/.

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 7 hours 23 min ago

Deserialization Issues Also Affect<nobr> <wbr></nobr>.NET, Not Just Java

Sun, 08/13/2017 - 7:19am
"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers. Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Read more of this story at Slashdot.

269 People Joined An Age Discrimination Class Action Suit Against Google

Sun, 08/13/2017 - 6:14am
Slashdot reader #9,119 BrookHarty writes: "269 people have joined a class-action lawsuit against Google claiming they were discriminated against in the workplace based on their age..." reports BizJournals. "The lawsuit originated in 2015 with plaintiff Robert Heath and was certified as a class-action in 2016." Google has stated it has implemented policies to stop age discrimination but still has an average employee age of 29. In 2004 Larry Page fired Brian Reid nine days before IPO costing Reid 45 million in unvested stock options. Reid was fired for lack of "cultural fit". Reid has settled for an undisclosed amount.

Read more of this story at Slashdot.

Amateur Drone Lands On British Air Carrier, Wired Reviews Anti-Drone Technology

Sun, 08/13/2017 - 3:09am
Long-time Slashdot reader mi quotes the BBC: The Ministry of Defence is reviewing security after a tiny drone landed on the deck of Britain's biggest warship. The Queen Elizabeth aircraft carrier was docked at Invergordon in the Highlands when an amateur photographer flew the drone close to the giant ship. When the aircraft sensed a high wind risk, it landed itself on the £3bn warship. The pilot told BBC Scotland: "I could have carried two kilos of Semtex and left it on the deck... I would say my mistake should open their eyes to a glaring gap in security." Meanwhile, tastic007 shares Wired's footage of anti-drone products being tested (like net guns, air-to-air combat counter-drones, and drone net shotgun shells) -- part of the research presented at this year's DEFCON.

Read more of this story at Slashdot.

Crowdfunding Campaign Seeks a Libre Recording of a Newly-Completed Bach Work

Sun, 08/13/2017 - 12:04am
Slashdot reader DevNull127 writes: Robert Douglass's Kickstarter campaigns have resulted in free fan-funded open source recordings of Bach's Goldberg Variations and the 48 pieces in his Well-Tempered Clavier, Book 1. "Even Richard Stallman found these recordings, and he promptly wrote an email encouraging us to drop the word 'Open' in favor of 'Free' or 'Libre'," Douglas tells BoingBoing (adding "when RMS writes you telling you to change the name of your music project, you change the name of your music project.") Now Douglass is crowdfunding a libre recording of Bach's last masterpiece, 20 fugues developed from a single theme called "the Art of the Fugue". "He wanted to culminate in a final fugue that literally spells his name, B-A-C-H, in musical notation," remembers Douglass, but "unfortunately, Bach died before completing that work, and it has remained a musical mystery (and tragedy) for hundreds of years." Fortunately Kimiko Ishizaka completed the work in 2016, "based on the music that Bach left us... This new composition will also be released under a Creative Commons license as part of the new OpenScore.cc project... Kimiko is eminently grateful to her fans and supporters of free culture for allowing her to focus all of her energies on growing the public domain and bringing the music of J.S. Bach to a far broader audience than ever imagined." They're also rewarding supporters with tickets to two live performances -- one at Carnegie Hall in New York City and one in Hamburg's new Elbphilharmonie.

Read more of this story at Slashdot.

28 Years Later, Pioneering Tech Magazine 'Mondo 2000' Relaunches Online

Sat, 08/12/2017 - 7:59pm
In 1989 Mondo 2000 magazine ran an editorial promising they'd cover "the leading edge in hyperculture...the latest in human/technological interactive mutational forms as they happen." 28 years later, they're now heckling that editorial as they relaunch into a web site. Slashdot reader DevNull127 quotes Motherboard's interview with R.U. Sirius, the founder of Mondo 2000 (as well as its predecessors High Frontiers and Reality Hackers): "It was my idea to merge psychedelics and emerging technologies, and the culture around technology," Sirius said, citing Timothy Leary, writer Robert Anton Wilson and counterculture magazine The Whole Earth Catalog among his inspirations... "I kind of found my way into that particular stream of bohemian culture. It was probably a minority, but there had always been that idea of letting robots replace human work." Soon High Frontiers evolved into a glossy magazine, Reality Hackers ("Some distributors at the time thought it was about hacking people up, and put it on the shelf next to murder mystery magazines"), and later Mondo 2000, which ran from 1989 till 1998... "We really had to work to convince people that technology was defining the future. Nobody really got it. Doug Rushkoff wrote his book Cyberia, and his first book company cancelled its publication because they said the internet was a fad and that it would be over by the time the book came out"... While he uses Facebook and Twitter, Sirius is critical of their role in colonising what was once a more democratic and open space. "People are being herded into little buildings -- or huge ones -- in what was supposed to be a wide open space in which everybody created their own sites. It's a complete corporate takeover of the net, Facebook in particular... It's definitely not what we were expecting." Mondo 2000's new online relaunch includes audio of a conversation between William Gibson and Timothy Leary about a Neuromancer game to accompany a proposed film back in 1989. (Gibson complained "That was no interview! That was a drunken business meeting!" when first informed of the magazine's plans to publish it, though he eventually "became friendly.") There's also a 1987 discussion about mind technologies with 73-year-old William S. Burroughs (who was also "an advocate of high technology, and the 'brain machine'"), plus an unpublished John Shirley essay titled "The Next Fifty Years: Why I'm Optimistic Because Everything Will Be Terrible" and new pieces by Paul Krassner ("Alternative Facts") and M.Christian ("La Petite Mort: The Death Of Sex").

Read more of this story at Slashdot.