Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment I bet they knew but didn't understand (Score 5, Interesting) 334

I'd be prepared to put money on Sony losing this case. I'm sure we've all seen this sort of thing before. Media Max will have warned Sony that the approach had problems, they will have a mail chain demonstrating that, but Sony's management will have bullishly insisted on the security features it offered while ignoring or not bothering to understand the warnings it contained about the risks. What are the chances even their own technical advisors internally warned against it?

Submission Worst Person <-> Job Matches

An anonymous reader writes: Not much of an IT link but with Tony Blair becoming a Middle East peace envoy today it got me thinking about worst possible person and job combinations. Here is a few to start with:

Tony Blair -> Middle East peace envoy
Martha Stewart -> Accountant
George Bush -> Pretzel Salesman (or is this a best match?)
The Spice Girls -> Musicians

But I'm sure you could all do better?
Hardware Hacking

Submission Flaws in Arm and XScale (maybe PowerPC too)->

V4Vendetta writes: "Barnaby Jack developed a method for exploiting certain NULL pointer dereferences on the ARM and XScale architectures (and likely PowerPC).

In general, NULL pointer dereference flaws are considered non-exploitable. On the XScale and ARM architectures the memory address 0 is mapped, and also holds the exception vector table. The exception vector table is a set of branch instructions that correspond to different exceptions, such as software and hardware interrupts. When a case arises that writes to the 0 address with user-defined source data, it is possible to gain execution control by rewriting the exception table.

This method affects a lot of devices since most mobile phones and PDA are ARM based (iPhone?), and high-end routers often use the XScale architecture. The PowerPC architecture (used by Nintendo Wii, XBox360 and Playstation 3) also stores the vector table at a low address, and is likely vulnerable to this same attack.

This attack is more reliable than a remote stack overflow, due to the fact that no offsets are required. You will always be writing to address 0. The only data needed by an attacker is a copy of the vector table, which can be acquired by downloading and reversing the targets firmware.

Let me quote Barnaby: "As embedded exploitation is still in its infancy, I don't foresee a worm in the very near future — but yes, if a worm was targeting embedded devices, this would be a reliable attack vector.""

Link to Original Source

Submission The bare facts about naked telecommuting

Anonymous Coward writes: "We've all heard the jokes about what our colleagues who work from home are wearing — or not. For Tom Mulhall, though, telecommuting naked is no joke. Rather, it's good business. The owner of The Terra Cotta Inn clothing-optional resort and spa in Palm Springs, Calif., says 80% of his guests bring laptops and work nude poolside. He also talks about where guests stash their BlackBerries and offers advice to those looking to give naked telecommuting a whirl. http://www.networkworld.com/news/2007/012607-bare- facts.html"

Submission Will America Run on Caffeinated Doughnuts?

theodp writes: "Just like Martin Luther King, molecular biologist Robert Bohannon had a dream. And thanks to his hard work, geeks and cops alike will soon be able to partake in doughnuts laced with caffeine. The challenge was overcoming the bitter taste of coffee beans ground up in the donuts. But Bohannon persevered, and has managed to infuse the Buzz Donut with a Red Bull-caliber dose of caffeine without sacrificing taste (or fats and sugars!)."

Apple Sets Tune for Pricing of Song Downloads 396

PygmySurfer writes "Apple Computer on Monday revealed it had renewed contracts with the four largest record companies to sell songs through its iTunes digital store at 99 cents each. The agreements came after months of bargaining, and were a defeat for music companies that had been pushing for a variable pricing model."

Firefox Extension Guide and More 206

Anonymous Coward writes "A comprehensive list of Firefox extensions geared for the average power user and web developer includes description and screenshots of featured extensions. Plus Firefox Hacks and keyboard command guide. Always updated with the latest Firefox extensions, and tweaks."

PBS To Air Six New Monty Python Specials 219

Freshly Exhumed wrote to mention a PBS release with good news for BritCom Fans. The Public Broadcasting Service is planning to air six new Monty Python specials. From the article: "Each of the exclusive-to-PBS six one-hour programs will focus on one member of the original Monty Python troupe - Graham Chapman, John Cleese, Eric Idle, Terry Gilliam, Michael Palin and Terry Jones - and showcase favorite clips from the group's television series and movies, mixed with new footage. The five living Pythons - Cleese, Idle, Gilliam, Palin and Jones - will each produce and write their own episode, with the five collaborating on a sixth special to honor deceased member Chapman."

If entropy is increasing, where is it coming from?