Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Android

Many Android Users Susceptible To Plug-In Exploit -- And Many Of Them Have It 61

Ars Technica reports that a recently reported remote access vulnerability in Android is no longer just theoretical, but is being actively exploited. After more than 100,000 downloads of a scanning app from Check Point to evaluate users' risk from the attack, says Ars, In a blog post published today, Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable to the bug, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in.
Bug

Backwards S-Pen Can Permanently Damage Note 5 157

tlhIngan writes: Samsung recently released a new version of its popular Galaxy Note series phablet, the Note 5. However, it turns out that there is a huge design flaw in the design of its pen holder (which Samsung calls the S-pen). If you insert it backwards (pointy end out instead of in), it's possible for it get stuck damaging the S-pen detection features. While it may be possible to fix it (Ars Technica was able to, Android Police was not), there's also a chance that your pen is also stuck the wrong way in permanently as the mechanism that holds the pen in grabs the wrong end and doesn't let go.
Android

Android M's Official Name Is Marshmallow 92

An anonymous reader writes: As they've done in the past, Google has revealed the name for the upcoming version of Android with a new statue in front of its headquarters. Android's sixth version will be called Marshmallow. Dave Burke, Android's VP of engineering, unveiled the statue on Twitter. Google has also released the Android 6.0 SDK and the final M preview.
Mars

Donald Trump Thinks Going To Mars Would Be "Wonderful" But There Is a Catch 442

MarkWhittington writes: Donald Trump, the mercurial real estate tycoon and media personality who, much to the surprise of one and all, has become the front-runner for the Republican nomination for president opened his mind just a little about his attitude toward space exploration, according to a story in Forbes. In an answer to a question put to him about sending humans to Mars, the current focus at NASA, Trump said, "Honestly, I think it's wonderful; I want to rebuild our infrastructure first, ok? I think it's wonderful." In other words, dreams of going to Mars must take a back seat to more Earthly concerns. It is not an answer many space exploration supporters want to hear.
Android

Stagefright Patch Incomplete and Zero Day in Android Google Admin App Found 42

msm1267 writes: A patch distributed by Google for the infamous Stagefright vulnerability found in 950 million Android devices is incomplete and users remain exposed to simple attacks targeting the flaw. Researchers at Exodus Intelligence discovered the issue in one of the patches submitted by Zimperium zLabs researcher Joshua Drake. Google responded today by releasing a new patch to open source and promising to distribute it next month in a scheduled OTA update for Nexus devices and to its partners. Drake's original patch failed to account for an integer discrepancy between 32- and 64-bit, Exodus Intelligence said. By inputting a specific 64-bit value, researchers were able to bypass the patch. Exodus, which submitted a bug fix of its own to Google, said it decided to go public with its findings for several reasons, including the fact that the vulnerability was widely publicized by Zimperium before and during Black Hat, not to mention that Google has had the original bug report since April, yet neither party noticed the discrepancy in the patch. The Android security team at Google is having a busy month. Trailrunner7 writes: Researchers at MWR Labs have released information on an unpatched vulnerability that allows an attacker to bypass the Android sandbox.
Advertising

Will Ad Blockers Kill the Digital Media Industry? 519

HughPickens.com writes: Michael Rosenwald writes at the Columbia Journalism Review that global online ad revenue continues to rise, reaching nearly $180 billion last year. But analysts say the rise of ad blocking threatens the entire industry—the free sites that rely exclusively on ads, as well as the paywalled outlets that rely on ads to compensate for the vast majority of internet users who refuse to pay for news. A new report from Adobe and one of several startups helping publishers fight ad blocking shows that 198 million people globally are now blocking ads, up 41 percent from 2014. In the US, ad blocking grew 48 percent from last year, to 45 million users. "Taken together, ad blockers are hitting publishers in their digital guts," writes Rosenwald. "Adobe says that $21.8 billion in global ad revenue will be blocked this year."

Publishers have been banking on the growth of mobile, where the ad blocking plugins either don't work or are cumbersome to install. A Wells Fargo analyst wrote in a report on ad blocking that "the mobile migration should thwart some of the growth" of ad blockers. But Apple recently revealed that its new operating system scheduled for release this fall will allow ad blocking on Safari. Apple is trying to pull iPhone and iPad users off the web. It wants you to read, watch, search, and listen in its Apple-certified walled gardens known as apps. It makes apps, it approves apps, and it profits from apps. But, for its plan to work, the company will need those entertainers and publishers to funnel their content to where Apple wants it to be. As the company makes strategic moves to devalue the web in favor of apps, those content creators dependent on ads to stay afloat may be forced to play along with Apple. Adblock Plus has released a browser for mobile Android devices that blocks ads, and it's planning to release a similar product for Apple devices. "The desire to figure out how to bring ad blocking to mobile consumers is a worldwide phenomenon," says Roi Carthy Ad blocking, he says, "is an inalienable right."
Windows

Microsoft Releases Windows 10 IoT Core For Small, Embedded Devices 123

An anonymous reader writes: One of the more interesting aspects of Microsoft's Windows 10 push is their desire to see it running on hobbyist hardware platforms. Today they released Windows 10 IoT Core for the Raspberry Pi 2 and the MinnowBoard Max. They say, "Windows 10 IoT Core is a new edition for Windows targeted towards small, embedded devices that may or may not have screens. For devices with screens, Windows 10 IoT Core does not have a Windows shell experience; instead you can write a Universal Windows app that is the interface and "personality" for your device." Microsoft has posted a list of release notes for this version, calling out improved support for Python and Node.js, significantly improved GPIO performance, and more electronics support for breakout boards. Under a heading cheekily named 'Developers, Developer, Developers,' they lay out their plan for language support and provide a code sample.
Security

Severe Deserialization Vulnerabilities Found In Android, 3rd Party Android SDKs 105

An anonymous reader writes: Closely behind the discoveries of the Stagefright flaw, the hole in Android's mediaserver service that can put devices into a coma, and the Certifi-gate bug, comes that of an Android serialization vulnerability that affects Android versions 4.3 to 5.1 (i.e. over 55 percent of all Android phones). The bug (CVE-2015-3825), discovered by IBM's X-Force Application Security Research Team in the OpenSSLX509Certificate class in the Android platform, can be used to turn malicious apps with no privileges into "super" apps that will allow cyber attackers to thoroughly "own" the victim's device. In-depth technical details about the vulnerabilities are available in this paper the researchers are set to present at USENIX WOOT '15.
Android

Certifi-gate: Another Huge Android Vulnerability 69

An anonymous reader writes: Security research firm Check Point has released information about a new vulnerability called Certifi-gate, which they say compromises the security of hundreds of millions of Android devices. The flaw exists within the mobile Remote Support Tools, which are intended to enable screen sharing and simulated taps for tech support purposes. Unfortunately, the way mRSTs validate the remote operator is easy to exploit. Because the software is designed to allow both monitoring of a device's screen and simulated input, the potential for misuse is quite serious. The flaw was disclosed to manufacturers a month ago. HTC, for one, has confirmed it is already starting to roll out a fix.
Android

Zimperium Releases Stagefright Detection Tool and Vulnerability Demo Video 54

Mark Wilson writes: We've already looked at the Stagefright vulnerability, discovered by Zimperium, and shown what can be done to deal with it. Affecting up to 95 percent of Android devices, the vulnerability has led to Google and Samsung announcing monthly security updates. Now the mobile security company has released additional details about how the exploit works. To help explain the vulnerability, a video has been produced which uses a Stagefright demonstration to illustrate it in action. Zimperium has also released an Android app that checks devices for the vulnerability.
Businesses

Counterterrorism Expert: It's Time To Give Companies Offensive Cybercapabilities 220

itwbennett writes: Juan Zarate, the former deputy national security advisor for counterterrorism during President George W. Bush's administration says the U.S. government should should consider allowing businesses to develop 'tailored hack-back capabilities,' deputizing them to strike back against cyberattackers. The government could issue cyberwarrants, giving a private company license 'to protect its system, to go and destroy data that's been stolen or maybe even something more aggressive,' Zarate said Monday at a forum on economic and cyberespionage hosted by think tank the Hudson Institute.
Security

Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters 119

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammell Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammell teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.
Bitcoin

Japanese Police Arrest Mount Gox CEO Mark Karpeles 104

McGruber writes with the news as carried (paywalled) by the Wall Street Journal that Mark Karpeles, who headed bitcoin exchange Mt. Gox, has been arrested by Japanese police: In February 2014, Mount Gox filed for bankruptcy, saying it had lost 750,000 of its customers' bitcoins as well as 100,000 of its own, worth some $500 million at the time. A police spokesman said Mr. Karpelès is suspected of manipulating his own account at the company by making it appear that $1 million was added to it. The BBC reports the arrest as well, and notes that the coins missing from Mt. Gox represent 7% of all Bitcoins in circulation.

"You need tender loving care once a week - so that I can slap you into shape." - Ellyn Mustard

Working...