Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - MS Learned of IE Zero-Day Flaw Last September (wired.com)

N!NJA writes: Microsoft was aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies but did not patch the hole until Thursday.

The software giant had intended to release a patch for the flaw in February — more than four months after learning about it — but had to speed up that plan and role it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.

Meron Sellen, a security researcher at BugSec, an Israeli firm, quietly reported the vulnerability to Microsoft in September, according to security firm Kaspersky.


Submission + - NetBIOS Design Allows Traffic Redirection (skullsecurity.org) 1

iago-vL writes: Security researchers at SkullSecurity released research demonstrating how the NetBIOS protocol allows trivial hijacking due to its design; they have demonstrated this attack in a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed here. Although similar attacks exist against DHCP, ARP, and many other LAN-based protocols, and we all know that untrusted systems on a LAN means game over, NetBIOS poisoning is much quieter and less likely to break other things.

Submission + - Ubuntu Malware for DDoS Attack Found (digitizor.com)

An anonymous reader writes: Digitizor reports that a malware intended to perform a DDoS attack was found in a .deb file claiming to be a screensaver in Gnome-Looks. The said .deb file installs some scripts with elavated privileges and updates itself automatically. The screensaver has been removed from gnome-looks now.

Submission + - Bomb-Proof Wallpaper Developed (inhabitat.com)

MikeChino writes: Working in partnership with the U.S. Army Corp of Engineers, Berry Plastics has rolled out a new breed of bomb-proof wallpaper. Dubbed the X-Flex Blast Protection System, the wallpaper is so effective that a single layer can keep a wrecking ball from smashing through a brick wall, and a double layer can stop blunt objects (i.e. a flying 2×4) from knocking down drywall. According to its designers, covering an entire room takes less than an hour.

Submission + - Progress on $555 Billion Sahara Solar Energy Belt (inhabitat.com)

MikeChino writes: A big step has been made in what will be the world’s largest renewable energy project. While previously just a grand vision for the production of clean energy in the Saharan desert, the project now has a core group of backers and a signed agreement between 12 companies ready to move forward with the $555 billion solar energy belt. The DESERTEC Foundation vision is to install 100 GW of solar power throughout Northern Africa, with the goal of supplying 15% of Europe’s energy demand with clean renewable power.

Submission + - Bullet train for California (google.com)

marquinhocb writes: Gov. Arnold Schwarzenegger requested $4.7 billion in federal stimulus money Friday to help build an 800-mile bullet train system from San Diego to San Francisco.
      "We're traveling on our trains at the same speed as 100 years ago," the governor said. "That is inexcusable. America must catch up."
      Planners said the train would be able to travel from Los Angeles to San Francisco in two hours and 40 minutes, traveling at speeds of more than 200 miles per hour.

About damned time! There comes a point when "let's add another lane" is no longer a viable option!


Submission + - Asus Plans Dual-Display E-Reader (gearlog.com)

adeelarshad82 writes: Yet more confirmation has emerged that Asus plans its own e-book reader. An Asus representative in the U.K. appears to have confirmed this, with the additional details that there may be a value-priced as well as a premium version. Unlike current ebook readers, which take the form of a single flat screen, the Asus device has a hinged spine, like a printed book. This, in theory, enables its owner to read an ebook much like a normal book, using the touchscreen to "turn" the pages from one screen to the next.

Submission + - Defcon, Black Hat attendee finds more dodgy ATMs (computerworlduk.com) 1

An anonymous reader writes: As if it weren't enough that one bogus ATM was discovered collecting card details at the Riviera in Las Vegas where Black Hat and Defcon attendees were staying, one presenter suspects that ATMs at the Rio were compromised as well. Chris Paget tried to take out $200 and the machine never gave him the money despite debiting his account. At least five other people were affected. The hotel staff allowed the machines to keep running and threatened that Paget could be prosecuted for vandalism if he unplugged them. The Secret Service confirmed on Monday that they're investigating. It could be an inside job, or the machines may be infected with malware, as was found earlier this year in Eastern Europe.

Submission + - Intel explains future Core i7, i5, i3 branding (bit-tech.net)

mr_sifter writes: "Intel has spilled the beans on its future CPU naming, claiming to have acted in an effort to simplify things, but in effect, quite the opposite has happened. The Core 2 Duo and Quad brands will vanish and will be modified progressively after Lynnfield arrives with Core i3, i5 and i7 monikers. That's not to say Lynnfield equals Core i5 though. Instead, Lynnfield will span Core i5 and Core i7 brands and the choice of brand will vary between features (like HyperThreading) and processor performance."

Submission + - 16-year old solves the Bernoulli-sequence (www.dt.se) 6

IntMurr writes: "A swedish 16-year old student computes a closed formula for the Bernoulli-sequence after 4 months over his mathbooks. Now the university of Uppsala is checking ahis solutions for lacks and cracks, but he has already recieved an invitation for studies at the university, almost 3 years before a normal student start there. Personal at the mathematic faculty of Uppsala says "this is a very skillful proof". So far only links avaliable in Swedish."

Submission + - Data Breach Exposes RAF Staff to Blackmail (wired.com)

Yehuda writes:

Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others.
The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories — information the military needed to determine their security risk.
The recordings were stored on three unencrypted hard drives that disappeared last year.

The Courts

Submission + - Lawsuit says Google's Sale of Keywords is Illegal 1

Hugh Pickens writes: "Google encourages advertisers to purchase other companies' trademarks as targeted search terms and they're expanding the practice into 190 countries so when Audrey Spangenberg typed the name of her small software company, into Google and saw the ads of competitors that had paid Google to display their marketing messages whenever someone searched for FirePond, a registered trademark, she was furious. This week her company filed a class-action suit against Google in federal court in Texas, saying that Google had infringed on her company's trademark and challenged Google's policies on behalf of all trademark owners in the state. Legal experts said it was the first class-action suit against Google over the issue. Google's acceptance of such competitive uses of trademarks has irked many other companies, including the likes of American Airlines and Geico, which have filed suits against Google and settled them. Many brand owners say the practice abuses their brands, confuses customers and increases their cost of doing business. "I know of several companies spending millions of dollars a year in payments to Google to make sure that their company is the very first sponsored link" on searches for their own names, said Terrence Ross, a partner at Gibson Dunn, who represented American Airlines in its suit against Google. "It certainly smacks of a protection racket.""

Radioactive cats have 18 half-lives.