Via the H comes news of a possible remote attack vector using the protocol handler installed by Valve's Steam platform: "During installation, it registers the steam:// URL protocol which is capable of connecting to game servers and launching games ... In the simplest case, an attacker can use this to interfere with the parameters that are submitted to the program. For example, the Source engine's command line allows users to select a specific log file and add items to it. The ReVuln researchers say that they successfully used this attack vector to infect a system (PDF) via a batch file that they had created in the autostart folder. ... In the even more popular Unreal engine, the researchers also found a way to inject and execute arbitrary code. Potential attackers would, of course, first have to establish which games are installed on the target computer. "

Ollabelle writes "David Bernstein, a nonprofit executive who lives in Gaithersburg, Md., has two sons, ages 7 and 15. He has previously written about how schools fail students with Attention Deficit Hyperactivity Disorder. Now he turns his attention to mandated curriculum in public schools, and argues that his sons shouldn't be forced to take any science class." From the article: "There’s a concept in economics called 'opportunity costs,' which you may not have learned about because you were taking chemistry instead of economics. Opportunity costs are the sacrifices we make when we choose one alternative over another. ... When you force my son to take chemistry (and several other subjects, this is not only about chemistry), you are not allowing him that same time to take a public speaking course, which he could be really good at, or music, or political science, or creative writing, or HTML coding for websites."

Zothecula writes "Video game developers are always looking for new ways to give players a more immersive experience. But with several motion-controlled systems widely available and a viable virtual reality headset in the works, what else could be done to make games seem more realistic? Sony may have an unexpected answer with a recent patent that describes a controller that changes temperature between hot and cold to match in-game actions. With the controller giving 'temperature feedback,' the idea is that players would be able to more closely feel what their character feels, from getting hit with a fireball to traveling through a blizzard."

An anonymous reader writes "Boxee has announced the game-changing Boxee TV, offering live streaming TV via two on-board tuners and an industry-first 'No Limit' DVR service that allows users to record as much TV content as they want, and access it from virtually anywhere. The problem is that the unit, which records directly to the cloud, does not allow recording to a local drive, meaning users are stuck with Boxee for as long as they want to access their stored content — potentially hundreds or thousands of hours – to the tune of $14.99 per month until Boxee ups the ante. CEPro.com suggests, 'I suspect Boxee is offering unlimited storage to make users especially beholden to them. The more content you have, the less likely you are to drop the service.'"

iONiUM writes "In an interesting problem with physical currency, Iran is now running out of hard currency, due to a combination of inflation, and 'Koenig & Bauer AG of Würzburg, Germany, also says it has not responded to an Iranian request for bids to make the presses to print new rials.' Perhaps they should switch to BitCoin." In addition to not printing money for them, the European currency presses won't sell Iran the equipment needed to print their currency domestically (not unexpected with the embargo). pigrabbitbear adds: "Eutelsat Communications, one of the largest satellite providers in Europe, has just nixed its contract with IRIB, the Iranian state broadcasting company. While IRIB's programming is still mostly up and running in Iran, the decision means that 19 IRIB TV and radio channels have now been axed from Europe and much of the Middle East."

concealment writes with news of those Swedish pirates improving their infrastructure. From the article: "The Pirate Bay has made an important change to its infrastructure. The world's most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure." They are still running their own dedicated load balancers that forward encrypted traffic to one of their "cloud" providers, rather than dealing with physical colocation. Seems like a sensible decision any IT manager would make.

Bismillah writes "Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"

Sparrowvsrevolution writes "Maybe instead of zero-day vulnerabilities, we should call them -312-day vulnerabilities. That's how long it takes, on average, for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week. The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average – up to 2.5 years in some cases – before the security community became aware of them. 'In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought — perhaps more than twice as many,' the researchers write."

kc600 writes "Say you're a freelancer, using mainly open source solutions. You notice that customers, although they don't object to the whole open source idea, don't see the point in paying you for the time it costs you to properly open source your code. As a result, code is not released, because it would take too much time to factor out the customer-specific stuff, to debate architecture with the other developers, look at bug reports, et cetera. You feel there's something to contribute that many might benefit from. The code would also be better maintained if more people would use it, so the customer's project would also benefit. But you're not going to do it in your free time; you have enough on your mind and the bill is paid, right? What useful tricks can you think of to encourage yourself — and your customers — to properly share code, to the benefit of all, and get paid for it?"

An anonymous reader writes "The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

cylonlover writes "A trip on public transport or to the local coffee shop might give the impression that touchscreens are everywhere, but scientists at Autodesk Research of the University of Alberta and the University of Toronto are looking to take the ubiquity of touch interfaces to the next level. They are developing a 'Magic Finger' that allows any surface to detect touch input by shifting the touch technology from the surface to the wearer's finger. It's a proof-of-concept prototype made up of a little Velcro ring that straps to the wearer's fingertip with a trail of wires leading to a box of electronics. On the ring there are a pair of optical sensors. One is a low resolution, high-speed sensor for tracking movement, the other a high-resolution camera, which is able to detect 32 different surface textures with 98 percent accuracy."

The second U.S. Presidential debate kicks off in about a half-hour (9PM ET, 6PM PT, 0100 UTC) from Hofstra University in Hempstead, New York. Incumbent Barack Obama and challenger Mitt Romney will take questions from an audience of allegedly undecided voters. A live stream of the event will be available from a number of sources (C-SPAN, CNN, ABC, and PBS), and it will be broadcast nationally on the major networks. The flash-less and television-less can use rtmpdump to catch the debate from C-SPAN. It won't preempt the more important telecasts, like playoff baseball. Candidates from smaller parties again went uninvited (e.g. Gary Johnson from the Libertarians, Jill Stein from the Greens, Virgil Goode from the Constitution Party, and Rocky Anderson from the Justice Party). In fact, Jill Stein was arrested for attempting to enter without credentials (her side of the story). Assuming she's out of jail by Thursday, she and Gary Johnson will be participating in an online debate hosted by IVN.us. While tonight's debate is in progress, Politifact will be fact-checking the candidates in real-time (while CNN has demonstrated their journalistic capabilities with a debate drinking game). Feel free to weigh in with your commentary on the debate below — it would be helpful to provide timestamps or other context when referring to particular statements. As before, we're posting this here in a vain attempt to keep the political discussion out of other story threads tonight. If either of the candidates spontaneously concedes the election or catches fire, we'll do our best to update you.

The Bad Astronomer writes "Astronomers have announced that the nearest star system in the sky — Alpha Centauri — has an Earth-sized planet orbiting one of its stars. Alpha Cen is technically a three-star system: a binary composed of two stars very much like the Sun, orbited by a third, a red dwarf, much farther out. Using the Doppler technique (looking for very small changes in the velocities of the stars) astronomers detected a planet orbiting the smaller of the two stars in the binary, Alpha Centauri B. The planet has a mass only 1.13 times that of the Earth, making it one of the smallest yet detected.However, it orbits the star only 6 million kilometers out, so it's far too hot to be habitable. The signal from the planet is extremely weak but solidly detected (PDF), giving astronomers even greater hope of being able to find an Earth-like planet orbiting a star in its habitable zone."