Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Works for me (Score 1) 132

Manufacturers have long made custom versions of products for specific store chains, and not just TV sets. Pots and pans, clothing, furniture, most products are available to any store that's willing to pay for them. Some stores (like Walmart) have a specific price point, so the manufacturers produce a model without the chrome-plated knobs, the low contrast screens, and use only the cheapest cloned capacitors and dubious quality power supplies.

There's a lot of marketing power in it, too. Not only do they get to offer big TVs for ridiculously low prices, it's also safe to tout benefits like a "150% price match guarantee", when they have the exclusive contract to sell that exact model.

Comment Re:What's Unusual? (Score 1) 90

This new piece of malware shows sophistication of design, but that's not unheard of. Older malware was often customized by compile time switches and definitions; this just abstracts some of that away.

Many people (i.e. journalists and managers) think of malware authors as pimple-faced script kiddies hacking in their mothers' basements. They think that large, well-designed projects require teams of skilled developers who would only do so for a fat paycheck.

What's happened now is that vulnerabilities are so profitable that the threat landscape is no longer the exclusive domain of the single hacker - criminal gangs want a piece of it. They can afford to pay team salaries to engineer a solution.

And malware authors have learned to avoid the biggest risks of getting caught. In the old days a virus writer would also be the distributor. Modern authors get paid by selling their exploit code, along with customization and support contracts, to gangs of attackers. The attackers take on the risks, the developers collect fat checks. In some cases of vertical attacks (ATM skimmers for example), the "owner" of the malware uses cryptography to encrypt the skimmed data, preventing the low-level attackers from profiting from the stolen data. The profits go to the top first, and the paychecks cascade down (assuming honor among thieves.)

So what's newsworthy here is that they believe this malware to be further evidence of a new breed of well organized criminal software developers.

Comment Re:Awww (Score 3, Interesting) 93

Because neonicotinoids are among the safest overall pesticides that have ever been developed. They very effectively target insects, but have very minor effects on mammals. The LD50 of Safari is over 2000 mg/kg of body weight in rats. They're rated category III by the EPA, which means 'slightly toxic and/or slightly irritating.'

The big problem is with bees. Neonics are supposedly 150X more lethal to bees than to any other insect genera.

The EU has already banned neonics (possibly because population density is higher and bees may be more shared than in the US); the US is dragging their feet.

Comment Re:Translation : (Score 1) 93

Actually, they've known for several years that minute quantities of neonicotinoids cause bees to 'dance' incorrectly; where the dance no longer correctly directs other bees to their discovery of nectar. The loss of food may be partly responsible for Colony Collapse Disorder. It's not surprising that this would also lead to reduced pollination.

Comment Re:The thing about the "bombing ISIS positions"... (Score 1) 488

I can think of two plausible but simplistic explanations, there are no doubt more.

First, they may have been waiting for better timing. Once you drop a bomb on a building, the scum-lickers learn they've been exposed and will not return. So they want to bomb the building when it contains one or more high value targets. Knowing when a high value target is inside requires you to have an intel source observing the building (or the target) at the same time the target is in the building and you have assets in position to level it. That doesn't happen very often. But due to the attack they have to respond quickly, so they are sending a different message by killing a bunch of low value targets in a lot of locations.

The other simplistic explanation is intel gathering. Getting a spy into their organization is not easy. If you bomb a building, you are revealing to the enemy that at least one of the people who knows about the building is a spy; or that you have the capability of intercepting some kind of traffic. To preserve the secrecy of the ULTRA program that decrypted German Enigma traffic, Britain developed an elaborate process for destroying U-boats in WWII. They couldn't just fly to the location of the submarine and drop depth charges as that risked revealing the Allies ability to decrypt communications; instead, they scheduled weather-reporting planes to fly more missions in certain sectors; these weather planes would then "get lucky" and report the U-boat's position to the destroyers. Similarly, France may not want to reveal that they're triangulating cell traffic, or tapping certain phone lines, or monitoring PlayStation Call-Of-Duty chat rooms.

Either way, France is trading potential future intel gathering capabilities to send a message today that says "you are not invincible, you are not right, you are not just, you are only vermin to be exterminated." They can rebuild their intel network later.

Comment Re:if they really want revenge (Score 1) 488

Ignoring the restrictions is useful, but it provides the enemy with justification. "You say you live by this rule, but you ignore it. Therefore, we're every bit as good as you are, or you're every bit as bad as us."

Thus, black ops and deniability. Who knows; maybe Anonymous is so full of FBI moles that this is actually a government backed attack?

Comment Re:Barcode scanner = keyboard (Score 1) 79

The problem is that scanners support multiple communications protocols so they can be sold to a wide variety of clients, and the scanners' configurations can be changed via barcode without first asking for permission.

Your attacker can see that you're using a DS-6878 scanner with a USB cable, so he opens his phone's browser to this page of the manual, and displays the barcode to configure a North American keyboard. Once scanned, as far as Windows knows someone just plugged in a new USB HID Keyboard device. None of the old configuration settings matter any more, and your bulletproof application may not even be notified that its scanner has been hijacked.

He then scans a few more configuration codes so that he knows his codes will be properly effective, perhaps something like Send Barcodes with Unknown Characters (page 67), and finally a control sequence to open a URL to Pwnage ensues.

Comment Re:Use Windows 10 (Score 1) 197

One problem with this solution is there are still some Windows native apps that are pixel-based instead of percent or resolution based. We have a 15.6" laptop with a 3840x2160 screen, and have encountered a couple of apps that now display in impossible-to-use resolutions.

For example, QuickBooks displays a page of instructions in a tiny window that I can literally cover with my thumbnail. The minimize/restore/close icons at the upper right corner of each window are less than 1mm high, and very difficult for my wife to click on with the trackpad. Their official "fix"? Crank the resolution of the screen down to 1024x768, and learn Ctrl-F4 and Alt-F4! So because they don't know how to code, its their users' fault for buying a nice screen. If this was the only dumb-ass arrogant thing Intuit ever did, I could forgive them for not catching up to 2003 usability standards, but it's far from their first episode of "all you damn customers suck." I need a new bookkeeping package from someone who is not Intuit.

Comment Innocent? (Score 2, Interesting) 108

"this attack crosses the crucial line between research and endangering innocent users." Since many of the 'endangered users' were then charged with various crimes, are they innocent?

If a student doctor treats a patient with a gunshot wound, they are still obligated to report the wound to the police. Is the student not learning, and if so, is that materially any different than what the Tor researchers were doing? The gunshot victim may be innocent, or may have been taking part in a crime, but that doesn't change the doctor's obligation.

Or if a Law Enforcement student is participating in a community event and witnesses a crime, we don't raise a red flag if they apprehend the suspect.

The circumstances all seem pretty similar to me.

Comment How to tell if you may have MDM (Score 5, Informative) 123

On your iPhone, go into Settings / General, select Profile, then look at the profiles that have been added. A stock iPhone has none. If you have an ISP who adds a cert that allows you to connect to their hotspots, you may see that here. If you have installed your company's MDM, perhaps a product like AirWatch, that will show up here. If you see something you don't recognize, that's when you need to do some research.

Inside the profile you can view the certs it installed. A WiFi cert will list what it can do: be wary if it includes a proxy.

Comment Re:Which plugins does this version kill? (Score 1) 134

None of my plugins are dead, and my old add-ons appear to all be working, too. That's really important to me, because the only reason I use Firefox is for the value added by the add-ons, especially NoScript, Ghostery, PrivacyBadger, AdBlock, and FlashBlock. It seems like Mozilla has finally figured out how to stop changing the add-on API with every damn release, for which I am very grateful. I used to have to wait a long time to find out which of my old extensions would need upgrading before updating Firefox. Or I'd spend a day editing a handful of XPI files to change the supported version numbers, because the changes were never actually dependent on the app version. But it's all fixed now, so that makes me happy.

There's only one toolbar button you'll really want to get rid of, some stupid "share" button shaped like a paper airplane.

One piece of shit they've left in is the broken UI idea that tabs should be above the toolbars and bookmarks. Tabs represent windows and should be associated to the display window itself, not to the container. It's one of those usability factors that makes Chrome suck so bad, yet here comes Mozilla to copy someone else's stupidity. Sigh.

You know you've landed gear-up when it takes full power to taxi.