Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Cellphones

Google Adds Licensing Server DRM To Android Market 184

eldavojohn writes "According to AfterDawn, Google has given app makers the option to use a license server as DRM to ensure the user has paid for an app before they can download it. Reportedly, the Market app will communicate with a Google license server using RSA encryption. It is important to note this is only available for non-free apps (built with SDK 1.5 and later), and it was instituted to provide a better solution to the old and widely criticized copy protection scheme that was susceptible to Android app piracy (like sideloading). For better or for worse, Android's Marketplace appears to now have an optional, phone-home form of DRM." Following news of the new licensing service, Hexage Ltd, makers of a popular Android game called Radiant, released the data they had collected on piracy of Radiant over a 10-month period beginning last October. A series of charts shows total users, paid users and the piracy rate, by region.
Bug

MS Issues Emergency IE Security Update 114

WrongSizeGlass writes "CNET is reporting that Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. ... Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.'"
Firefox

Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release 140

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."
Bug

Windows Patch Leaves Many XP Users With Blue Screens 658

CWmike writes "Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."
Security

Entropy Problems For Linux In the Cloud 179

CalTrumpet writes "Our research group recently spoke at Black Hat USA on the topic of cloud computing security. One of the interesting outcomes of our research was the discovery that the combination of virtualization technologies and public system images results in a problem for random number generation on guest operating systems. This is especially true for Linux, since its PRNG uses only a small set of entropy-gathering events, and virtual Linux images often generate SSH host keys within seconds of their initial boot. The slides are available; the PRNG vulnerability material begins at slide 63."
Security

Bootkit Bypasses TrueCrypt Encryption 192

mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."
Security

New Linux Kernel Flaw Allows Null Pointer Exploits 391

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"
Books

Lose Your Amazon Account and Your Kindle Dies 419

Mike writes "If you buy a Kindle and some Kindle ebooks from Amazon, be careful of returning items. Amazon decided that one person had returned too many things, so they suspended his Amazon account, which meant that he could no longer buy any Kindle books, and any Kindle subscriptions he's paid for stop working. After some phone calls, Amazon granted him a one-time exception and reactivated his account again." Take this with as much salt as you'd like.
Books

Amazon Caves On Kindle 2 Text-To-Speech 370

On Wednesday we discussed news that the Authors Guild had objected to the text-to-speech function on Amazon's Kindle 2, claiming that it infringed on audio book copyright. Today, Amazon said that while the feature is legally sound, they would be willing to disable text-to-speech on a title-by-title basis at the rightsholder's request. "We have already begun to work on the technical changes required to give authors and publishers that choice. With this new level of control, publishers and authors will be able to decide for themselves whether it is in their commercial interests to leave text-to-speech enabled. We believe many will decide that it is."
Security

Xbox Live Players Targeted In Denial-of-Service Attacks 77

The BBC reports on a growing trend where some Xbox Live players are launching denial-of-service attacks against those who beat them or otherwise irritate them in games. Quoting: "'The smart thing about these Xbox tools is that they do not attack the Xbox Live network itself,' [Chris Boyd, director of malware research at Facetime Communications said.] He said the tools work by exploiting the way that the Xbox Live network is set up. Game consoles connecting to the Xbox network send data via the net, and for that it needs an IP address. Even better, said Mr Boyd, games played via Xbox Live are not hosted on private servers. The tools mean anyone with a few dollars can boot rivals off Xbox Live. 'Instead,' he said, 'a lot of games on Xbox Live are hosted by players.' ... For $20 (£13) some Xbox Live hackers will remotely access a customer's PC and set up the whole system so it can be run any time they need it. Some offer low rates to add compromised machines to a botnet and increase the amount of data flooding a particular IP address."
Networking

OpenDNS To Block and Monitor Conficker Worm 175

Linker3000 writes "According to The Register, OpenDNS plans to introduce an new service that will prevent PCs infected with the Conficker (aka Downadup) malware from contacting its control servers, and will also make it easy for admins to know if even a single machine under their control has been infected by Conficker: 'Starting Monday, any networks with PCs that try to connect to the Conficker addresses will be flagged on an admin's private statistics page. The service is available for free to both businesses and home users.' With the amount of trouble this worm has caused, perhaps this is a good time to take a look at OpenDNS if you haven't done so already."

A Gates Foundation Education Initiative Fizzles 459

theodp writes "Three years ago, Sarah-Palin-bogeyman William Ayers published a paper questioning the direction the small school movement was taking (PDF) with the involvement of would-be education reformers like the Bill and Melinda Gates Foundation. And now, after $2 billion in grants, Bill Gates concedes that in most cases his foundation's efforts in that area fell short. 'Many of the small schools that we invested in did not improve students' achievement in any significant way,' said Gates. Bill does cite High Tech High as one of the few success stories, but even there has to limit his atta-boys to the San Diego branch — the Gates-backed Silicon Valley High Tech High closed its doors abruptly due to financial woes (concerns about the sustainability of Gates-initiated small schools were voiced in 2005). Not surprisingly, some parents are upset about the capital that school districts wasted following Bill's lead."
Media

Microsoft Brings Back DRM 414

Barence writes "Microsoft yesterday unveiled its MSN Mobile Music service — and a surprise return to digital rights management (DRM). While companies such as Apple and Amazon have finally moved to music download services free of copy protection, MSN Mobile locks tracks to the mobile handset they are downloaded to. It also charges more than the other services per track, and offers no way to transfer your tracks to your new phone when you upgrade. The company's Head of Mobile UK spoke to PC Pro about the launch, but his answers are almost as baffling as the service itself. Best quote: Q: 'If I buy these songs on your service — and they're locked to my phone — what happens when I upgrade my phone in six months' time?' A: 'Well, I think you know the answer to that.'"
The Courts

Microsoft Knew About Xbox 360 Damaging Discs 583

Kelly writes "An unsealed document in a Washington lawsuit filed last week at Seattle, Microsoft was well aware that the Xbox 360 was prone to damaging game discs even before the console was introduced in November 2005. Microsoft had three solutions for solving the issue, but all three solutions were rejected due to technical concerns or on the basis of cost. Microsoft settled on a cost-free fourth solution: a warning was added to Xbox 360 manual, which essentially placed the blame on users instead of the hardware." The scratching-disks problem was mentioned a few years back, too. I wonder whether more people would prefer a slight discount on the price of a console to the ability to reorient it while a disk was playing inside.
Security

Oops! Missed One Fix — Windows Attacks Under Way 292

CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"

Slashdot Top Deals

It is much harder to find a job than to keep one.

Working...