Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug 46

Posted by Soulskill
from the nobody's-perfect dept.
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.

Comment: Re: What's wrong with a scroll wheel? (Score 1) 427

by Mal-2 (#48896375) Attached to: Ask Slashdot: Where Can You Get a Good 3-Button Mouse Today?

I have a mouse (the one currently at my right hand side) that is perfectly useful this way. I middle-click without any issues at all. I have another one -- also made by Logitech -- where the spring force of the click function significantly exceeds that of the scroll wheel's detents. The only way to middle-click reliably without scrolling is to reach forward and press down on the leading edge of the wheel, where it basically can't spin under the pressure. Luckily I only keep that one around as a backup. It also has a tendency to occasionally "spin out" and send the cursor (or viewpoint) flying around randomly for about 300 ms.

Comment: Re:Car analogy (Score 1) 145

by Mal-2 (#48896351) Attached to: NVIDIA Responds To GTX 970 Memory Bug

You'd be kinda foolish to only add one can at a time though. When you needed the last five, why not put all of it in at once? For that matter, why not have a single five-gallon can? It would certainly simplify refilling.

Of course, you'd still be well within your rights to complain about the misrepresentation of the fuel capacity.

Comment: Re:Paid sick leave (Score 1) 661

by Mal-2 (#48889037) Attached to: Should Disney Require Its Employees To Be Vaccinated?

The problem is that a lot of these diseases can spread before you see the symptoms. If you are a Disney worker and are spreading a vaccine-preventable disease without having any symptoms (yet), how are sick days helping?

The most obvious example of this would be polio. It has an incubation period of six weeks, during which the infected person is highly contagious. Stack a cold or flu on top of that so they're sneezing and rubbing a runny nose all day, and you have a full-blown outbreak from a single source.

If you stayed home for every cold or sniffle, you wouldn't have a job for very long – especially if you work in an environment with lots of children, such as teaching or day care. Also, the kids aren't going to be kept home for every little sniffle, because that would mean one of the parents (quite possibly the only direct parent) having to take time off work to do so.

Comment: Re:Slashdot stance on #gamergate (Score 1) 687

by Mal-2 (#48865143) Attached to: Doxing Victim Zoe Quinn Launches Online "Anti-harassment Task Force"

Do you have any evidence that people actually supporting GG were making those threats?

Ha ha, no. In fact, they like to post screencaps about doxxing and swatting from different boards on 8chan and claim those are from Gamergate. If you call them on their lies they claim all of 8chan is Gamergate, or they claim the other boards are Gamergate because they targeted people who were attacking Gamergate. They fail to mention that the people who were attacking Gamergate also attacked 8chan as a whole.

If you want proof of this, just visit /baphomet/ on 8chan. They're planning attacks in response to being attacked. They've doxxed the guy who led the campaign to get 8chan's domain suspended (which of course didn't work for very long). They flooded his "Rate Your Teacher" page with complaints, in a manner very similar to the flood of complaints (seven in a few hours, after two months of silence?) that got Internet.bs to pull the domain.

I'm not saying doxxing is justified. I'm saying they had very specific reasons to go after someone, and they had nothing to do with being pro- or anti-Gamergate. They did it because their home was attacked.

Comment: Re:Hello insurance fraud (Score 1) 199

by Mal-2 (#48847205) Attached to: Insurance Company Dongles Don't Offer Much Assurance Against Hacking

There's a problem with that scheme. The fake dongle says you got from point A to point B in much more time than it took, right? So what happens if, at point B, you're in an accident? The fake dongle won't sent the right data for that, at the right time, and probably witnesses and the other driver will also give the right time (esp. if the other driver has a real dongle).

Also, a car tends to sustain much more damage from a 60 mph impact than a 25 mph impact.

You don't adjust the arrival time at point B, you adjust the departure time from point A.

Comment: Re:And they may have. (Score 1) 257

by Mal-2 (#48831303) Attached to: Belgian Raid Kills 2, Said To Avert "Major Terrorist Attacks"

Why is everybody's first reaction here to go completely cynical?

I didn't. I proposed that if everything was done on the level, that they come out and show it to restore public faith. They probably won't, because even saying "we used legal tools -- see, here are our warrants" could have negative consequences for the Police State mentality, even if that mentality does not apply here.

Comment: And they may have. (Score 3, Interesting) 257

by Mal-2 (#48824737) Attached to: Belgian Raid Kills 2, Said To Avert "Major Terrorist Attacks"

They may have averted their own Charlie Hebdo event, but sadly, the credibility of both sides of the "War on Terror" has been shot to hell -- primarily because of the actions of government which they thought people would take lying down. Most of them have, but even if they aren't in the streets protesting, they'll still roll their eyes and say "yeah, right".

Let's assume for the moment that this is completely legitimate, and an opportunity for the authorities to win back some respect. If so, they should carry the ensuing trial(s) openly for all to see. "We used surveillance programs to detect X, Y, and Z and couldn't have done it without them because A, B, and C" is exactly the sort of rational argument we'd like to see. If it turns out they did it through traditionally acceptable (like warrants) means, this weakens the argument of being able to do an end run around such procedures. Obviously this would be unwelcome from an authoritarian perspective, but it might win back some trust from those of us who do respect the actions of legitimate and responsible investigators.

Comment: Hope it has GigE. (Score 4, Interesting) 180

by Mal-2 (#48814591) Attached to: Tiny Fanless Mini-PC Runs Linux Or Windows On Quad-core AMD SoC

I have an E-350 laptop, and although it has only two cores at 1.6 GHz, it can easily keep up with 1080p video. (Having maxed it out at 8 GB of RAM doesn't hurt.) The thing that tends to be an issue is WiFi bandwidth. If wired to the network (it has GigE) or if the file is copied to local storage first, it's fine. Otherwise, you're just asking for the darn thing to burp several times during your movie.

Even 100Mbps Ethernet (using some old three-pair cable already in the wall) can prove insufficient for pulling 1080p off the NAS box, if there's any kind of contention at all.

"Free markets select for winning solutions." -- Eric S. Raymond