Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission Summary: 0 pending, 5 declined, 5 accepted (10 total, 50.00% accepted)

Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Submission + - The upcoming Windows 8.1 apocalypse 2

arglebargle_xiv writes: As most people will have heard, Microsoft will end support for anyone who hasn't upgraded to Win8.1 Update 1 on May 8. What fewer people have heard is that large numbers of users can't install the 8.1 Update, with over a thousand messages in this one thread alone, and that's for tech geeks rather than home users who won't find out about this until their PC becomes orphaned on May 8. Check your Windows Update log, if you've got a "Failed" entry next to KB2919355 then your PC will also become orphaned after May 8.

Submission + - Windows 8.1 Update creates chaos for many users 1

arglebargle_xiv writes: Microsoft's Windows 8.1 Update has been creating chaos for many users, as demonstrated by threads running to six hundred and eight hundred messages respectively in Microsoft's support forums. Users report spending days trying to get it to work, with the Microsoft-recommend solution of using the Deployment Image Servicing and Management (DISM) tool fixing some failed updates, followed by more recent reports of it corrupting the Windows component store and requiring a complete reinstall of Windows. For users with OEM pre-installs, that means going out and buying a Windows 8.1 CD. Since no further updates are possible without the 8.1 Update, this now leaves large numbers of users of Microsoft's latest OS in the same boat as Windows XP users.

Submission + - Sophos A/V riddled with vulnerabilities (

arglebargle_xiv writes: Security researcher Tavis Ormandy has had a look at Sophos A/V and found that it'll actually make your system less secure after you install it:

The paper contains details about several vulnerabilities in the Sophos antivirus code responsible for parsing Visual Basic 6, PDF, CAB and RAR files. Some of these flaws can be attacked remotely and can result in the execution of arbitrary code on the system. Ormandy even included a proof-of-concept exploit for the PDF parsing vulnerability which he claims requires no user interaction, no authentication and can be easily transformed into a self-spreading worm.

The findings also include this gem:

Ormandy also found that a component called the 'Buffer Overflow Protection System' (BOPS) that's bundled with Sophos antivirus, disables the ASLR (address space layout randomization) exploit mitigation feature on all Windows versions that support it by default, including Vista and later.

Original paper here.


Submission + - Is Google targeting Firefox? 1

arglebargle_xiv writes: As of about two weeks ago, Google searches carried out from Firefox are returning meta redirects that require manually clicking through every search result in order to reach your target. In doing this Google is specifically targeting Firefox and no other browser (switching your user agent to anything other than Firefox gets rid of the problem). Presumably switching to Chrome would also resolve the issue. Could this targeting of Firefox be because it's Google's main competitor in the open-source browser market?

Submission + - (Possible) Diginotar hacker comes forward ( 1

arglebargle_xiv writes: At the risk of burning people out on the topic of PKI fail, someone claiming to be the Diginotar hacker has come forward to claim responsibility: It's the ComodoGate hacker. He also claims to 0wn four more "high-profile" CAs, and still has the ability to issue new rogue certificates, presumably from other CAs that he 0wns.

Submission + - Another CA issues false certificates to Iran (

arglebargle_xiv writes: Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate.

Submission + - The end of the end-to-end principle (

arglebargle_xiv writes: The Internet was designed around the end-to-end principle, which says that functionality should be provided by end hosts rather than in the network itself. A new study of the effect of vast numbers of middleboxes on the Internet indicates that this is no longer the case, since far too many devices on the Internet interfere with traffic in some way. This has serious implications for network (protocol) neutrality (as well as future IPv6 deployment) since only the particular variations of TCP that they know about will pass through them.

Submission + - 13-year-old password security bug fixed (

arglebargle_xiv writes: In a sign that many eyes don't really make (security) bugs shallow, a thirteen-year-old password-hashing bug that affects (at least) PHP, some Linux distros (Owl, ALT Linux, SUSE), and a variety of other apps has just been patched. This problem had been present in widely-used code since 1998 without anyone noticing it.

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel