|
Researchers have figured out how to leverage the reach of online advertising networks to distribute javascript of their choosing, creating the equivalent of a botnet of ad impressions capable of crashing underlying webservers or distributing malware on a massive scale for pennies on the dollar. Jeremiah Grossman and Matt Johansen of White Hat Security presented their research today at Black Hat USA 2013, research that did not include a zero-day vulnerability or exploit. All they had to do was buy an ad. This is a limited time offer. Hackers are standing by...
|
|
|
|
|
This news couldn't wait for the Black Hat conference happening now in Las Vegas. We reported in June that Georgia Tech researchers had created a charging station that could pwn any iOS device. The full presentation revealed precise details on how they managed it. I'm never plugging my iPhone charger into a USB port in a hotel desk again. Your best defense against hackers: a dead battery.
|
|
|
|
|
During a Formula 1 race, a car sends hundreds of millions of data points to its garage for real-time analysis and feedback. So why not use this detailed and rigorous data system elsewhere, like... at children’s hospitals? Peter van Manen [Managing Director of McLaren Electronics] tells us more. Applying intelligence and observation to the situation...
|
|
|
|
|
One of the biggest new features in Hyper-V is the introduction of Generation 2 VMs. Generation 2 VMs add capabilities that were previously unavailable on Hyper-V VMs, such as support for SCSI boot and Pre-Boot eXecution Environment (PXE) boot. Also, because Generation 2 VMs use Unified Extensible Firmware Interface (UEFI) instead of BIOS, they're able to perform secure boots from GUID Partition Table (GPT) disks. Real improvements for virtual machines.
|
|
|
|
|
|
|
|
I am Tugdual Grall, most of the people call me Tug. I am Technical Evangelist at Couchbase. I live close to Nantes in France. When I am not traveling I am working from home or from a local co-working space.... As a Couchbase Technical Evangelist, I do many different things with a very simple goal: be sure that developers understand the benefits of NoSQL databases (Couchbase in particular) and help them to use it in their project. We talk to Tugdual Grall, a developer and evangelist working on the Couchbase NoSQL database team.
|
|
|
|
|
SQL injection is a particularly interesting risk for a few different reasons... It remains number one on the OWASP Top 10 for a very good reason – it’s common, it’s very easy to exploit and the impact of doing so is severe. One little injection risk in one little feature is often all it takes to disclose every piece of data in the whole system – and I’m going to show you how to do this yourself using a raft of different techniques. We need reminders like this because there's still way too much SQL injection happening.
|
|
|
|
|
Terrence Dorsey wrote: We need reminders like this because there's still way too much SQL injection happening
Sadly, many people who need to be "reminded" are not the types who read industry news.
|
|
|
|
|
AspDotNetDev wrote: Sadly, many most people who need to be "reminded" are not the types who read industry
news.
FTFY
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Bad luck. I wanted to test that with the "famous" Alcatraz trips website (https://www.alcatraztrips.com/Confirmation.asp?order=1234[^]), but it looks like they updated it a little (you can still query information on any order without login, but all attempts showed "Bad order number" or a simple 500 page without information).
|
|
|
|
|
Ever wanted an excuse to learn Arduino, but don’t want to learn C/C++? Don’t worry. I’ve got you covered. I’ve published three articles on the Safari Books Online blog that show you how to take your existing JavaScript skillz and turn them in to a powerful force of hardware and blinking LED lights … and you’ll build yourself a #BBQDuino, too! And, I might be writing a book, too (skip to the end for more info on that)! 3 Arduino programming tutorials... and maybe an ebook if you like what you see here.
|
|
|
|
|
Sometimes it’s overkill to use a web framework if you only need to develop a very simple REST API. It turns out that Nginx can be used to develop a full fledged REST API and PostgreSQL can easily be used for persistence. In this blog post I’m going to show you how to create a simple CRUD API for articles. (Almost) no programming required.
|
|
|
|
|
What the hell is fifth normal form and why do we want it? Well, it deals with cases where we can avoid redundancy when information can be reconstructed from smaller bits of information and ... and ... and ... OK, so that's not helping. In fact, the vast majority of explanations on the Web aren't helping, so I'll explain how to fake database normalization. I'll even avoid big words. For those of you who know nothing about databases, this will help you tremendously. For those of you who know databases, try not to throw your coffee mug at the screen. Your database is not an Excel spreadsheet and other lessons in data table design.
|
|
|
|
|
So, this weekend I've started working on a simple, Arduino-based Inertial Navigation System. Using accelerometers and gyroscopes it is possible to calculate the traveled distance and the direction, from a known startpoint. The main problem of this method is that to get these distances, you have to perform integrations of the accelerations. Integration means that also every little error in measurement will be integrated, so they add up over time and the accuracy gets worse and worse. Therefore you need very good sensors and smart algorithms, being the reason why professional systems are expensive. And yet, we went to the moon with even less sophisticated technology.
|
|
|
|
|
When Intel and Apple released Thunderbolt, hallelujahs from the Apple choir were heard. Since very little in any of Apple’s hardware lineup is upgradeable, an external video card is the best of all possible world. Unfortunately, Intel doesn’t seem to be taking kindly to the idea of external GPUs. That hasn’t stopped a few creative people like Larry Gadea from figuring it out on their own. Right now he’s running a GTX 570 through the Thunderbolt port of his MacBook Air, and displaying everything on the internal LCD. A dream come true. For our next trick: using an entire PC as a peripheral for my phone. Oh, wait...
|
|
|
|
|
The huge popularity of the British-designed Raspberry Pi has caught Chipzilla's attention, and so you can now buy a similar bare-bones x86 PC named Minnowboard with a similar caseless design running an Angstrom Linux build... While Intel's foray into open source computing is to be welcomed, this hack doubts somehow that Minnowboard will have quite the appeal of its Raspberry rival. Although the board is powerful, it's certainly not cheap – but then, that's a perennial problem with Intel. Atom-ic bomb or the Minnow that grows into great things?
|
|
|
|
|
Lately there’s been a spate of articles about breakthroughs in battery technology. Better batteries are important, for any of a number of reasons: electric cars, smoothing out variations in the power grid, cell phones, and laptops that don’t need to be recharged daily. All of these nascent technologies are important, but some of them leave me cold, and in a way that seems important. It’s relatively easy to invent new technology, but a lot harder to bring it to market. I’m starting to understand why. The problem isn’t just commercializing a new technology — it’s everything that surrounds that new technology. Now tie off the kites and hurry down as fast as you can!
|
|
|
|
|
He does have to some excellent points. He even misses a few, like how much current can be provided by the cables going to a house (I think houses are normally wired for arround 200Amp). There is also the problems with energy spikes that the Electric Company will have to deal with from all this fast recharging. That will mean that cables all over the country will have upgraded. This probably will not happen. The Power Companies will also probably demand a large surcharge for any quick charging cars stations due to the transient demand that these will cause. Handling these heavy transient charges are expensive for the power companies.
|
|
|
|
|
Tomorrow at the Black Hat security conference in Las Vegas, the Pwnie Express will officially unleash Pwn Plug R2, the next generation in its arsenal of penetration testing and hacking hardware.... The new Pwn Plug looks less like a DC power supply plug—the form factor of its predecessor—and more like a small Wi-Fi access point or router. But inside, it's really a Linux-powered NSA-in-a-box, providing white hat hackers and corporate network security professionals a "drop box" system that can be remotely controlled over a covert Internet channel or a cellular data connection. Pwn Plug phones home, by any means necessary.
|
|
|
|
|
There were two high points for me at Def Con 1. First was the appearance of Dan Farmer, then head of data security for Sun Microsystems. Dressed all in black leather with flaming shoulder-length red hair and a groupie on each arm, Dan sat literally making-out in the back row until it was time for his presentation. But that presentation was far more entertaining than the smooching. In a series of rapid-fire slides Farmer showed dozens of ways in which crackers had attacked Sun’s network. Rooting the casino's minicomputer, partying with a U. S. Attorney and other hacker hijinx.
|
|
|
|
|
Today, I’m excited to announce that Windows 8.1 Enterprise Preview is now available for download for customers to start testing the operating system in their environments. Windows 8.1 Enterprise Preview builds on the Window 8.1 Preview which is currently available, adding premium features designed to address mobility, security, management and virtualization needs of today’s enterprise. AKA Windows 8.1 No Minesweeper And No You Can't Reinstall It Edition.
|
|
|
|
|
Still no start menu? Fail.
.-.
|o,o|
,| _\=/_ .-""-.
||/_/_\_\ /[] _ _\
|_/|(_)|\\ _|_o_LII|_
\._. |\_/|"` |_| ==== |_|
|_|_| ||" || ||
|-|-| ||LI o ||
|_|_| ||'----'||
/_/ \_\ /__| |__\
|
|
|
|
|
Interesting lessons can come from unexpected places! I was pleasantly surprised at how something as “simple” as reversing bits in a byte could lead me on an unexpectedly deep exploration: operation vs instruction count, memory access patterns and cache behavior, and low-level CPU instructions. It’s often very easy to make assumptions about the performance of code that we write, and I hope that this article serves as a reminder that the map is never the territory, and that the only way to understand what’s happening inside your code is by observing and measuring it. Studying the Stanford bit hacks and a little cheating.
|
|
|
|