Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:So 64-bit ASLR on Windows is flawed as well... (Score 1) 223 223

The attacker used a memory corruption bug to overwrite the null terminator of a string. He then read that string, which kept going until it hit another null terminator (two consecutive 0 bytes). He read memory he wasn't supposed to have access to, which included pointers to a C++ object's member functions (vftable). With these pointers in hand, he has defeated ASLR, because he has information about the address space that he's not supposed to have.

This MS's fault for a memory corruption bug, but their ASLR implementation isn't broken (at least not by this attack).

Details if you're curious:

China Warns Google To Obey Or Leave 533 533

suraj.sun writes with this snippet from an Associated Press report: "China's top Internet regulator insisted Friday that Google must obey its laws or 'pay the consequences,' giving no sign of a possible compromise in their dispute over censorship and hacking. 'If you want to do something that disobeys Chinese law and regulations, you are unfriendly, you are irresponsible and you will have to pay the consequences,' Li Yizhong, the minister of Industry and Information Technology, said on the sidelines of China's annual legislature. ... 'Whether they leave or not is up to them,' Li said. 'But if they leave, China's Internet market is still going to develop.' ... Li insisted the government needs to censor Internet content to protect the rights of the country and its people. 'If there is information that harms stability or the people, of course we will have to block it,' he said."

Anti-Piracy Windows 7 Update Phones Home Quarterly 819 819

Lauren Weinstein sends in news of a major and disturbing Microsoft anti-piracy initiative called Windows Activation Technologies, or WAT. Here is Microsoft's blog post giving their perspective on what WAT is for. From Lauren's blog: "The release of Windows 7 'Update for Microsoft Windows (KB71033)' will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic 'phone home' operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days. ... These automatic queries will repeatedly — apparently for as long as Windows is installed — validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft). If your system matches — again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine — then your system will be 'downgraded' to 'non-genuine' status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. ... KB971033... is scheduled to deploy to the manual downloading 'Genuine Microsoft Software' site on February 16, and start pushing out automatically through the Windows Update environment on February 23. ... [F]or Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner — declaring their systems to be non-genuine and downgrading them at any time — is rather staggering." Update: 02/12 02:08 GMT by KD : Corrected the Microsoft Knowledge Base number to include a leading 9 that had been omitted in the pre-announcement, per L. Weinstein.

Nintendo Blocks Homebrew Installation 251 251

ElementC writes "Sometime yesterday Nintendo uploaded the latest Wii system update. This update quietly patches a few bugs that allowed the installation of both homebrew and warez apps. Currently installed apps such as the Homebrew Channel and the video DVD library, DVDX, are reportedly not affected. Those not installing this update are blocked out of the Wii Shop channel and in the future may be blocked out of certain games. Team Twiizers cracked the last update within about eight hours. They're already on the case. Readers familiar with the architecture of the Wii will find the list of currently discovered changes interesting."

Anarchy Online and Age of Conan Vulnerabilities Fixed 24 24

dachshund writes "The Baltimore Sun reports that security firm Independent Security Evaluators has disclosed vulnerabilities in the popular MMORPGs Age of Conan and Anarchy Online. The flaws (which have since been patched) allowed a malicious user to read files from and take control of another player's computer. The full details of the attack are available, including a video (hi-res MOV) showing how the targeted player's client can be crashed, and how an attacker can save and run scripts on the victim's computer."

+ - Verizon DSL Throttling Access to Skype?

Gabriel Landau writes: I've been trying to download Skype all weekend to talk to my friend in Prague from my home Verizon DSL connection. Every time I went to, the page took nearly forever to load, and the connection timed out before it loaded completely. Assuming their server was under heavy load all weekend, I came into work this morning and checked the site again; it loaded very quickly through my office T1 (non-Verizon). I just checked my home computer again, and the page still times out. Is Verizon intentionally throttling all traffic to Skype servers to force customers to use their own for-pay services? Is this behavior illegal and anti-competitive?

There are never any bugs you haven't found yet.