contain vulnerabilities that are exploited (either via JavaScript or by specially crafted media files), and the payload of the exploit (the "shellcode") downloads and executes some Trojan EXE. It has absolutely nothing to do with downloads that are initiated by your browser via Java Script (which must always be authorized by the user in all major browsers, generally via a Save/Open/Cancel dialog).
I bought a Brother printer a few months ago when my Canon printer became irreparably clogged. It has worked quite well for me so far. The ink even comes in individual per-color cartridges.
I wonder how many times this vulnerability was used to deliver malware.
If you look at the pictures in TFA, you'll note that they've moved Print Screen to share space with the Insert key. To invoke Print Screen instead of Insert, you have to hold down the Fn key.
according to TFA:
Malware description
Threatname: Backdoor.Win32.Buzus.croo
Aliases: Trojan-PWS.Win32.Lmir (Ikarus, a-squared); TR/Hijacker.Gen (AntiVir); Trojan/Win32.Buzus.gen (Antiy-AVL); W32/Agent.S.gen!Eldorado (F-Prot, Authentium); Win32:Rootkit-gen (Avast); Generic15.CBGO (AVG); Trojan.Generic.2823971 (BitDefender, GData); Trojan.Buzus.croo (Kaspersky, QuickHeal); Trojan.NtRootKit.2909 (DrWeb); Trj/Buzus.AH (Panda).
That's the trojan that's being installed by the exploits served up by the injected IFRAME. It is not the vulnerability that is allowing the IFRAME to be injected to begin with.
ISP contacts customer, says "you appear to have a virus that is doing bad things on the network. Please fix it." or pops a web page with the same message and probably a link to an antivirus solution.
Popping up a web page would be an extraordinarily bad idea, given how many popup/banner ads, malicious web pages, and adware are already out there selling fake antivirus software.
Oh noes! If only we had a way to detect and filter text that looks like spam....
I wish the Tomcat developers would read RFCs. Or perhaps they consider it a "feature" that I can undeploy my webapp by hitting my browser's Back button while logged into the Manager application....
They can define the term "bit" to mean whatever they want for that legal document. However, if they make any promises about bandwidth, the same definitions apply. So, if, for example, they are guaranteeing you 10 megabits/second bandwidth, that had better mean you can download a 100MB file in 10 seconds.