Zocalo - Slashdot User

Submission + - This thumbdrive hacks computers. "BadUSB" exploit makes devices turn "evil" (arstechnica.com)

Submitted by Anonymous Coward on Thursday July 31, 2014 @09:37AM

An anonymous reader writes: When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.

Submission + - Vision-Correcting Display Lets Users Ditch Their Reading Glasses (gizmag.com)

Submitted by Zothecula on Thursday July 31, 2014 @09:30AM

Zothecula writes: We've seen a number of glasses-free 3D technologies in recent years, most famously in Nintendo's 3DS, but now researchers at the University of California at Berkeley and MIT have created a prototype device that allows those with vision problems to ditch their eyeglasses and contact lenses when viewing regular 2D computer displays by compensating for the viewer's visual impairment.

Submission + - Google notifies police of child pornography in email, suspect arrested (khou.com)

Submitted by SpaceGhost on Thursday July 31, 2014 @12:21AM

SpaceGhost writes: KHOU, the CBS affiliate in Houston, Texas reports that after Google detected an explicit image of a young girl in a users email they reported it to the National Center for Missing and Exploited Children, which led to his arrest. Google did not respond to questions the reporter asked about this use of their technology, and the article does not make clear if it was a gmail account.

Submission + - Crytek USA Collapses, Sells Game IP To Other Developers (hothardware.com)

Submitted by MojoKid on Thursday July 31, 2014 @12:03AM

MojoKid writes: Game developer Crytek's problems have been detailed recently from various source, and it's now clear that it wasn't just the company's UK studios that were affected. Crytek announced today that it has officially moved development of its F2P shooter "Hunt: Horrors of the Guilded Age" to a German developer, ignoring the fact that the majority of the US team had apparently already quit the company. The problem? Just as in the UK, the US employees weren't getting paid. In a separate announcement, Crytek also declared that development of the Homefront series had passed entirely to developer Deep Silver. The company has stated, "On completion of the proposed acquisition, the Homefront team from Crytek's Nottingham studio would transfer their talents to Koch Media in compliance with English law and continue their hard work on upcoming shooter, "Homefront: The Revolution". Both parties hope to finalize and implement a deal soon." It's hard to see this as good news for Crytek. The company can make all the noise it wants about moving from a development studio to a publisher model, but Crytek as a company was always known for two things — the CryEngine itself, adapted for a handful of titles and the Crysis series. Without those factors, what's left?

Submission + - Countries don't own their Internet domains, ICANN says (computerworld.com.au)

Submitted by angry tapir on Wednesday July 30, 2014 @08:07PM

angry tapir writes: The Internet domain name for a country doesn't belong to that country — nor to anyone, according to ICANN. Plaintiffs who successfully sued Iran, Syria and North Korea as sponsors of terrorism want to seize the three countries' ccTLDs (country code top-level domains) as part of financial judgments against them. The Internet Corporation for Assigned Names and Numbers, which oversees the Internet, says they can't do that because ccTLDs aren't even property.

Submission + - UK Government Report Recommends Ending Online Anonymity (techdirt.com)

Submitted by Anonymous Coward on Wednesday July 30, 2014 @05:28PM

An anonymous reader writes: Every so often, people who don't really understand the importance of anonymity or how it enables free speech (especially among marginalized people), think they have a brilliant idea: "just end real anonymity online." They don't seem to understand just how shortsighted such an idea is. It's one that stems from the privilege of being in power. And who knows that particular privilege better than members of the House of Lords in the UK — a group that is more or less defined by excess privilege? The Communications Committee of the House of Lords has now issued a report concerning "social media and criminal offenses" in which they basically recommend scrapping anonymity online.

Submission + - Woman arrested after posting photo of George Osborne at Dominatrix's flat (wordpress.com)

Submitted by Anonymous Coward on Wednesday July 30, 2014 @05:17PM

An anonymous reader writes: A woman was arrested today after posting a photograph on Twitter of chancellor George Osborne at her flat when she worked as a madame at an escort agency.

Then today Natalie was arrested by the police for “abusive behaviour”:

Natalie’s home was also searched last year by police after she tried to publish her memoirs in which she mentions Osborne took cocaine and used her services as a dominatrix called Miss Whiplash.

Submission + - Amazon's eBook Math (amazon.com)

Submitted by Anonymous Coward on Wednesday July 30, 2014 @04:53PM

An anonymous reader writes: Amazon has waged a constant battle with publishers over the price of ebooks. They've now publicly laid out their argument and the business math behind it. "We've quantified the price elasticity of e-books from repeated measurements across many titles. For every copy an e-book would sell at $14.99, it would sell 1.74 copies if priced at $9.99. So, for example, if customers would buy 100,000 copies of a particular e-book at $14.99, then customers would buy 174,000 copies of that same e-book at $9.99. Total revenue at $14.99 would be $1,499,000. Total revenue at $9.99 is $1,738,000." They argue that capping most ebooks at $9.99 would be better for everyone, with the money split out 35% to the author, 35% to the publisher, and 30% to Amazon. Author John Scalzi says Amazon's reasoning and assumptions are a bit suspect. He disagrees that "books are interchangable units of entertainment, each equally as salable as the next, and that pricing is the only thing consumers react to." Scalzi also points out that Amazon asserts itself as the only revenue stream for authors, which is not remotely true. "Amazon’s assumptions don’t include, for example, that publishers and authors might have a legitimate reason for not wanting the gulf between eBook and physical hardcover pricing to be so large that brick and mortar retailers suffer, narrowing the number of venues into which books can sell. Killing off Amazon’s competitors is good for Amazon; there’s rather less of an argument that it’s good for anyone else."

Submission + - The NSA Is Being Sued for Keeping Keith Alexander's Financial History Secret (vice.com)

Submitted by Daniel_Stuckey on Wednesday July 30, 2014 @04:08PM

Daniel_Stuckey writes: Now the NSA has yet another dilemma on its hands: Investigative journalist Jason Leopold is suing the agency for denying him the release of financial disclosure statements attributable to its former director. According to a report by Bloomberg , prospective clients of Alexander's, namely large banks, will be billed $1 million a month for his cyber-consulting services. Recode.net quipped that for an extra million, Alexander would show them the back door (state-installed spyware mechanisms) that the NSA put in consumer routers.

Submission + - Programmers: Why Haven't You Joined The ACM? (itworld.com) 1

Submitted by jfruh on Wednesday July 30, 2014 @04:07PM

jfruh writes: The Association for Computing Machinery is a storied professional group for computer programmers, but its membership hasn't grown in recent years to keep pace with the industry. Vint Cerf, who recently concluded his term as ACM president, asked developers what was keeping them from signing up. Their answers: paywalled content, lack of information relevant to non-academics, and code that wasn't freely available.

Submission + - Student Uses Oculus Rift and Kinect to Create Cool Body Swap Illusion (singularityhub.com)

Submitted by kkleiner on Wednesday July 30, 2014 @01:46PM

kkleiner writes: Using an Oculus Rift virtual reality headset, Microsoft Kinect, a camera, and a handful of electrical stimulators, a London student's virtual reality system is showing users what it's like to swap bodies. Looking down, they see someone else's arms and legs; looking out, it's someone else's point of view; and when they move their limbs, the body they see does the same (those electrical stimulators mildly shock muscles to force a friend to mirror the user's movements). It's an imperfect system, but a fascinating example of the power of virtual reality. What else might we use VR systems for? Perhaps they'll prove useful in training or therapeutic situations? Or what about with robots, which would be easier to inhabit and control than another human? The virtual body swap may never fully catch on, but generally, virtual reality will likely prove useful for more than just gaming and entertainment.

Submission + - Nintendo Posts Yet Another Loss, Despite Mario Kart 8 (businessinsider.com)

Submitted by redletterdave on Wednesday July 30, 2014 @01:43PM

redletterdave writes: Nintendo posted its third loss in four quarters on Wednesday. Even though Mario Kart 8, its big first-party game released in May, shipped more than 2.82 million copies by the end of June, the Mario-themed racing game was not enough to help Nintendo’s struggling Wii U console perform in this particular quarter. The company said it lost $97 million between March and June. Nintendo shipped 510,000 units of the Wii U in the June quarter, bringing the total to 6.68 million consoles sold — it’s a big jump from the 160,000 units it sold in the same quarter a year ago and a small improvement over the 310,000 units it sold in the March quarter. Still, the Wii U is still lagging behind the PlayStation 4 and Xbox One consoles, and Nintendo must also contend with mobile games available on Apple and Google’s app stores, which cost but a fraction of a Nintendo game.

Submission + - SpaceShipTwo flies again (nbcnews.com)

Submitted by schwit1 on Wednesday July 30, 2014 @09:20AM

schwit1 writes: The competition heats up: For the first time in six months SpaceShipTwo completed a test flight today.

The article above is from NBC, which also has a deal with Virgin Galactic to televise the first commercial flight. It is thus in their interest to promote the spacecraft and company. The following two sentences from the article however clearly confirm every rumor we have heard about the ship in the past year, that they needed to replace or completely refit the engine and that the resulting thrust might not be enough to get the ship to 100 kilometers or 62 miles:
In January, SpaceShipTwo blasted off for a powered test and sailed through a follow-up glide flight, but then it went into the shop for rocket refitting. It’s expected to go through a series of glide flights and powered flights that eventually rise beyond the boundary of outer space (50 miles or 100 kilometers in altitude, depending on who’s counting).

Hopefully this test flight indicates that they have installed the new engine and are now beginning flight tests with equipment that will actually get the ship into space.

Comment Good luck with that (Score 1) 317

by Zocalo on Wednesday July 30, 2014 @09:18AM (#47565173) Attached to: Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive

The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material.

So, the primary purpose of the CD system is ripping CDs is it? Not, for instance, listening to the radio, playing CDs, or even listening to the music I have previously ripped from CDs using the system AARC is complaining about? According to their argument that would have to be the case, even to the extent of ripping a CD and then only playing it back once, to meet the "primary purpose" claim. Or is the AARC expecting to convince a jury that owners of vehicles with these devices are ripping CDs onto a hard drive in a device that they will then probably need to dismantle in order to remove and attach the drive to some other system in order to play back the ripped music somewhere other than in the car?

AARC's greedy lawyers are greedy. Music (ripped in-car, naturally) at eleven!

Submission + - Black Hat Researchers Actively Trying to Deanonymize Tor Users (torproject.org)

Submitted by Anonymous Coward on Wednesday July 30, 2014 @08:42AM

An anonymous reader writes: Last week, we discussed news that a presentation had been canceled for the upcoming Black Hat security conference that involved the Tor Project. The researchers involved hadn't made much of an effort to disclose the vulnerability, and the Tor Project was scrambling to implement a fix. Now, the project says it's likely these researchers were actively attacking Tor users and trying to deanonymize them. "On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks. ...We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service." They also provide a technical description of the attack, and the steps they're taking to block such attacks in the future.

Slashdot Top Deals