Ric on Twitter

  • 10 September, 2012 - 10:55
    Any watch freaks out there? Time for some early Xmas shopping! http://t.co/kM5C8cyx
  • 25 July, 2012 - 10:14
    Have you kicked the tires on the Joomla 3 Alpha? If so, I'd love to know what you think.
  • 17 July, 2012 - 17:25
  • 17 July, 2012 - 16:18
    The Alpha release of the new Joomla! 3.0 is out now. The release is primarily intended for extension developers... http://t.co/eX31fk0o
  • 9 July, 2012 - 23:45
    My latest book is out: Joomla! Search Engine Optimization http://t.co/3lToGUhh #joomla #seo

Feed Roundup

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Slashdot - 9 July, 2014 - 10:14
New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

Read more of this story at Slashdot.








Categories: The Essentials

Teensy card skimmers found in gullets of ATMs

The Register - 9 July, 2014 - 10:02
Hi-tech fraudsters treading more softly, but gas still yielding bang for buck

A series of tiny and sometimes transparent card-skimming devices have been detected in ATMs across Europe, researchers say.…

Categories: The Essentials

Microsoft issues fixes for Surface Pro 3 Wi-Fi, battery life

from News.com - 9 July, 2014 - 09:56
At least three of the software giant's updates address power consumption issues, but another Wi-Fi update is planned next week.






Categories: Open Source

Medical marijuana patient busted in Washington DC

Boing Boing - 9 July, 2014 - 09:38

Ed Forchion, aka "The New Jersey Weedman" and his friend Daniel Price, who both have medical marijuana licenses, attempted to go to Washington D.C.

Read the rest
Categories: The Essentials

Uber kindly agrees not to price gouge during disasters

The Register - 9 July, 2014 - 09:29
Cab-killer bows to 1970s oil price protection laws

Taxi-killing car service Uber has struck a deal with New York State officials to prevent runaway service charges.…

Categories: The Essentials

Senate panel approves data-sharing cybersecurity bill

from News.com - 9 July, 2014 - 09:27
A Senate committee gives the nod to the Cybersecurity Information Sharing Act, which would make it easier for companies and the government to share data during cyberattacks.






Categories: Open Source

Welcome To The New Wild West

Boing Boing - 9 July, 2014 - 09:24

On the day the new Georgia Safe Carry Protection Act went into effect, an argument between two men in a convenience store led to a near-showdown involving a drawn firearm and one arrest.

Read the rest
Categories: The Essentials

Get XCOM, BioShock with 2K Humble Bundle

from News.com - 9 July, 2014 - 09:04
The most recent Humble Bundle consists of a package of games from 2K, including several BioShock and XCOM titles.






Categories: Open Source

In space no one can hear you scream, but Voyager 1 can hear A ROAR

The Register - 9 July, 2014 - 08:58
Boffins now very, very, sure craft is in interstellar space, and it's picking up 'sounds'

Hero space probe Voyager 1 has sent home what NASA is calling a “sound” from the cosmos.…

Categories: The Essentials

My favorite Rudy Rucker novels in new editions

Boing Boing - 9 July, 2014 - 08:33

Rudy Rucker published two new books this week, Transreal Trilogy and All The Visions.

Transreal Trilogy includes three of his “transreal” novels, that is, SF about his own life: (1) the growing-up-novel Secret of Life, (2) the beyond-infinity White Light, and (3) the scary-funny-futurological Saucer Wisdom.

Read the rest
Categories: The Essentials
Syndicate content