Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Government Subsidy (Score 1) 272

They actually used the term kilowatt hours? Something is very very off there.

Why is that? Kilowatt hours is how electrical energy use is billed (at least in Australia) and I just pulled out my last bill and can see I used around 2200 kWh for last quarter, so around 24 kWh per day so it's a convenient unit for comparison. Unless you're thinking of seeing batteries quotes in Ah which doesn't mean much without knowing the nominal voltage.

Comment Re:Stuff from our past, when we grew up... (Score 1) 245

by commlinx (#54201581) Attached to: Die-Hard Sysops Are Resurrecting BBS's From The 1980s

Is it even possible for most people to use a modem these days? I suspect most phone traffic is already passing through an ADC->DAC translation anyway. Trying to put a modem signal through that seems like a painful exercise.

I did some work on a legacy embedded system using a 2400bps modem about 5 years back and it still worked fine over a modern phone system when the receiving end was VoIP with an analog modem attached. It was part of a gas meter reading systems where it piggy-backed on a POTS line and reported usage once a day, the tiny amount of data being transmitted only needed about a 30 second connection so a few hundred reporting back to a single line overnight with staggered connections and retries was practical. Some vending machines used to do the same until relatively recently but much rarer now that a GSM subscription can be had for $50 per annum in volume so trying to make use of an existing land-line would have a long payback time given the extra installation costs.

Submission + - Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware.

Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10, and not earlier OS versions, and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Submission + - When ISP copyright infringement notifications go wrong

Submitted by Andy Smith
Andy Smith writes: Yesterday I received an email from my ISP telling me that I had illegally downloaded an animated film called Cubo and the Two Strings. I'd never heard of the film and hadn't downloaded it. The accusation came from a government-approved group called Get It Right From a Genuine Site. I contacted that group and was directed to their FAQ. Worryingly, there's no way to correct a false report. The entire FAQ is written from the position that either you, or someone on your network, definitely downloaded what you're accused of downloading. Their advice to avoid any problems with your ISP is simply to not download anything illegally again. But if they can get it wrong once, then surely they can get it wrong again. How widespread is this problem? What safeguards are in place to ensure that people aren't falsely accused? Why has the government allowed this scheme to operate without the accused having some right to defend themselves?

Submission + - Why Don't Mobile OSs offer a Kill Code? 1

Submitted by gordo3000
gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter and it wipes all private information on the phone?

In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information. I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone.

This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.

So slashdot, what say you?

Submission + - Torvalds patches git to mitigate against SHA-1 attacks (itwire.com)

Submitted by troublemaker_23
troublemaker_23 writes: Linux creator Linus Torvalds says two sets of patches have been posted for the distributed version control system git to mitigate against SHA-1 attacks which are based on the method that Dutch and Google engineers detailed last week.

Submission + - Medical Disclaimer: 561Pharmacological Properties (561pharmacologicalproperties.com)

Submitted by Anonymous Coward
An anonymous reader writes: The information contained on this web site and mobile application is for knowing the great values, advantages of plants and fruits for health. 561Pharmacological Properties use of fruits, plants, vitamins and important minerals for better health.

Submission + - UK seeks next generation of code breakers (bbc.com)

Submitted by AHuxley
AHuxley writes: The BBC is reporting on a new plan to shape the UK's intake of code breakers.
500 students will be educated at a boarding school to help with the UK's future cybersecurity needs.
The support will come from a private non-profit consortium.
Maths, computer science, economics, and physics will be part of the curriculum alongside cybersecurity.
The hope is that the UK can find more cybersecurity professionals due to a shortage of critical talent.
Aptitude tests and coding skills will help sort applications.

Submission + - WordPress auto-update server had flaw allowing persistent backdoors in websites (theregister.co.uk)

Submitted by mask.of.sanity
mask.of.sanity writes: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate.

Submission + - Brain Cancer Patients Live Longer by Sending Electric Fields Through Their Heads (ieee.org)

Submitted by the_newsbeagle
the_newsbeagle writes: The big problem with treating glioblastoma, the most aggressive type of brain tumor, is that nothing really works. Surgeons cut out the tumor as soon as it's detected and blast left-behind cells with radiation and chemo, but it always comes back. Most glioblastoma patients live only one or two years after diagnosis.

The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients' lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others.

The catch: Patients have to wear electrodes on their heads around the clock, and they're wired to a bulky generator/battery pack that's carried in a shoulder bag.

Submission + - SPAM: Assange says WikiLeaks to expose Google

Submitted by schwit1
schwit1 writes:
  • WikiLeaks founder Julian Assange promised to release information on subjects including the U.S. election and Google
  • Assange said WikiLeaks plans to start publishing new material starting this week, but wouldn't specify the timing and subject
  • He warned that the so called 'October Surprise' will expose Google
  • Assange did not reveal what type of information would be leaked about the tech giant, but his 2014 book could provide a clue
  • In it, he wrote: '(Eric) Schmidt's tenure as CEO saw Google integrate with the shadiest of U.S. power structures...'

Link to Original Source

Submission + - Lawsuit: Yahoo CEO Marissa Mayer Led An Illegal Purge Of Male Employees (mercurynews.com)

Submitted by Tasha26
Tasha26 writes: It seems like there is only bad news for Yahoo this week. On top of 1 billion breached account, Verizon only just been told about it and secretly scanning customer emails on behalf of NSA, there is now news of a gender discrimination lawsuit against Yahoo CEO Marissa Mayer.

According to a media executive fired from Yahoo last year "Marissa Mayer encouraged and fostered the use of an employee performance-rating system to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees." In addition to Mayer, 2 other female executives, Kathy Savitt and Megan Liberman, were identified in the lawsuit for discriminating against male employees.

Comment Is this all caused by UPnP? (Score 1) 279

by commlinx (#52961293) Attached to: Ask Slashdot: Is My IoT Device Part of a Botnet?
I've read a few of these stories lately and while personally I run a Mikrotik router with a separate access point I thought the vast majority of shitty consumer routers still had a basic firewall that blocked all incoming connections by default? Plus for those that don't presumably all these IoT device would need NAT on your typical home network to be accessible externally so does anyone know if UPnP is required for these exploits to work? I realize this only applies to external port scans but I'd assume that's how most botnets find target devices rather than because of outgoing connections to the vendor's server that may be compromised.

Comment Re:Inherently Insecure (Score 1) 237

by commlinx (#52703393) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

1. A solution that uses a central server only for the purpose of establishing the IP address of your chosen call recipient, then allows all communication to that recipient to happen directly, point-to-point. There is no need to route call traffic through central servers (unless you want to listen in). Ahem. Skype.

I'm not so sure with mobile devices that's as easy as it sounds. I'm not aware of the situation in other countries but in Australia you normally sit behind NAT and don't get a publicly routable IP address. I once inquired with with a carrier if it was possible to get one so I could VNC into an embedded system using a dynamic DNS arrangement and the answer was it was only available as an add-on option for corporate accounts, and that meant having a minimum of 500 phone services.

Slashdot Top Deals

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire

Close