Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Look at the credits for Adobe Reader. (Score 4, Insightful) 236

by shuttah (#38287986) Attached to: Adobe Warns of Critical Zero Day Vulnerability

I agree 110%.

It's a blatant and inexcusable display of negligence on Adobe's part to schedule an update over a month after telling us that a REMOTE EXECUTION EXPLOIT is confirmed, and is being exploited in the wild. Again, with confirmation. To add to that, this isn't even something where you can advise everyone to turn off javascript and pray everyone follows your instructions while keeping an eye on traffic. It's nothing short of nightmare to be honest. The fact that this software is installed on everything from a consumer's new laptop or desktop, to a hell of a lot of government agencies doesn't sit well with me either.

Comment Get the FUD Out of Here. (Score 5, Interesting) 57

by shuttah (#38246146) Attached to: Was Conficker Stuxnet's Trojan?

I'm doubting this story.

Admittingly, the following two clues as to who the author(s) of Conficker are, are circumstantial, but i would like to offer them to you guys for consideration since this behavior from Conficker has been observed and documented -

1.

"Once Conficker [A] infects a system, it includes a keyboard layout check, via the GetKeyboardLayout API, to determine whether the victim is currently using the Ukrainian keyboard layout. If so, [A] will exit without infecting the system. This suicide exit scheme has been observed in other malware-related software, such as Baka Software's Antivirus XP Trojan installer."

The suggestion is that Conficker's author(s) were trying to avoid violating the local laws of their native country. Presumably Ukraine (who's laws concerning computer crime seem to have several loopholes).

Source

2.

In a honeynet, there was a connection observed of the [B] variant of Conficker using variant [A]'s protocol to take over a machine already infected with Variant [A]... so it was Conficker trying to replace variant [A] with Variant [B]. For several reasons (located in the source link below), it is suggested the packet captured was an instance of Conficker testing it's own robust nature to not be taken over by another author or virus.

The significance of this is the "hybrid" packet described above came from an address owned by, again, Baka Software in the Ukraine.

Source
Android

Submission + - Linaro releases Ice Cream Sandwich builds for iMX5 (linaro.org)

Submitted by
b0101101001010000
b0101101001010000 writes: "We've just released preview ICS builds of Freescale's iMX53, ST Ericsson's Snowball, Samsung's Origen and TI's Panda boards (AOSP supports Panda out of the box, this just contains a kernel that based on Linus' HEAD). This should give Android platform developers on these platforms a good base to work from."

Comment Re:Please Clarify Your Post Title (Score 3, Interesting) 122

by shuttah (#38148962) Attached to: US Government Probes Huawei and ZTE

Interesting.

I don't think the immediate characterization of Huawei as a puppet to Beijing is altogether justified, seeing how here in America we have SPECIFIC branches of the government - like the CIA - making donations to stateside companies - like Facebook.

The CIA donates to a social network (facebook) = China blocks the network (Facebook).

Then America calls it censorship.

But when Beijing donates ($8 Million) to Huawei and America blocks it...

America says it's National Security?

Comment Please Clarify Your Post Title (Score 2) 122

by shuttah (#38148308) Attached to: US Government Probes Huawei and ZTE
Huawei and ZTE have not done any industrial espionage that we know of (or espionage of any kind, for that matter). Nor is the investigation by the House of Representatives’ intelligence committee, in fact, concerned with any espionage done by either Huawei or ZTE. Also, it should be noted that Huawei have opened their hardware to inspection by the British government. Inaccurate post titles like these come at the expense of discussion, since less and less people are actually reading the stories posted here. As was previously posted, the concern here is what malevolent capabilities a Huawei network would give groups like the People's Liberation Army with whom they have alleged ties to.
Communications

Ham Radio Licenses Top 700,000, An All-Time High 358

Posted by timothy from the ok-everyone-call-bdale-garbee dept.
Velcroman1 writes "The newest trend in American communication isn't another smartphone from Apple or Google but one of the elder statesmen of communication: Ham radio licenses are at an all time high, with over 700,000 licenses in the United States, according to the Federal Communications Commission. Ham radio first took the nation by storm nearly a hundred years ago. Last month the FCC logged 700,314 licenses, with nearly 40,000 new ones in the last five years. Compare that with 2005, when only 662,600 people hammed it up and you'll see why the American Radio Relay League — the authority on all things ham — is calling it a 'golden age' for ham. 'Over the last five years we've had 20-25,000 new hams,' said Allen Pitts, a spokesman for the group."

Comment Suggestion... (Score 2) 478

by shuttah (#38132530) Attached to: Are There Any Smartphones That Respect Privacy?
There is nothing stopping you from using a GNU System with the linux kernel, or concocting a mix of the linux kernel with GNU & non-GNU software. I whole-heartily share your concern about privacy in the smartphone world, and that is why i would suggest using the Geeksphone with either a linux distribution or Replicant.

I would also suggest using webDAV at home or setup remotely, and configure your calendar, contacts, bookmarks and other file-syncing that way (of course encrypting everything before it hits the wire).

Additionally, in September RMS wrote a great piece on Android that might be of interest to you. Also, this little nugget from Firefox developers doing a pseudo-Q/A on Reddit (i know, i'm sorry) regarding your privacy in the browser might also be of concern to you.

Comment I Started Using Tumbleweed A Week Ago... (Score 3, Interesting) 174

by shuttah (#38082156) Attached to: OpenSUSE 12.1 Released
...(for desktop use) and am using OpenSUSE not out of preference, but just to get myself familiar with other systems. Alsa worked flawlessly (as opposed to Alsa having minor issues in my previous distro, Debian Testing/Wheezy). I haven't gotten the hang of YaST for package management just yet, but zypper... the command line front-end to YaST, is very powerful. You add a switch and a URL to the zypper command to add repositories, and there are a multitude of command shortcuts available for software installation. I've been using zypper a lot since installation, and as a Debian user for three years i can say it's certainly giving APT a run for it's money. The software available for OpenSUSE is great, but the whole PORTAL documentation way of organizing it has been a little difficult to get used to at times. Again, i've just been using this for a week so that may not be the most educated judgement. Anyway, default repositories are - SUSE Updates, debug, source, OSS Software, and non-OSS Software (OSS = Open Source Software). Additionally, the Packman repository for OpenSUSE makes available pre-built RPM's for another large assortment of software. They currently don't have a US mirror, but being in New York and using the UK mirror... the speeds are fine. What's interesting to me is OpenSUSE is using systemd (by Lennart Poettering who also did Pulseaudio and avahi). Anyway, have a lot of fun. Hope i don't sound like too much of a salesman here.
IT

Submission + - IBM illuminates solar power system aimed at data c (networkworld.com)

Submitted by
coondoggie
coondoggie writes: "IBM said today that is rolling out a solar-power array system designed to run high-voltage data centers. IBM has installed the first iteration of the system on the 6,000 square-feet of rooftop of its India Software Lab in Bangalore. The solar array is capable of providing a 50-kilowatt supply of electricity for up to 330 days a year, for an average of five hours a day."
China

Submission + - China detains Internet users for spreading rumors (networkworld.com)

Submitted by alphadogg
alphadogg writes: Chinese authorities have started to detain Internet users for allegedly spreading online rumors, in its latest measure to control the country's social media sites. China's State Internet Information Office said it determined several online Internet rumors were fabricated, and instructed relevant departments to prosecute the offenders, according to a Tuesday report from China's state-run press agency Xinhua. The so-called rumors include a case where a user spread alleged misinformation about income tax provisions by forging state documents. The user was detained for 15 days. In another case, a Chinese college student from the province of Yunnan was detained after spreading what the government called a rumor on blogs and forums, about an incident where a man killed eight officials in his village. The "rumor" had said the man killed the officials because of pollution generated from a cement factory.
Japan

Submission + - Fukushima's fallout worse than thought (nature.com)

Submitted by
gbrumfiel
gbrumfiel writes: "A new study posted for open peer-review suggests that the nuclear reactors at Fukushima Daiichi released far more radiation than the Japanese government initially estimated. The study uses global radioisotope and meteorological data to calculate the size of the release from the plant. Nature News reports that, contrary to official claims, the model shows that fuel being stored in a pool at unit 4 released a significant amount of cesium-137, a long-lived contaminate that has spread across the countryside. It also says that some Xenon-133 may have early on in the accident, suggesting that the plant was already damaged before it was hit by a tsunami. Overall, it estimates that Fukushima released about twice as much cesium-137 as the government claims and half as much as Chernobyl."
Microsoft

Submission + - Browser Security - Looking Beyond Vulnerability Co (esecurityplanet.com)

Submitted by darthcamaro
darthcamaro writes: Every so often, a browser vendor (or a paid research group) come out with some kind study that says IE is the best because it does better malware scanning. Other times the which browser is best debate is all about who had the most vulnerabilities. As it turns out, both methods are inadequate ways to measure which browser is the most secure

In general, our conclusion is that the best browser is the one that is the most hostile to a payload being successful," Shawn Moyer managing principal research consultant with Accuvant told the audience at the recent SecTOR security conference in Toronto.
Security

Submission + - XML Encryption Broken, Need to Fix W3C Standard (ruhr-uni-bochum.de)

Submitted by gzipped_tar
gzipped_tar writes: Researchers from Ruhr University Bochum demonstrated the insecurity of XML encryption standard at ACM Conference on Computer and Communications Security in Chicago this week. "Everything is insecure", is the uncomfortable message from Bochum.

As pointed out by the Ars Technica article, XML Encryption is used widely as part of server-to-server Web services connections to transmit secure information mixed with non-sensitive data, based on cipher-block chaining. But it is apparently too weak, as demonstrated by Juraj Somorovsky and Tibor Jager. They were able to decrypt data by sending modified ciphertexts to the serve by gathering information from the received error messages. The attack was tested against a popular open source implementation of XML Encrytion, and against the implementations of companies that responded to the responsible disclosure — in all cases the result was the same: the attack worked.

Fixing the vulnerability will require a revision of the W3C XML encryption standard, Somorovsky said. The researchers informed all possibly affected companies through the mailing list of W3C, following a clear responsible disclosure process.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close