Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Ethics of Releasing Non-Malicious Linux Malware? 600

Posted by kdawson from the what-would-schneier-do dept.
buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"
Government

Scientists Decry "Horrifying" UK Border Test Plan 515

Posted by kdawson from the genetic-papers-please dept.
cremeglace writes "Scientists are dismayed and outraged at a new project by the UK border agency to test DNA, hair, and nails to determine the nationality of asylum seekers and help decide if they can enter the UK. 'Horrifying,' 'naive,' and 'flawed' are among the words geneticists and isotope specialists have used to describe the 'Human Provenance pilot project.' The methods being used to determine ancestry include fingerprinting of mitochondrial DNA and isotope analysis of hair and nails. ScienceInsider blog notes that it is 'not clear who is conducting the DNA and isotope analyses for the Border Agency,' and that the agency has not 'cited any scientific papers that validate its DNA and isotope methods.' There is also a followup post with more information on the tests that are being used, and some reactions from experts in genetic forensic analysis. This story was first reported in The Observer on Sunday."
First Person Shooters (Games)

Wolfenstein Being Recalled In Germany 625

Posted by Soulskill from the ach-mein-leben dept.
D1gital_Prob3 tips news that Activision's recently-released shooter, Wolfenstein, is being recalled in Germany due to the appearance of swastikas in the game. Such symbols are banned in Germany, and the German version of the game went through heavy editing to remove them. Apparently, they missed some. Activision said, "Although it is not a conspicuous element in the normal game ... we have decided to take this game immediately from the German market." Reader eldavojohn points out a review that has screenshot comparisons between the two versions of the game.
Communications

Illinois Bans Social Network Use By Sex Offenders 587

Posted by timothy from the good-feel-measure-vs.-bad-feel-felons dept.
RobotsDinner writes "Illinois Governor Pat Quinn has signed into law a bill that bans all registered sex offenders from using social networks. '"Obviously, the Internet has been more and more a mechanism for predators to reach out," said Sen. Bill Brady (R-Bloomington), a sponsor of the measure and a governor candidate. "The idea was, if the predator is supposed to be a registered sex offender, they should keep their Internet distance as well as their physical distance."'"
The Courts

Tenenbaum Lawyers Now Passing the Hat 388

Posted by timothy from the lawsuit-based-on-plot-of-the-producers dept.
NewYorkCountryLawyer writes "Just when you think this case couldn't get any stranger, it now appears that the defendant's 'legal team' in SONY BMG Music Entertainment v. Tenenbaum is passing the hat, taking up a collection. Only the reason for the collection isn't to defray costs and expenses of further defending the action, but to pay the RIAA the amount of the judgment so that their client won't have to declare bankruptcy. I would suggest there might have been a much better way of avoiding bankruptcy. It's called 'handling the case competently.'"

Comment Re:back in my day (Score 1) 785

by visionsofmcskill (#28904393) Attached to: School System Considers Jamming Students' Phones

Sorry man, your mostly wrong. I commend you and your accomplishments, and my own background reinforces that FORMAL eduction (getting a piece of ink on a piece of paper) is inherently meaningless.

HOWEVER, you and me do NOT a trend make. Just because X amount of people like us can kick massive booty in the real world without the benefit of a highscool diploma or a college one doesnt degrade the value thereof.

Statistically speaking, a high school diploma is a SIGNIFICANT variable on life expectancy, incarceration rates, income potential and every other metric you want to throw at it, even despite (some degree) of relative IQ. Your employment opportunities are severely limited for each level of academic accomplishment you cant proove, particularity in technical fields and more explicitly for the high school level. Indeed you become almost unemployable.

So while you can say graduating doesn't GARUNTEE success, youo cannot compare that with the likelihood of failure if you dont graduate. in the simplest form its simply a matter of risk management on the employers (and/or clients) side.

Not trying to rain on your parade, but i don't think anyone should be a cheerleader for NON-COMPLETION of scholastic advancement in our society no matter how successful they've managed to be. Should our society change so significantly as to measure a persons worth through other means... then fine. But in todays world it is an UNDENIABLE fact that your level of educational attainment has a very DIRECT cor-relation towards your quality of life and earnings potential.

see below for starters.
http://en.wikipedia.org/wiki/Affluence_in_the_United_States
http://en.wikipedia.org/wiki/Educational_attainment_in_the_United_States

average income of HS grad : 36k
average income of masters : 78k
average income MD / ESQ : 100k
average income doctorate : 96k

Average income NO high school degree : 22k

HUGE discrepancy.
Music

RIAA Awarded $675,000 In Tenenbaum Trial 492

Posted by Soulskill from the songs-apparently-cost-as-much-as-cars dept.
NewYorkCountryLawyer writes "The jury awarded the record company plaintiffs $675,000 in the Boston trial defended by Prof. Charles Nesson, SONY BMG Music Entertainment v. Tenenbaum. I was not surprised, since exactly none of the central issues ever even came up in this trial. The judge had instructed the jurors that Mr. Tenenbaum was liable, and that their only task was to come up with a verdict that was more than $22,500 and less than $4.5 million. According to the judge, her reason for doing so was that, when on the stand, the defendant was asked if he admitted liability, and he said 'yes.' The lawyers among you will know that that was a totally improper question, and that the Court should not have even allowed it, much less based her holding upon the answer to it."
Image

iPhone App Tracks Sex Offenders Screenshot-sm 358

Posted by samzenpus from the there's-a-sweaty-app-for-that dept.
The Narrative Fallacy writes "All 50 states in the US require the 50,000 people convicted of sexual offenses to sign a register so that their whereabouts can be tracked and monitored. The Telegraph reports that now users of the iPhone Offender Locator application can search for sex offenders living nearby a friend or colleague whose address is stored in their Apple iPhone address book, or they can type in a street address to generate a list of convicted sex offenders in the local area. 'Offender Locator gives everyone the ability to find out if registered sex offenders live in their area,' says the application developer, ThinAir Wireless, on its iTunes page. 'Knowledge equals safety. They know where you and your family are...now it's time to turn the tables so that you know where they live and can make better decisions about where to allow your kids to play.' Offender Locator uses the iPhone's built-in GPS to pinpoint the user's location, and then provide a map listing sex offenders in the local area. Tapping on one of the 'pins' dropped on to the map brings up a photograph of the offender, as well as their address, date of birth and list of convictions."
Medicine

Artificial Brain '10 Years Away' 539

Posted by samzenpus from the batteries-not-included dept.
SpuriousLogic writes "A detailed, functional artificial human brain can be built within the next 10 years, a leading scientist has claimed. Henry Markram, director of the Blue Brain Project, has already built elements of a rat brain. He told the TED global conference in Oxford that a synthetic human brain would be of particular use finding treatments for mental illnesses. Around two billion people are thought to suffer some kind of brain impairment, he said. 'It is not impossible to build a human brain and we can do it in 10 years,' he said."
Graphics

Small, High-Resolution LCD Monitors? 370

Posted by samzenpus from the making-the-best-use-of-space dept.
An anonymous reader writes "I'm a veteran user of an old 17" Dell Trinitron CRT monitor. I run it at 1400x1050 with an 80Hz refresh rate — about as high as it goes before it'll go out of the monitor's scan range. More recently I've been looking to finally upgrade to an LCD monitor but found that, for the most part, every 17" monitor on the market runs natively at 1280x1024, as does every 19" monitor — I have to go for a 20" to go higher. Now yes, I know I'm complaining about just 120 pixels horizontal and 26 pixels vertical, but my laptop's 15" display runs natively at 1400x1050. Is there any standalone monitor on the market that'll natively do higher than 1280x1024 without killing my desk space?"
Networking

European Union Asks US To Free ICANN 503

Posted by Soulskill from the icann-see-why dept.
An anonymous reader writes "Viviane Reding, Information Society Commissioner of the European Union, is calling for the United States to hand over control of ICANN (Internet Corporation For Assigned Names and Numbers). She said that the organization running ICANN needs be free of control by a single nation, and rather controlled by a private entity and governed by multiple nations. ICANN, headquartered in Marina Del Rey, California, was created in 1998 to oversee a number of Internet related tasks. Reding said, 'In the long run, it is not defendable that the government department of only one country has oversight of an internet function which is used by hundreds of millions of people in countries all over the world.'"
Software

Congress Endorses Open Source For Military 145

Posted by kdawson from the because-it's-better-that's-why dept.
A draft defense authorizing act in Congress includes wording plugging open source software. It seems both cost and software security were considerations. This is an important victory for open source. "It's rare to see a concept as technical as open-source software in a federal funding bill. But the House's proposed National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for military services to consider open-source software when procuring manned or unmanned aerial vehicles."
Image

Man Attempts To Cross English Channel With Jet Wing Screenshot-sm 175

Posted by samzenpus from the shorter-commute dept.
Back in May, we told you about Swiss pilot Yves Rossy and his personal jet powered wing. It seems Mr. Rossy will now try to cross the English Channel with his invention. The flight was planned for Sept. 25 but had to be canceled due to poor weather. Yves will leap from a plane more than 2,500 meters off the ground, fire up his jets and try to make the 35-kilometer flight from Calais in France to Dover in England. If all goes well, the flight will take about 12 minutes. I'd like to officially ask Mr. Rossy for a review model for Slashdot.

Comment Sites and others will move to SSL (Score 1) 292

by visionsofmcskill (#23668417) Attached to: Covert BT Phorm Trial Report Leaked
This sort of BS will cause standard non-commercial / login sites to all move to SSL.

redirect Http://youriste.com to https://yoursite.com/ before anything is served.

If anyone thinks any of the CPM ad networks or major sites will allow this for even an instant, your eye is not on the money.

If they use such tech for the less easily encrypted protocols... you'll find those as well slowly pushed into it.

Which leaves the ISP's with two options if they wish to pursue this, they can proxy everything their customers connect to and essentialyl monkey in the middle the whole affair (not possible due to sheer processing/bandwidth... yet)... or they may form an alliance with the ad networks (scarier more likely prospect).

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close