Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - NetBIOS Design Allows Traffic Redirection (skullsecurity.org) 1

Submitted by iago-vL
iago-vL writes: Security researchers at SkullSecurity released research demonstrating how the NetBIOS protocol allows trivial hijacking due to its design; they have demonstrated this attack in a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed here. Although similar attacks exist against DHCP, ARP, and many other LAN-based protocols, and we all know that untrusted systems on a LAN means game over, NetBIOS poisoning is much quieter and less likely to break other things.
Linux

Submission + - Ubuntu Malware for DDoS Attack Found (digitizor.com)

Submitted by
An anonymous reader writes: Digitizor reports that a malware intended to perform a DDoS attack was found in a .deb file claiming to be a screensaver in Gnome-Looks. The said .deb file installs some scripts with elavated privileges and updates itself automatically. The screensaver has been removed from gnome-looks now.
Bug

Submission + - Dell Defect Turns 2.2GHz CPU into 100MHz CPU (chambana.net)

Submitted by jtavares2
jtavares2 writes: In what is being dubbed as Throttlegate, scours of users on many message boards have been complaining about inexplicably aggressive throttling policies on their Dell Latitude E6500 and E6400 laptops which cause its CPUs to be throttled to less than 5% of its theoretical maximum even while in room temperatures! In many cases, the issue can triggered just by playing a video or performing some other trivial, but CPU intensive, task. After being banned from the Dell Forums for revealing "non-public information", one user went so far as to write and publish a 59-page report explaining and diagnosing the throttling problem in incredible detail. Dell seems to be silent on the issue, but many users are hoping for a formal recall.

Comment Ahah. So that's who's doing it... (Score 1) 88

by rickb928 (#30246388) Attached to: Massive Badware Campaign Targets Google's "Long Tail"

But I just shrugged these off as random malware.

Blogs are going to be another morass of evil, because of so many that just regurgitate/copy/mimic each other, the insecurity problem, and the general lameness of nobody saying nothing.

And Google gets to look good on this, which is not really making me feel warm & fuzzy.

Submission + - Potential MS (multiple sclerosis) breakthrough

Submitted by dr-suess-fan
dr-suess-fan writes: CTV reports on doctor's discovery. From the Article:
"A group of doctors in Italy is investigating a fascinating new treatment for multiple sclerosis, based on a theory that, if proven true, could radically alter the lives of patients. An investigation by CTV's W5 reveals that this treatment appears to stop the disease from progressing. Patients seen in the documentary relate how, after the simple procedure, their MS symptoms suddenly stopped and, in some cases, they were able to resume normal lives."

Submission + - Reach out to an unhappy customer, get fired. (dustincurtis.com)

Submitted by thatseattleguy
thatseattleguy writes: It started with a blog post complaining about the poor user interface design of American Airlines website (including a suggested redesign). The poster didn't expect a response, but received a nice and detailed email from a UI guy there, explaining why it was often tricky to good design at large companies, due to all of the different interests — but says that good stuff is coming, even if it may take some time.

So, how did AA respond when they learned of this? It fired the guy.

http://techdirt.com/articles/20091106/0337536829.shtml
Idle

Submission + - Bomb-Proof Wallpaper Developed (inhabitat.com)

Submitted by MikeChino
MikeChino writes: Working in partnership with the U.S. Army Corp of Engineers, Berry Plastics has rolled out a new breed of bomb-proof wallpaper. Dubbed the X-Flex Blast Protection System, the wallpaper is so effective that a single layer can keep a wrecking ball from smashing through a brick wall, and a double layer can stop blunt objects (i.e. a flying 2×4) from knocking down drywall. According to its designers, covering an entire room takes less than an hour.
Security

Submission + - Suspected hackers arrested for Zbot/Zeus Trojan (sophos.com)

Submitted by Unexpof
Unexpof writes: According to a report by British security company Sophos, a man and a woman have been arrested in Manchester, England, by the Metropolitan Police in connection with the Zeus Trojan (also known as Zbot).

The Zbot Trojan, which steals bank account and social networking login details, creates a botnet of compromised computers. According to Sophos, the gang behind the Zbot attacks have used a wide variety of social engineering disguises to spread their malware — including posing as statements from the IRS or notifications that a server upgrade is about to take place.

The names of the two people arrested under the Computer Misuse Act 1990 and the 2006 Fraud Act have not been released, but it is known that the man is 20 years old.
Earth

Submission + - Engineered Bacteria Glows to Reveal Land Mines (inhabitat.com)

Submitted by MikeChino
MikeChino writes: Sifting through minefields to remove hidden threats is currently a dangerous, tedious, and expensive process, however scientists at the University of Edinburgh recently announced that they have engineered a strain of bacteria that glows green in the presence of explosives, making mine detection a snap. The new strain of bacteria can be sprayed onto local affected areas or air dropped over entire fields of mines. Within a few hours the bacteria strain begins to glow wherever traces of explosive chemicals are present.

Comment Re:Beyond absurd (Score 1) 1006

by GasparGMSwordsman (#30092520) Attached to: Software Piracy At the Workplace?

I believe this would be extortion not blackmail. Although, really, both are bad. You REALLY don't want to put your self in a position to be accused of either.

From a professional standpoint I would recommend staying away from any situation where you are making demands or threats to your boss. Such a situation will very rarely help you achieve your goals. More often it WILL damage your reputation, instead of being known as XYZ-good-thing, you will be remembered as the guy who threatened the company. Such extreme incidents have a habit of following you for years. It would be better to just leave than risk long-term damage to your reputation.

If you do want to change the situation, perhaps a less aggressive approach. Next time you are asked to install software product X, have the requester sign a statement that says they have acquired the proper license for this product (or product such a license). This removes the burden from yourself, it is reasonable. Lastly it has a subtle and non-hostile aspect of teaching others about licensing.

I would also recommend starting a license tracking system.

The basic idea here is that you don't want to assign blame. You DO want to move forward in a constructive and positive way, while still meeting your legal/moral standards. If your boss says that everything in use is ok, then don't press the point, but instead ensure that everything going forward can be documented as such.

As for the definition of blackmail, here are a couple of dictionary references (sorry no legal citations, but I am confidante that this would get you in trouble within the US Federal system.):

From dictionary.com

http://dictionary.reference.com/browse/blackmail?jss=0

blackmail /blækmel/

-noun

1. any payment extorted by intimidation, as by threats of injurious revelations or accusations.

2. the extortion of such payment: He confessed rather than suffer the dishonor of blackmail.

3. a tribute formerly exacted in the north of England and in Scotland by freebooting chiefs for protection from pillage.

-verb (used with object)

4. to extort money from (a person) by the use of threats.

5. to force or coerce into a particular action, statement, etc.: The strikers claimed they were blackmailed into signing the new contract.

Notice item number 5. To force or coerce into a particular action.

Another dictionary reference:

The crime involving a threat for purposes of compelling a person to do an act against his or her will, or for purposes of taking the person's money or property.

The term blackmail originally denoted a payment made by English persons residing along the border of Scotland to influential Scottish chieftains in exchange for protection from thieves and marauders.

In blackmail the threat might consist of physical injury to the threatened person or to someone loved by that person, or injury to a person's reputation. In some cases the victim is told that an illegal act he or she had previously committed will be exposed if the victim fails to comply with the demand.

Although blackmail is generally synonymous with extortion, some states distinguish the offenses by requiring that the former be in writing.

Blackmail is punishable by a fine, imprisonment, or both.

Notice paragraph 3. "In some cases the victim is told that an illegal act he or she had previously committed will be exposed if the victim fails to comply with the demand."

Comment Re:Add education (Score 1) 1006

by DavidTC (#30090694) Attached to: Software Piracy At the Workplace?

There is also the possibility to educate your manager/boss about the serious risk of using unlicensed software and the potential financial consequences. This would require you to risk getting really honest with him.

As someone said above, the BSA is sociopathic.

This is a very good reason to stay as far away from them as possible, and make sure all your licenses are good.

Which, incidentally, means using commercial software as little as possible, at least in my book. My company uses Windows (legal), Office (legal) and Adobe CS4 (legal), Nortons (legal).

And we use some 'free for any use' commercial software, like Skype. We don't use shareware unless we've already paid the license. I don't think we have any out there currently, but we've bought some in the past.

And that's about it for the commercial software, or in fact non-OSS software.

Seriously people, there are probably some good reasons for not going entirely OSS. Go ahead, get Windows, get Office, get AutoCAD or whatever, and make sure it's all legal.

But there aren't good reasons for not going mostly OSS. There's no good reason to use unregistered WinZip instead of 7-zip, or pirate Nero instead of InfraRecorder.

Submission + - FreeCreditReport.com Wins 1,017 Domains by UDRP (aliasencore.com)

Submitted by typosquatting
typosquatting writes: The National Arbitration Forum published a historic domain dispute decision late Thursday awarding 1,017 cybersquatting domain names to FreeCreditReport.com. The complaint was filed by ConsumerInfo.com, owner of FreeCreditReport.com, through a process called the Uniform Domain-Name Dispute-Resolution Policy (UDRP), and is believed to be the largest case in the ten years since the UDRP was first enacted. The disputed domain names were all slight misspellings of FreeCreditReport.com (such as ereecreditreport.com), or they included FreeCreditReport spelled correctly within a longer domain (such as 1-800-freecreditreport.com). The respondent in the case is a firm called Netcorp LLC which had previously lost one other UDRP case in 2005. Further complicating the case was a tussle over the perceived "generic" nature of the brand FreeCreditReport.com. Netcorp argued unsuccessfully that "the disputed domain names are comprised of common, descriptive terms and as such cannot be found to be confusingly similar to Complainant's mark." The full story is available here.

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close