Hugh Pickens DOT Com writes "Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"
Sign up for the Slashdot Daily Newsletter! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. ×
First time accepted submitter Rozanne writes "The new issue of Stanford Medicine magazine has a story on Stanford professor Drew Endy's creation of microscopic computers out of biological components for use inside living cells. His work is a mash-up of molecular biology and computer engineering: Instead of a computer made of silicon, metal and plastic, it's a computer made of DNA, RNA and enzymes. Endy says biologists are typically confounded at first when he explains how the computers work and how they could be used."
Xmas2003 writes "Timothy asked yesterday what /.'ers are doing for Halloween and said "Maybe one year Alek Komarnitsky will switch to Hallowe'en instead of Christmas, and offer a webcam-equipped remote-controllable haunt." Turns out he actually has been doing that since 2005 ... and his Controllable Halloween Decorations allow you to turn 10,000 lights ON & OFF plus inflate/deflate the giant Frankenstein, Pumpkins, Grim Reaper, Skull, Headless Horseman, SpongeBob SquarePants, and Homer Simpson."
An anonymous reader writes "For the second year in a row, the number of self-published ebooks with the word zombie in their title has doubled. The annual check is performed on Halloween in Amazon's Kindle Store, and this year discovers 8,052 ebooks (with titles like 'Jesus Camp Zombie Bloodbath' and 'Never Slow Dance with a Zombie...') — more than 12 times the number that appear in the Library of Congress. 71-year-old literary author Joyce Carol Oates — twice nominated for a Pulitzer Prize — also named her 2009 novel about a serial killer 'Zombie (P.S.'", but most of the titles in the Kindle Store 'aren't as ambitious,' notes this article, which still applauds the self-published authors and their 'massive outpouring of new creativity, as people all around the globe start wondering what's going to happen in their own imaginary zombie scenarios...'"
wjcofkc writes "The United States Government has officially called in the calvary over the problems with Healthcare.gov. Tech titans Oracle, Red Hat and Google have been tapped to join the effort to fix the website that went live a month ago, only to quickly roll over and die. While a tech surge of engineers to fix such a complex problem is arguably not the greatest idea, if you're going to do so, you might as well bring in the big guns. The question is: can they make the end of November deadline?"
An anonymous reader writes "I've recently moved continents, and one of the things I've noticed is the lack of the latest technology, as well as high prices for books and other goods here in Australia. I'm looking at package redirection services from the US, and there's a bewildering array of offerings, at a wide range of prices. What should I look out for? I'm hoping to reduce overall shipping costs to, but obviously worried about costs to deliver mostly empty boxes (yes, I'm talking about you, Amazon), damage to electrical goods from rough handling, packages going missing (does everything have to be registered post or tracked?), import duties (I'm not buying anything that should attract import duty, but still...) and overall costs (I'm not going to be buying frequently, just occasionally). What have other slashdot readers used, and what would they recommend?"
szotz writes "Keeping up the pace of Moore's Law is hard, but you wouldn't know it from the way chipmakers name their technology. The semiconductor industry's names for chip generations (Intel's 22nm, TSMC's 28nm, etc) have very little to do with actual physical sizes, says IEEE Spectrum. And the disconnect is only getting bigger. For the first time, the "pay us to make your chip" foundries are offering a new process (with a smaller-sounding name) that will produce chips that are no denser than their forbears. The move is not a popular one."
itwbennett writes "This brings to mind an earlier Slashdot discussion about whether we've hit the limit on screen resolution improvements on handheld devices. But this time, the question revolves around ever-faster graphics processing units (GPUs) and the resolution limits of desktop monitors. ITworld's Andy Patrizio frames the problem like this: 'Desktop monitors (I'm not talking laptops except for the high-end laptops) tend to vary in size from 20 to 24 inches for mainstream/standard monitors, and 27 to 30 inches for the high end. One thing they all have in common is the resolution. They have pretty much standardized on 1920x1080. That's because 1920x1080 is the resolution for HDTV, and it fits 20 to 24-inch monitors well. Here's the thing: at that resolution, these new GPUs are so powerful you get no major, appreciable gain over the older generation.' Or as Chris Angelini, editorial director for Tom's Hardware Guide, put it, 'The current high-end of GPUs gives you as much as you'd need for an enjoyable experience. Beyond that and it's not like you will get nothing, it's just that you will notice less benefit.'"
An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.
An anonymous reader writes "You thought Halloween was for treats. Not this time. Panasonic announced to its investors today that its plasma TV business would be over by the end of March 2014." Blacker blacks and brighter whites aside, there are some good reasons for the shift.
First time accepted submitter taxtropel was one of many readers to note that Google has officially released its newest version of Android. taxtropel extracts from the announcement: "Today we are announcing Android 4.4 KitKat, a new version of Android that brings great new features for users and developers. The very first device to run Android 4.4 is the new Nexus 5, available today on Google Play, and coming soon to other retail outlets. We'll also be rolling out the Android 4.4 update worldwide in the next few weeks to all Nexus 4, Nexus 7, and Nexus 10 devices, as well as the Samsung Galaxy S4 and HTC One Google Play Edition devices." Reader SmartAboutThings adds: "Almost all of the features that the Nexus 5 comes with are not a surprise, since they were heavily leaked before. Still, for those that have obediently waited this day, here are some of its most important specs: 2.2Ghz quad-core Snapdragon 800 and 2GB of RAM, 4.95-inch 1080p display, Wireless charging, 2,300 mAh battery, LTE, Bluetooth 4.0, 802.11ac WiFi and NFC; Gorilla Glass 3, Front 1.3-megapixel camera and 8-megapixel sensor on the back with optical image stabilization (OIS)."
Stay Awhile and Listen. He's joined by Dave Brevik and Max Schaefer, two of the co-founders of Blizzard North. They talk about some of the ways in which making video games was different back in the early '90s -- and the ways it's similar to making games today. They also discuss the importance of having lively debates, and how one of those arguments led to Diablo being a real-time action game, instead of being turn-based. (This is the first half of an extended interview -- part 2 will be available on Monday.
An anonymous reader writes "Google today announced Chrome is getting an automatic download blocking feature for malware. Google has already added the new functionality to the latest build of Chrome Canary. All versions of Chrome will soon automatically block downloads and let you know in a message at the bottom of your screen. You will be able to "Dismiss" the message, although it's not clear if you will be able to stop or revert the block."
Many of today's adult video gamers grew up with a gaming industry that was still trying to figure itself out. In the early-to-mid 1990s, most of the gaming genres we're familiar with today were still indistinct, half-formed concepts waiting for that one game necessary to define them. Thus, many players sat up and took notice when a relatively unknown company named Blizzard managed to exemplify not one, but two separate types of game in quick succession. Warcraft: Orcs and Humans put real-time strategy on the map, and Diablo set the standard for action RPGs. The two games immediately elevated Blizzard to the top of the industry, and many gamers wondered how one studio could put out two games like these so quickly. As it turns out, it wasn't one studio; it was a blending of two very different but extremely creative groups who had a passion for making video games. In Stay Awhile and Listen, author David Craddock lays out the history of the two groups, from how they first got into the gaming business to their eventual success launching now-legendary games. Read on for our review of the book.
First time accepted submitter calinduca writes "Artificial blood that could one day be used in humans without side effects has been created by scientists in Romania. The blood contains water and salts along with a protein known as hemerythrin which is extracted from sea worms. Researchers from Babe-Bolyai University in Cluj-Napoca, Romania, hope it could help end blood supply shortages and prevent infections through donations." Wikipedia's entry on hemerythrin explains its unusual oxygen binding mechanism.
itwbennett writes "Security experts used fake Facebook and LinkedIn profiles to penetrate the defenses of an (unnamed) U.S. government agency with a high level of cybersecurity awareness. The attack was part of a sanctioned penetration test performed in 2012 and its results were presented Wednesday at the RSA Europe security conference in Amsterdam. The testers built a credible online identity for a fictional woman named Emily Williams and used that identity to pose as a new hire at the targeted organization. The attackers managed to launch sophisticated attacks against the agency's employees, including an IT security manager who didn't even have a social media presence. Within the first 15 hours, Emily Williams had 60 Facebook connections and 55 LinkedIn connections with employees from the targeted organization and its contractors. After 24 hours she had 3 job offers from other companies."
Sockatume writes "Sony has released a detailed FAQ for the PS4 system, which launches in coming weeks. Of particular note: although Bluetooth headsets will not be compatible, generic 3.5mm and USB audio devices will work; the console will require activation via the internet or a special disk before it will play Blu-ray or DVDs; media servers, MP3s, and audio CDs are not supported. The console's "suspend/resume" and remote assistance features are listed as unavailable for the North American launch, implying that they will be patched in before the console launches in Europe later in November."
theodp writes "Over at Scripting News, Dave Winer laments the lack of serious software reviews in the NY Times. That wasn't always the case, recalls Dave. 'When they started doing software reviews in the early '80s it was with the usual Times flair,' says Winer. 'But somewhere along the line they stopped taking tech seriously. It's as if they would only review Saturday morning television shows. How could television like The Sopranos or Breaking Bad take root in the culture if there was no criticism that discussed it? Yet that's where we are today with software.' So, does software need a Siskel and Ebert (or A.O. Scott and Manohla Dargis for you highfalutin NYT readers!)?"
Nerval's Lobster writes "Government whistleblower Edward Snowden, exiled in Russia after releasing top-secret documents about the National Security Agency's surveillance activities to the press, has a new job: tech support. Snowden's lawyer, Anatoly Kucherena, told the Associated Press that his client starts work Nov. 1 for a "major" Russian Website, which he declined to name. In June, Snowden—a former CIA employee who worked as a contractor for the NSA—began feeding an enormous pile of classified charts and documents about federal surveillance programs to The Guardian and other newspapers. Many of those documents suggested that the NSA, ordinarily tasked with intercepting communications from terrorists and foreign governments, collects massive amounts of information on ordinary Americans, which in turn ignited a firestorm of controversy. The Snowden revelations have continued into this week, with The Washington Post reporting that the NSA has aggressively targeted Google and Yahoo servers. Snowden's documents suggest that the agency has figured out how to tap the links connecting the two tech giants' datacenters to the broader Web. Google told the Post that it was "troubled" by the report. A Yahoo spokesperson insisted that the company had "strict controls in place to protect the security of our datacenters" and that "we have not given access to our data centers to the NSA or to any other government agency.""
angry tapir writes "Two privacy-focused email providers have launched the Dark Mail Alliance, a project to engineer an email system with robust defenses against spying. Silent Circle and Lavabit abruptly halted their encrypted email services in August, saying they could no longer guarantee email would remain private after court actions against Lavabit, reportedly an email provider for NSA leaker Edward Snowden."
SonicSpike writes "As the nation moves from a tangible goods-based economy to a service-based economy, a few states are trying to keep revenues robust by taxing technological services such as software upgrades and cloud computing. But a backlash from the high-tech industry has quashed most efforts. As a result, the U.S. has a patchwork quilt of state taxes on technological services. Some states that have tried to impose such taxes have failed spectacularly, and most have not tried at all. According to the Tax Foundation, a nonpartisan think tank that studies taxes, only 10 states (Connecticut, New Mexico, Hawaii, South Dakota, Mississippi, Missouri, Nebraska, Tennessee, Texas and West Virginia) and the District of Columbia tax all writing or updating of software. Only New Mexico, Hawaii and South Dakota levy their general sales taxes on all software services. States with sales taxes do, however, levy those taxes on software that is sold on CDs or other hard storage materials. About half the states also tax 'canned' (non-altered) software that can be downloaded, according to the Tax Foundation. Elia Peterson, an analyst with the foundation, said in a recent paper that states are reluctant to tax computer services in large part because it 'is an especially mobile industry and could easily move to a lower tax state.'"
mask.of.sanity writes "Stand aside P!nk, Niki Minaj; you've just been beaten by a music generator. One Aussie security expert curious about the fraud mechanisms at play on streaming services like Spotify uploaded garbage music tracks and directed three Amazon virtual machines to click the play button 24/7 for a month, earning him top spot in online music charts and $1000 in royalties."
coondoggie writes "Imagine 500 million short copper wires — no longer than the tip of your index finger — floating in space creating what amounts to an antenna belt that could be used to send messages and conduct other space communications research. That would describe the 1960s era Project Space Needles or Project West Ford as it was sometimes called that NASA and the Massachusetts Institute of Technology last undertook in 1963 which saw the blasting of millions of those copper hairs into space. NASA's Orbital Debris Program Office this month did a 'Where are they now' look at those copper wires and said that after 50 years, some of them indeed still make up a small amount of orbital debris."