Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Hot Potato exploit mashes old vulns to gain SYSTEM access on Windows (

mask.of.sanity writes: A researcher has strung together dusty unpatched Windows vulnerabilitiesto gain local system-level access on Windows versions up to 8.1 (GitHub). The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of elevating privileges on Windows for attackers that have managed to pop user machines.

Submission + - World's most complex PoS malware discovered, plunders millions from US (

mask.of.sanity writes: The world's most complex point of sales malware has been discovered having already ripped millions of bank cards from top household US national retailers and setting an entire sector on edge as the festival shopping bonanza ramps up. The ModPOS malware has pilfered "multiple millions" of debit and credit cards from the unnamed but large retail companies incurring millions of dollars in damages.

Submission + - New Android phones hijackable with Chrome exploit (

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.

Submission + - Security threat researchers face revenge of spy agencies (

mask.of.sanity writes: Researchers tasked with revealing malware attack campaigns are being harassed, locked out of tenders, and in some cases deported. The retaliation by the unnamed spy agencies is in direct response to the popular published advanced-persistent threat campaigns that have coloured information security reporting over recent years. More details from researcher Juan Andrés Guerrero-Saade are available in a paper (pdf).

Submission + - Inside Mandiant's biggest forensics breach battle: Is this Anthem? (

mask.of.sanity writes: Four researchers from American cybersecurity firm Mandiant have engaged in an eight-month epic battle against hackers behind one of the biggest breaches of this year.

The quartet is not saying who the victim is, nor identifying the attackers. However, it is at the level of, and very-well could be, health insurers Anthem or Premera hit earlier this year.

The breach investigation was so complex and massive that the forensics team tasked with battling the hackers say it is likely the most challenging in the firm's history. That is noteworthy in that the company is among America's most prominent forensics firms.

Submission + - Microsoft, Tesla, build smart, adaptable, long-life battery that predicts usage (

mask.of.sanity writes: Engineers from Microsoft, Tesla, and Columbia and Massachusetts universities have teamed up to develop what on paper looks like a revolution in consumer battery technology that meets demands for fast charge, long life, and the ability to bend. The "Software-Defined Battery" system allows different batteries with different chemistries to be integrated into the same system. Fast charging and the ability to work for longer by adapting to different tasks are the result of the blended battery plan. Read the PDF paper.

Submission + - iCloud celebrity hacker admin reveals RipSec, says 11,300 accounts raided (

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipShock using a photoshopped naked image of major TV star who offered access to her iCloud account.

Submission + - Inside the booming, unhinged, and dangerous malvertising menace (

mask.of.sanity writes: A feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim.

Submission + - High-heeled hacker builds pen-test kit into skyscraper shoes (

mask.of.sanity writes: A Chinese hardware hacker has created a penetration testing toolkit built into high-heeled shoes to help social engineers slip hacking tools into secure areas. The WiFi-popping platforms were forged in a 3D printer and contain spacing so that hacking hardware can be hidden to bypass strict security checks in place at datacentres and the like and later retrieved.

Original album source is somewhat NSFW.

Submission + - Microsoft drops out-of-band Internet Explorer fix for remote code executio hole (

mask.of.sanity writes: Microsoft has released an out-of-band patch for Internet Explorer versions seven to 11 that closes a dangerous remote code execution flaw allowing attackers to commandeer machines.

The attack will be a highly useful tool in hacker arsenals likely allowing them to build powerful phishing, watering hole, and malvertising campaigns. Windows 10 Edge browser is not impacted.

Submission + - Gazan medico team 3D-prints world-leading stethoscope for 30c (

mask.of.sanity writes: Tarek Loubani, an emergency physician working in the Gaza strip, has 3D-printed a 30 cent stethoscope that beats the world's best $200 equivalent as part of a project to bottom-out the cost of medical devices.

Loubani together with a team of medical and technology specialists designed the stethoscope and tested it against global standard benchmarks, finding it out performed the gold-standard Littmann Cardiology 3. They now intend to make a range of ultra-low cost medical devices for the developing world.

Submission + - Easy to exploit critical BIND DoS bug affects all DNS (

mask.of.sanity writes: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. Attackers can send a crafted DNS query packet to trigger a REQUIRE assertion failure, causing BIND to exit.

Slashdot Top Deals

Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins