Ad blockers: A solution or a problem?

Existing users of ad blocking software may be a lost cause. Once consumers decide to block ads and experience the cleaner Web pages and faster load times that ad blocking delivers as it filters out bandwidth-hungry animations, video and other advertising content, they’re less likely to want to give it up.

But will mainstream consumers in the U.S. turn to ad blockers in a big way? “The numbers have not reached the point where publishers are panicked,” says Chapell. “But if those products were on 80% of computers, we’d be having a very different conversation.”

via Ad blockers: A solution or a problem? – Computerworld.

Wake up, Rosetta!

Rosetta was launched in 2004 and has since travelled around the Sun five times, picking up energy from Earth and Mars to line it up with its final destination: comet 67P/Churyumov–Gerasimenko. For the coldest, loneliest leg of the mission, as Rosetta travelled out towards the orbit of Jupiter, the spacecraft was put into deep-space hibernation.

In 2014, Rosetta will complete its cruise towards the comet, rendezvousing with it in August, before putting its Philae lander onto the comet’s surface in November, as it begins its journey closer to the Sun.

via Wake up, Rosetta! / Rosetta / Space Science / Our Activities / ESA.

Rosetta will arrive at 67P in August 2014, where it will become the first spacecraft to orbit the nucleus of a comet and, later in the year, the first to land a probe – Philae – on a comet’s surface. It will also be the first mission to escort a comet as it journeys around the Sun.

VPN Related Vulnerability Discovered on an Android device

In this video we demonstrate the vulnerability via the following steps:

  1. We present a regular Android device (in this case it is the popular Samsung S4 device). Behind it we display a screen with packet capturing tool, showing the traffic that flows through that computer.
  2. Now the user runs the malicious app and clicks on the Exploit button which takes advantage of the vulnerability in the phone’s system.

via VPN Related Vulnerability Discovered on an Android device – Disclosure Report | Cyber Security Labs @ Ben Gurion University.

The exploit vector requires a user to do something.

A First Look at the Target Intrusion, Malware

Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

via A First Look at the Target Intrusion, Malware — Krebs on Security.

Starbucks Mobile App Vulnerability Puts Data At Risk

According to Wood, the file, which can be found at /Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog, contains more than just the user’s login information.

In re-testing the vulnerability last night Wood discovered that the user’s full name, address, device ID and geolocation data are all being stored in clear text as well. This information popped up after Wood reinstalled the app and monitored the session.cslog file during user signup.

via Starbucks Mobile App Vulnerability Puts Data At Risk | Threatpost – English – Global – threatpost.com.

A list of four special Linux distributions for kids

Learning at an early age can be best enhanced in an environment that encourages exploration. There is no other operating system that offers such variety and autonomy to customize the system based on specific needs like Linux. Like toys and clothes for kids, the Linux community has developed specific operating systems that can offer them a fun learning environment. I believe that to boost curiosity in kids, it is important to create a set up that gives them a feeling of wonder.

via A list of four special Linux distributions for kids | opensource.com.

I haven’t installed any of these but found the concept interesting.

How Is Reactive Different from Procedural Programming?

A recent post on Reactive Programming triggered discussions about what is and isn’t considered Reactive Logic. In fact, many have already discovered that Reactive Programming can help improve quality and transparency, reduce programming time and decrease maintenance. But for others, it raises questions like:

  • How does Reactive differ from conventional event-oriented programming?
  • Isn’t Reactive just another form of triggers?
  • What kind of an improvement in coding can you expect using Reactive and why?

So to help clear things up, here is a real-life example that will show the power and long-term advantages Reactive offers. In this scenario, we’ll compare what it takes to implement business logic using Reactive Programming versus two different conventional procedural Programming models: Java with Hibernate and MySQL triggers.

via How Is Reactive Different from Procedural Programming?.

Zero-Day Flaws Found, Patched In Siemens Switches

The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, which would allow an attacker to hijack an administrative session on the switch without credentials. The session ID basically exposes the client’s IP address so an attacker could then hijack the admin’s Web-based session while managing the switch. “But you don’t log onto these switches very often — maybe once a year– so, in that sense, it’s a weak vulnerability,” he says.

The more critical zero-day Leverett found in the switch was the second one, which would let an attacker take over the admin operations of the switch — no authentication required. The attacker could then download any network configuration information, or upload a malware-ridden firmware update, for example, Leverett says. “The device assumes if you know the URL, you must have authentication. But it never asks you to authenticate [for it],” he says.

via Zero-Day Flaws Found, Patched In Siemens Switches — Dark Reading.

xkcd 1313: Regex Golf

I found that the hover text, “/bu|[rn]t|[coy]e|[mtg]a|j|iso|n[hl]|[ae]d|lev|sh|[lnd]i|[po]o|ls/ matches the last names of elected US presidents but not their opponents.“, contains a confusing contradiction. There are several last names (like “Nixon”) that denote both elected presidents and opponents. So no regular expression could both match and not match “Nixon”. I could only assume that Randall meant for these names to be winners and not losers (and in fact he later confirmed that was the correct interpretation).

So that got me thinking: can I come up with an algorithm to find a short regex that covers the winners and not the losers?

I started by finding a page that lists winners and losers of US presidential elections through 2000. Adding the 2004-2012 results I get:  …

via  xkcd 1313: Regex Golf

Apparently there is a Regex Golf game.

Type a regex in the box. You get ten points per correct match. Hit Enter to go to the next ‘level’.