Security

Security Threats 3 Levels Beyond Kernel Rootkits 264

GhostX9 writes "Tom's Hardware has a long interview with security expert Joanna Rutkowska (which is unfortunately split over 9 pages). Many think that kernel rootkits are the most dangerous attacks, but Joanna and her team have been studying exploits beyond Ring 0 for some years. Joanna is most well known for the BluePill virtualization attack (Ring -1) and in this interview she chats a little bit about Ring -2 and Ring -3 attacks that go beyond kernel rootkits. What's surprising is how robust the classic BluePill proof-of-concept is: 'Many people tried to prove that BluePill is "detectable" by writing various virtualization detectors (but not BluePill detectors). They simply assumed that if we detect a virtualization being used, this means that we are "under" BluePill. This assumption was made because there were no products using hardware virtualization a few years ago. Needless to say, if we followed this way of reasoning, we might similarly say that if an executable makes network connections, then it must surely be a botnet.'" Rutkowska says that for her own security, "I don't use any A/V product on any of my machines (including all the virtual machines). I don't see how an A/V program could offer any increased security over the quite-reasonable-setup I already deployed with the help of virtualization." She runs three separate virtual machines, designated Red, Yellow, and Green, each running a separate browser and used for increasingly sensitive tasks.
Earth

Brazil Demands Repatriation of UK Hazardous Waste 110

Peace Corps Online writes "BBC reports that Brazilian authorities are demanding the return of more than 1,400 tons of hazardous British waste found in about 90 shipping containers on three Brazilian docks. The waste, which includes syringes, condoms, and bags of blood, has been identified as being of UK origin from the names of British supermarkets and newspapers among the rubbish. Reports in the UK media say the waste was sent from Felixstowe in eastern England to the port of Santos, near Sao Paulo, and two other ports in the southern state of Rio Grande do Sul. The British government has launched an investigation into how and why the waste was sent to Brazil and the British Embassy in Brazil has said in a statement that it was investigating and would 'not hesitate to act' if it was found that a UK company had violated the Basel Convention on the movement of hazardous waste. Meanwhile Brazil is demanding the immediate return of the rubbish to the UK. 'We will ask for the repatriation of this garbage,' says Roberto Messias, head of the Brazilian environment agency. 'Clearly, Brazil is not a big rubbish dump of the world.'" Two UK companies named by Brazil as suspected exporters of the waste are owned by a Brazilian, based in the UK, who says that anything that was in the containers other than the expected recyclable plastic is a problem to take up with his suppliers.
Social Networks

Of Science and Choice In Online Dating 311

Must be summertime, as online publications turn to the contemplation of Internet dating. The NY Times's piece (registration may be required) takes a not particularly deep look at the reality behind the "science" claims of chemistry.com, eHarmony.com, and others. "The question is how much it really matters to users if the methods have any scientific basis. A friend of mine... said she looked at several dating sites and chose the ones that looked like they had 'the least riffraff.'" Technology Review focuses on studies showing that the overwhelming number of choices presented by many dating sites can be counterproductive: "...more search options lead to less selective processing by reducing users' cognitive resources, distracting them with irrelevant information, and reducing their ability to screen out inferior options." The article concludes with a look at the startup Omnidate, which offers technology for 3D virtual dating. The site has had twice as many women (by percentage) sign up as the other dating sites typically see.
Government

We Were Smarter About Copyright Law 100 Years Ago 152

An anonymous reader writes "James Boyle has a blog post comparing the recording industry's arguments in 1909 to those of 2009, with some lovely Google book links to the originals. Favorite quote: 'Many and numerous classes of public benefactors continue ceaselessly to pour forth their flood of useful ideas, adding to the common stock of knowledge. No one regards it as immoral or unethical to use these ideas and their authors do not suffer themselves to be paraded by sordid interests before legislative committees uttering bombastic speeches about their rights and representing themselves as the objects of "theft" and "piracy."' Industry flaks were more impressive 100 years ago. In that debate the recording industry was the upstart, battling the entrenched power of the publishers of musical scores. Also check out the cameo appearance by John Philip Sousa, comparing sound recordings to slavery. Ironically, among the subjects mentioned as clearly not the subject of property rights were business methods and seed varieties." Boyle concludes: "...one looks back at these transcripts and compares them to today's hearings — with vacuous rantings from celebrities and the bloviation of bad economics and worse legal theory from one industry representative after another — it is hard not to feel a sense of nostalgia. In 1900, it appears, we were better at understanding that copyright was a law that regulated technology, a law with constitutional restraints, that property rights were not absolute and that the public would not automatically be served by extending rights out to infinity."
Microsoft

Publishers Pressuring MS To Push Indies From Xbox Live? 100

R. Dobbs writes "Microsoft has reportedly drastically reduced the amount of indie titles it's going to allow on its Live Arcade service — but no such limits have been placed on material from major publishers. Have the publishers themselves been pushing this agenda? And what will it mean for indies? Quoting: 'More and more indie developers are being created, bucking the trend of working for the blockbuster-sized titles of many publishers and opting to control their own development and keep their IPs. This is likely becoming more and more of a concern to major publishers, who seem — especially in ZeniMax's recent purchase of id Software and EA's combination of Bioware and Mythic, as well as Warner Bros. purchase of Midway's IPs and studios — to be doing everything they can to consolidate their power and lock down all the available resources.' When questioned, Microsoft released a statement saying that they're 'a great supporter of independent game development.'"
The Internet

Online Forum Leads To Hostile Workplace Lawsuit 330

Tiger4 writes "A group of black Philadelphia police officers have filed a lawsuit against the police department and the city, alleging a hostile work environment due to a private website popular with police. Their story has received wide coverage. From CNN: 'The suit alleges white officers post on and moderate the privately operated site, Domelights.com, both on and off the job. Domelights' users "often joke about the racially offensive commentary on the site ... or will mention them in front of black police officers," thus creating "a racially hostile work environment," according to lawyers for the all-black Guardian Civic League, the lead plaintiff in the suit.' The site appears to be owned and operated by a member of the police force, but it is not funded or operated by the city. Management clearly knows it exists; it is possible police force members access it on the job, and the suit says some of them reference it on the job. Individual police force members have a right to their own opinions, but management has a responsibility to enforce the law fairly and equitably across the city and among their own workforce. What is the solution here?"
Red Hat Software

Red Hat Is Now Part of the S&P 500 128

phantomfive writes "Red Hat has made it onto the S&P 500, an important measure of the stock market. It is replacing CIT, which is expected to go bankrupt after the government refused to bail them out. Red Hat is the first Linux company to make it on to the S&P 500. While this means little directly for the company, it is an indication of the importance Linux is taking on in the world."
Communications

Verizon Offers Compromise In Exclusivity Debate 106

For about a month now, Congress and the FCC have been investigating the exclusivity deals between mobile carriers and phone makers which require that certain handsets only operate on certain networks (for example, the iPhone on AT&T). Now, Verizon has volunteered a compromise to Rep. Rick Boucher (D-VA), chairman of the House Energy Subcommittee on Communications, Technology and the Internet, which would allow smaller carriers access to the restricted phones after a six-month delay, while continuing to block the major carriers. "From now on, when Verizon strikes a deal with a manufacturer for exclusive access to a handset, it will allow the phone be sold after six months to any carrier with fewer than 500,000 customers." In a letter to Boucher, Verizon said, "Exclusivity arrangements promote competition and innovation in device development and design. We work closely with our vendors to develop new and exciting devices that will attract customers. When we procure exclusive handsets from our vendors we typically buy hundreds of thousands or even millions of each device. Otherwise manufacturers may be reluctant to make the investments of time, money and production capacity to support a particular device." Many remain unimpressed by Verizon's generosity.
Microsoft

The Hidden Costs of Microsoft's Free Office Online 174

Michael_Curator writes "Despite what you've heard, the online version of Office 2010 announced by Microsoft earlier this week won't be free to corporate users. Business customers will either have to pay a subscription fee or purchase corporate access licenses (CALs) for Office in order to be given access to the online application suite (Microsoft already does this with email — the infamous Outlook Web Access). But wait — there's more! A Microsoft spokesperson told me that customers will need to buy a SharePoint server, which ranges from $4,400 plus CALs, or $41,000 with all CALs included, if they want to share documents created using the online version of Office 2010."
Security

New Linux Kernel Flaw Allows Null Pointer Exploits 391

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"
Games

Massively Single-Player Gaming? 209

Massively is running an article discussing the trend in recent MMOs to enable and encourage solo play. Where the genre's early offerings, like Everquest and Ultima Online, were heavily dependent on finding other people to interact with, it's common for today's games to allow players to experience most of the content by themselves. Quoting: "It is human nature to want to be the center of attention or at least feel like the hero on some level. It's also not too far of a stretch to call members of our species generally selfish. How can you really deliver this experience if you force your players to ask for help all the time? I think this was simply a natural progression of the genre in trying to appeal to our natural traits. ... Finally, I believe it all comes down to the mighty dollar. Audiences grew and so followed the market and competition. Suddenly, you couldn't make MMOs on the cheap anymore (though a stalwart few still try). Not only are game studios focused on appealing to the solo casual gamer to maximize earnings, they also want to build in artificial time sinks to make players stick around."
Privacy

The NSA Wiretapping Story Nobody Wanted 144

CWmike writes "They sometimes call national security the third rail of politics. Touch it and, politically, you're dead. The cliché doesn't seem far off the mark after reading Mark Klein's new book, Wiring up the Big Brother Machine ... and Fighting It. It's an account of his experiences as the whistleblower who exposed a secret room at a Folsom Street facility in San Francisco that was apparently used to monitor the Internet communications of ordinary Americans. Amazingly, however, nobody wanted to hear his story. In his book he talks about meetings with reporters and privacy groups that went nowhere until a fateful January 20, 2006 meeting with Kevin Bankston of the Electronic Frontier Foundation. Bankston was preparing a lawsuit that he hoped would put a stop to the wiretap program, and Klein was just the kind of witness the EFF was looking for. He spoke with Robert McMillan for an interview."
Privacy

UK Police Raid Party After Seeing "All-Night" Tag On Facebook 628

An anonymous reader writes "Apparently the police like to spend their time trawling our private information on Facebook looking for criminals. 'Riot police stormed a man's 30th birthday barbecue for 15 guests because it was advertised as an "all-night" party on Facebook. Four police cars, a riot van, and a force helicopter were dispatched to a privately-owned field in a small village near Sowton, Devon in the UK on Saturday, ordering the party shut down or everyone would be arrested. The birthday barbecue was busted up before they even had a chance to plug the music in, reports the BBC. It was about 4pm when eight officers with camouflage pants and body armor jumped out of their vehicles and ordered everyone out about an hour into the party.' The event's organizer, Andrew Poole, said, 'The police had full-on camouflage trousers on and body-armour, it was ridiculous. There were also several plain-clothes officers as well ... they kept on insisting it has been advertised it as an all-night rave on the internet. The times on it were put as "overnight" in case people wanted to sleep-over, but after being explained this they were still banging on saying it was advertised on the internet. They wouldn't accept it wasn't a rave. It was in a completely isolated field.'"
Music

Rock Band To Allow Independent Artists To Add Their Own Songs 57

Bakkster writes "Independent artists will be able to use the XNA Creator's Club to produce the Rock Band note-charts for their music and sell them in game later this year. Bands will use their original song masters and generate a MIDI file that produces the game 'gems' to which players can follow along. Tracks must pass a review process with other XNA members, and then a final approval from MTV Games. Songs will be sold for between 50 cents and $3, with the artist getting a 30% cut after MTV and Microsoft take their cut. The best tracks will also make their way to the Wii and PS3 after a 30-day exclusive period."
Space

Beyond the X-PRIZE — a $1.5B Commercial Lunar Market 33

coondoggie writes "Optimism certainly abounds in some corners of the manned space community. Today the aerospace consultancy Futron said that as much as $1.5 billion may be up for grabs for commercial space operation in the next ten years. The consultancy singled out the $30 million Google Lunar X-PRIZE contestants as a highly likely group to take advantage of such a cash pot, but there are many others who'd like a slice of that pie as well. But it's not all wine and roses; finances loom large over any space projects, and technology development is also proving to be a bugaboo. For example, even as NASA's commercial partners, such as SpaceX and Orbital, have made steady progress in developing space cargo transportation technology, they have also recently fallen behind their development schedules."

Slashdot Top Deals