Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Android

One Billion Android Devices Open To Privilege Escalation 117

Posted by timothy from the that's-beeeeeellion dept.
msm1267 (2804139) writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks. Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.

The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said." Handily enough, the original paper is not paywalled.
Microsoft

They're Reading Your Mail: Microsoft's ToS, Windows 8 Leak, and Snooping 206

Posted by timothy from the learned-it-from-watching-the-nsa dept.
After the recent Windows 8 leak by recently arrrested then-Microsoft employee Alex Kibkalo, Microsoft has tweaked its privacy policies, but also defended reading the email of the French blogger to whom Kibkalo sent the software. "The blogger in question, who remains unidentified, happened to use Hotmail—the investigation began in 2012 before Hotmail's Outlook.com transition—as his primary email account. So as part of its investigation, Microsoft peeked into the blogger's email account to read that person's correspondence with Kibkalo. ... Microsoft says it was justified in searching the blogger's email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order." "The legal system wouldn't have let us" seems a strange argument to defend any act of snooping.
PHP

Facebook Introduces Hack: Statically Typed PHP 230

Posted by Unknown Lamer from the sml-and-php-fall-in-love dept.
alokmenghrajani (2602135) writes with news of Facebook's new Open Source language, Hack. Quoting: "Today we're releasing Hack, a programming language we developed for HHVM that interoperates seamlessly with PHP. Hack reconciles the fast development cycle of PHP with the discipline provided by static typing, while adding many features commonly found in other modern programming languages. ... Traditionally, dynamically typed languages allow for rapid development but sacrifice the ability to catch errors early and introspect code quickly, particularly on larger codebases. Conversely, statically typed languages provide more of a safety net, but often at the cost of quick iteration. We believed there had to be a sweet spot. ... Hack has deep roots in PHP. In fact, most PHP files are already valid Hack files. ... Our principal addition is static typing. We have developed a system to annotate function signatures and class members with type information; our type checking algorithm infers the rest. Type checking is incremental, such that even within a single file some code can be converted to Hack while the rest remains dynamically typed. ... If a function parameter or class member does not have an explicit type annotation, the type checker considers its type to be dynamic, and it does not check the type of that value." In addition to static typing, they've introduced proper closures that capture the lexical environment, generics, collections, and array shapes. The Hack website has more details. There's a fairly complete language manual, tools to infer types in PHP source and annotate the code, and source available under the PHP license.
Space

Earth Barely Dodged Solar Blast In 2012 202

Posted by Unknown Lamer from the close-call dept.
Rambo Tribble (1273454) writes "Coronal mass ejections, with severity comparable to the 1859 Carrington event, missed Earth by only 9 days in 2012, according to researchers. The Carrington event caused widespread damage to the telegraph system in the U.S., and a similar occurrence would be devastating to modern electronics, it is thought. From the Reuters article, 'Had it hit Earth, it probably would have been like the big one in 1859, but the effect today, with our modern technologies, would have been tremendous.' The potential global cost for such damage is pegged at $2.6 trillion."
Earth

It Was the Worst Industrial Disaster In US History, and We Learned Nothing 290

Posted by Soulskill from the par-for-the-course dept.
superboj writes "Forget Deepwater Horizon or Three Mile Island: The biggest industrial disaster in American history actually happened in 2008, when more than a billion gallons of coal sludge ran through the small town of Kingston, Tennessee. This story details how, five years later, nothing has been done to stop it happening again, thanks to energy industry lobbying, federal inaction, and secrecy imposed on Congress. 'It estimated that 140,000 pounds of arsenic had spilled into the Emory River, as well as huge quantities of mercury, aluminum and selenium. In fact, the single spill in Kingston released more chromium, lead, manganese, and nickel into the environment than the entire U.S. power industry spilled in 2007. ... Kingston, though, is by far the worst coal ash disaster that the industry has ever seen: 5.4 million cubic yards of coal ash, containing at least 10 known toxins, were spilled. In fact, the event ... was even bigger than the Deepwater Horizon oil spill in April 2010, which spewed approximately 1 million cubic yards of oil into the Gulf of Mexico."
Biotech

Overuse of Bioengineered Corn Gives Rise To Resistant Pests 259

Posted by Soulskill from the navigating-the-biotech-maize dept.
An anonymous reader writes "Though warned by scientists that overuse of a variety of corn engineered to be toxic to corn rootworms would eventually breed rootworms with resistance to its engineered toxicity, the agricultural industry went ahead and overused the corn anyway with little EPA intervention. The corn was planted in 1996. The first reports of rootworm resistance were officially documented in 2011, though agricultural scientists weren't allowed by seed companies to study the engineered corn until 2010. Now, a recent study has clearly shown how the rootworms have successfully adapted to the engineered corn. The corn's continued over-use is predicted, given current trends, and as resistance eventually spreads to the whole rootworm population, farmers will be forced to start using pesticides once more, thus negating the economic benefits of the engineered corn. 'Rootworm resistance was expected from the outset, but the Bt seed industry, seeking to maximize short-term profits, ignored outside scientists.'"
Security

Kaspersky: Mt. Gox Data Archive Contains Bitcoin-Stealing Malware 169

Posted by Unknown Lamer from the trusting-random-zip-files-considered-harmful dept.
itwbennett writes "An archive containing transaction records from Mt. Gox that was released on the Internet last week also contains bitcoin-stealing malware for Windows and Mac, say researchers at Kaspersky Lab who have analyzed the 620MB file called MtGox2014Leak.zip. The files masquerade as Windows and Mac versions of a custom, back-office application for accessing the transaction database of Mt. Gox. However, they are actually malware programs designed to search and steal Bitcoin wallet files from computers, Kaspersky security researcher Sergey Lozhkin said Friday in a blog post."
Science

Why Did New Zealand's Moas Go Extinct? 180

Posted by Unknown Lamer from the too-tasty-for-life dept.
sciencehabit writes "For millions of years, nine species of large, flightless birds known as moas (Dinornithiformes) thrived in New Zealand. Then, about 600 years ago, they abruptly went extinct. Their die-off coincided with the arrival of the first humans on the islands in the late 13th century, and scientists have long wondered what role hunting by Homo sapiens played in the moas' decline. Did we alone drive the giant birds over the brink, or were they already on their way out thanks to disease and volcanic eruptions? Now, a new genetic study of moa fossils points to humankind as the sole perpetrator of the birds' extinction. The study adds to an ongoing debate about whether past peoples lived and hunted animals in a sustainable manner or were largely to blame for the extermination of numerous species."
Earth

Paris Bans Half of All Cars On the Road 405

Posted by samzenpus from the to-drive-or-not-to-drive dept.
cartechboy writes "Pollution is becoming a very large issue in major cities due to the amount of vehicles on the road. To try and help this issue Paris just banned all vehicles on alternate odd and even license plates today and tomorrow. Of course, electric cars and hybrids are exempt from the new restrictions as they aren't part of the problem, rather they are seen as part of the solution. Naturally taxis, buses, emergency vehicles, and cars carrying three or more passengers (hooray for carpooling) are also exempt. High levels of particulate matter are blamed for all the various respiratory diseases, while higher oxides of nitrogen are a primary cause of smog. We'd have to say that this ban probably won't be the last one as traffic levels increase over time."
Ubuntu

Shuttleworth Wants To Get Rid of Proprietary Firmware 147

Posted by samzenpus from the change-your-ways dept.
jones_supa writes "In a new blog post, the Ubuntu main man Mark Shuttleworth calls for an end to proprietary firmwares such as ACPI. His reasoning is that running any firmware code on your phone, tablet, PC, TV, wifi router, washing machine, server, or the server running the cloud your SAAS app is running on, is a threat vector against you, and NSA's best friend. 'Arguing for ACPI on your next-generation device is arguing for a trojan horse of monumental proportions to be installed in your living room and in your data center. I've been to Troy, there is not much left.' As better solutions, Shuttleworth suggests delivering your innovative code directly to the upstream kernel, or using declarative firmware that describes hardware linkages and dependencies but doesn't include executable code."
Encryption

Aussie Attorney General's War On Encrypted Web Services 151

Posted by samzenpus from the no-code-for-you dept.
Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."
Education

Federal Student Aid Requirements At For-Profit Colleges Overhauled 295

Posted by samzenpus from the new-rules dept.
An anonymous reader writes "The U.S. Department of Education has released a proposal for new regulations that would hold colleges that receive federal student aid accountable for the employment success of their graduates. The overhaul is prompted by the fact that students from for-profit colleges account for nearly 50% of all loan defaults yet only account for about 13% of the total higher education population. '[O]f the for-profit gainful employment programs the Department could analyze and which could be affected by [the proposed regulations], the majority--72%--produced graduates who on average earned less than high school dropouts.'"
The Almighty Buck

The Billionaires Privatizing American Science 279

Posted by Soulskill from the easy-funding-in-four-words:-lab-rat-reality-show dept.
An anonymous reader writes "Government-funded science is struggling in the United States. With the unstable economy over the past decade and the growing hostility to science in popular rhetoric, basic research money is getting hard to find. Part of the gap is being filled by billionaire philanthropists. Steven Edwards of the American Association for the Advancement of Science says, 'For better or worse, the practice of science in the 21st century is becoming shaped less by national priorities or by peer-review groups and more by the particular preferences of individuals with huge amounts of money.' Vast amounts of research are now driven by names like Bill Gates, Michael Bloomberg, David Koch, and Eric Schmidt. While this helps in some ways, it can hurt in others. 'Many of the patrons, they say, are ignoring basic research — the kind that investigates the riddles of nature and has produced centuries of breakthroughs, even whole industries — for a jumble of popular, feel-good fields like environmental studies and space exploration. ... Fundamentally at stake, the critics say, is the social contract that cultivates science for the common good.'"
Science

Religion Is Good For Your Brain 529

Posted by timothy from the still-looking-for-a-nice-atheist-church dept.
Hugh Pickens DOT Com writes "Sheila M. Elred writes in Discovery Magazine that a recent study has found that people at risk of depression were much less vulnerable if they identified as religious. Brain MRIs revealed that religious participants had thicker brain cortices than those who weren't as religious. 'One of the worst killers of brain cells is stress,' says Dr. Majid Fotuhi. 'Stress causes high levels of cortisol, and cortisol is toxic to the hippocampus. One way to reduce stress is through prayer. When you're praying and in the zone you feel a peace of mind and tranquility.' The reports concluded that a thicker cortex associated with a high importance of religion or spirituality may confer resilience to the development of depressive illness in individuals at high familial risk for major depression. The social element of attending religious services has also been linked to healthy brains. 'There's something magical about socializing,' says Fotuhi. 'It releases endorphins in the brain. It's hard to know whether it's through religion or a gathering of friends, but it improves brain health in the long term.'" (Read more, below.)

Slashdot Top Deals

Don't panic.

Close