Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - How Does One Verify Hard Drive Firmware? 1

Submitted by Anonymous Coward
An anonymous reader writes "In light of recent revelations from Kaspersky Labs about the Equation Group and persistent hard drive malware, I was curious about how easy it might be to verify my own system's drives to see if they were infected. I have no real reason to think they would be, but I was dismayed by the total lack of tools to independently verify such a thing. For instance, Seagate's firmware download pages provide files with no external hash, something Linux distributions do for all of their packages. Neither do they seem to provide a utility to read off the current firmware from a drive and verify its integrity.

Are there any utilities to do such a thing? Why don't these companies provide such a thing to users? Has anyone compiled and posted a public list of known-good firmware hashes for the major hard drive vendors and models? This seems to be a critical hole in PC security.

I did contact Seagate support asking for hashes of their latest firmware; I got a response stating that '...If you download the firmware directly from our website there is no risk on the file be tampered with." [their phrasing, not mine]. Methinks somebody hasn't been keeping up with world events lately."

+ - Blu-Ray Players Hackable via Malicious Discs

Submitted by Anonymous Coward
An anonymous reader writes "Blu-Ray disc interactive features use Java and Stephen Tomkinson just posted a blog discussing research showing how using a specially created Blu-Ray discs it is possible to hack a couple of players. He hacked one Linux based network connected player to get root due to issues introduced by the vendor. Similarly he did the same thing against Windows Blu-Ray player software. He then combined both along with detection techniques into one disc.."

+ - 42 Artificial Intelligences Are Going Head to Head in 'Civilization V'

Submitted by rossgneumann
rossgneumann (3901661) writes "The r/Civ subreddit is currently hosting a fascinating "Battle Royale" in the strategy game Civilization V, pitting 42 of the game's built-in, computer-controlled players against each other for world domination. The match is being played on the largest Earth-shaped map the game is capable of, with both civilizations that were included in the retail version of the game and custom, player-created civilizations that were modded into it after release."

Comment: I fail to grasp how this achieves anything (Score 1) 126

by Lead Butthead (#49079957) Attached to: Patent Troll Wins $15.7M From Samsung By Claiming To Own Bluetooth

so you smash all their belongings. With their winning from the suit, they'll just buy new ones to replace the ones you smashed. Plus they get to have you charged with vandalism and sue you for damages. They get to have new things and make your life even more miserable, a total win-win for them.

+ - How "omnipotent" hackers tied to NSA hid for 14 years and were found at last-> 2

Submitted by Advocatus Diaboli
Advocatus Diaboli (1627651) writes "The money and time required to develop the Equation Group malware, the technological breakthroughs the operation accomplished, and the interdictions performed against targets leave little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project. The countries that were and weren't targeted, the ties to Stuxnet and Flame, and the Grok artifact found inside the Equation Group keylogger strongly support the theory the NSA or a related US agency is the responsible party, but so far Kaspersky has declined to name a culrit. NSA officials didn't respond to an e-mail seeking comment for this story. What is safe to say is that the unearthing of the Equation Group is a seminal finding in the fields of computer and national security, as important, or possibly more so, than the revelations about Stuxnet."
Link to Original Source

Comment: can we even trust the manufacturers anymore? (Score 1) 2

It worries me that drive manufacturers are in bed with these people. Either this group has experts in reverse engineering or the manufacturers are cutting these people custom firmware. With product life cycle under 18 months (and seems to be getting shorter all the time,) reverse engineering seem unlikely.

Simplicity does not precede complexity, but follows it.

Working...