Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Or... just hear me out here... (Score 1) 1197

I am fine with the given risk. Many places it's permited to play baseball. There is a risk of damaging windows, property and inflicting injury on anyone withing several hundred feet. The risk is low, and damnages are expected to be paid for anyone outside of the event. It's still allowed, not because it's safe, because the risk damange is low.

Comment Re:But is it "free software"? (Score 3, Interesting) 143

Of all the things that benefit from being free software, games aren't entirely gaining. A game with source code include all the "spoilers". Part of the magic of a new game is exploring, not drudging though code (an entirely different game). If there is anything given less criticism, let it be games. Sometime it's entertaining to be surprised. That is a games intended purpose, to entertain.

Comment Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 406

History lessons don't count today.
Today, or any time after about 1991, general encryption available to the public became unbreakable (PGP). Breaking older code happened because they where breakable. Today, this is not the case. To actually break todays code, no one can. They break the systems they run on. For anyone to continue as it was before is not to ask if one can break codes, it's to ask to break everyone's system. Intentionally crippling security is less security than is already available. Unfortunately our "enemies" can just not use our systems and we are to be left with crippled implementations. It is a disadvantage that doesn't support the goals stated.

Comment Please shame whomever it is (Score 3, Insightful) 141

Please don't hide whom it is that I might accidentally do business with. Nothing is going to change just sending them an email, they may even go after you for doing so. However you may stop others from being suckered when their poor security becomes everyone else's problem. It's not their problem, it's going to be everyone else's.

First assumption is that there isn't somewhere that'll get broken. Everywhere probably will get successfully attacked at some point. Use a password manager. At least this way, when somewhere is broken, I'm sure that it's the only place where that password is used.

Comment Re:Digital imitaing analog != Analog (Score 0) 155

That's not analog strictly speaking. That is a digital device imitating an analog display. Nothing wrong with that but it isn't the same thing. To be an analog device it has to operate on analog (continuous) signals. Digital devices by definition cannot do more than an approximation of a continuous signal. Possibly a very good approximation but an approximation nonetheless.

Everything is an approximation. Any real signal of any type will contain noise. Analog has a signal/noise ratio for a given design, while digital has the same. Changing a signal into ones and zeros does add noise, however so does everything else.

Submission + - Internet Explorer 0-day attacks on US nuke workers hit 9 other sites->

SternisheFan writes: Ars reports:

Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.

The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.

A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.

CrowdStrike researchers seemed to concur with their counterparts from Invincea, who—as Ars reported on Friday—said the attacks at least in part targeted people working on sensitive government programs. Malicious links embedded in the Department of Labor website focused on webpages that dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy. But they went on to say the campaign could be much broader.

"The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium," CrowdStrike said. "Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector."

Such "watering hole" attacks—which plant malware exploits on websites that are frequented by specific groups or people—have become a common technique in targeted attacks. Once compromised by the IE zero-day, computers are infected with a version of Poison Ivy, a backdoor tool that has been widely used in past espionage campaigns. The command-and-control servers used to communicate with infected machines show signs that they were set up by a Chinese hacking crew known as DeepPanda.

Microsoft confirmed the remote code-execution vulnerability on Friday night. Versions 6, 7, 9, and 10 of the browser are immune to these attacks, so anyone who can upgrade to one of the latest two versions should do so immediately or switch to a different browser. For anyone who absolutely can not move away from IE 8, company researchers recommend the following precautions:

Set Internet and local intranet security zone settings to "High" to block ActiveX

Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Users can also install EMET—short for Enhanced Mitigation Experience Toolkit—which adds a variety of exploit mitigations and security defenses and is especially useful for users of older versions of Windows, such as XP.

Technical details about the "use after free" bug are available here from Rapid7. The security firm has already folded attack code exploiting the vulnerability into the Metasploit framework used by security professionals and hackers. Researchers at FireEye have also delved into the exploit circulating online. They found it uses "return oriented programming," a technique used to defeat data-execution prevention and other exploit mitigations. The FireEye researchers said they also verified the exploit works against IE8 on Windows 7.

Microsoft's advisory on Friday said researchers were still investigating the vulnerability. When the inquiry concludes, they will decide whether to release an unscheduled update or provide a fix as part of the company's regular patching cycle. Story updated to add details from FireEye in second-to-last paragraph

Link to Original Source

Comment Re:Some are also destroyed/lost (Score 1) 438

Flash chips do not normally contain JTAG. The WRT54G and phones using ARM have TJAG in the processor. It's for recovery and debugging, allowing the processor to be stopped and manipulated from a computer. If the processor works, TJTAG and USB could be an option.

I would have to recommend against using JTAG. The cheap adapters cost something which is more than free included USB. It is also dog slow. My much older phone would take over 30hours to copy across JTAG with a speed of 256KBs. USB running at full speed still takes around 10min. Newer phones ship with Gigabytes worth of flash, making JTAG alone unreasonable.

Comment Re:Some are also destroyed/lost (Score 2) 438

As for your phone. If any part of the proccessor/usb still works you can copy out the flash. It works well for software bricks and could help if at least some of the hardware still works.
If you have to recover the flash by its self, jigs to do so are costly.
http://www.glassechidna.com.au/products/heimdall/

Comment How big is small office? (Score 1) 224

How many handsets and how far away to you make calls. For less than 5 handsets or mostly local calls, a simple, simple hardware pbx is still king. It's just not worth the trouble of setting up several thousand dollars worth of gear just to have options you're probably not going to use. Samsung and Tadaran make simple boxes that don't randomly crash or require hours and hours of setup and maintenance.
Voip starts to make sense when you need to have access to phones outside of the office. Asterisk does a good job of patching into any other PBX as a voicemail service and routing calls in/out to voip. Normal calls don't get dropped and VOIP is still a less reliable but still functioning option.
Voip only makes sense when there are many phone in many places with many changes. It's a up front cost of testing all network gear for working QOS. Routers, switches and you're ISP has to have working QOS. When you need everything to talk with everything else, there when you have many many handsets in many places, then worry about having open communications.
For small business though, simple hardware pbx with a few extra ports give options to open it up later.

Comment Re:Theft? (Score 1) 244

Without removing you in the process, how can you're identity be stolen. Stolen identity is surely possible while breaking a multitude of other laws. How is lying to the creditor, to receive illicit gains, not just fraud? If I tell the bank I'm the damn Queen of England, it surely isn't a problem for the Queen of England is it?

Comment Re:Ubuntu doesn't run on pre-USB boot systems anyw (Score 1) 488

Nope, Ubuntu is targeted heavily at desktop use, as such you're using the wrong time-frame.

Desktops don't do things by hours, they, and even the very very old ones work at times that are much faster than you. A desktop system works at 1/60 of a second. I push a button, I click a mouse, I wave at a camera. All of those things happen and then 1/60 of a second later the display get updated. Most of the time a desktop is usually doing nothing, nothing and nothing a 1/60 at a time. It takes much less shiny shit to fill a 1/60 than you think

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold

Working...