Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:Idiots (Score 1) 223

Note however that it's possible to detect contemporary rootkits in situ on a live system, even if any process that runs in ring0 obviously has the upper hand in a pure theoretical sense. One technique for this is to compare data returned from API calls with raw reads of the data (this is the technique used by "RootkitRevealer".)

Comment Re:Go vigilante (Score 2, Informative) 223

Take a look at Schneier's arguments against this: http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html. One additional point is that stack/heap overflows and other memory-corrupting vulnerabilities often can't be made to be 100% reliable, and can be difficult to code for different service packs and such. This can be, and is, coded around as a matter of course, but a bug in the exploitation process can have disastrous and unpredictable results (in this case, interruption of a large swath of critical internal office file sharing networks.) This doesn't matter to the criminals, but it presumably matters to any prospective "grey hat" worm authors.

Comment It would be so easy. (Score 5, Interesting) 223

Every time i see one of these high-yield Windows remote execution holes, I'm tempted to couple a timed network-stack-erasing payload to it (24 hours should be enough for it to be able to infect through vpn-connected laptops and such) and send it cracking. Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare? It could be argued that it's more fun to play pranks and infiltrate corporate and government networks, but we don't even see things like that (I know it was more common up to the early 90s, when the "criminal prankster hacker scene" still existed outside of small tight groups...)? Or do people just cover it up? You sysadmins out there, have you ever had anything like that happen to you, or anyone you know?

Comment The whole point. (Score 3, Interesting) 151

The whole point of this new method is that you can cauterize a wound without charring the flesh, instead just melting it. The optimal temperature for this is, apparently, 60-70 deg. C., and this is maintained using feedback from an infrared sensor on the "soldering pen". They apparently also use a water soluble protein as "solder". The scars on in the TFA pictures look real nice. Wonder if the wound will hurt more or less than a conventionally sealed wound?

Comment Re:Segregated pools... (Score 1) 307

No, sorry. I am however quite certain that it is *much smaller* relative to the population (It's difficult to be homeless if you don't fit into one of the categories above), but saying that it is *nonexistent* would be an outright lie. Remember, Sweden has a large "problem" with our illegal immigrants, in that we deport women and children back to warzones, so they're forced to go underground and cut all ties with society, living on the mercy of underground humanitarian networks. Our immigration policy is a disaster that US leftists tend to be ignorant of.

Comment Re:Segregated pools... (Score 2, Informative) 307

I live in Sweden, and we have a non-insignificant population of homeless people in the major cities, mainly consisting of uneducated immigrants, druggies and runaway kids. A few "normal" citizens down on their luck too. You get an apartment from the social services if you are drug-free, but some people just can't quit, and i guess some people are too sane to be in an asylum but too insane to live on their own. Remember, illegal immigrants don't get those benefits, if they don't manage to find hostpital staff willing to look the other way.

It's funny.  Laugh.

Submission + - Eric Raymond gets the clue stick from uber-hacker 11

An anonymous reader writes: Eric Raymond recently wrote to defend open-source innovation against the vicious attacks of some rabid proprietary software zealot. The guy later complains that ESR quoted him out of context, and that he exaggerates the role hackers played in the development of the web, drawing a parallel with his own role in 3D games. ESR, apparently very unimpressed, misses the clue entirely and goes all nuclear on him: "You are articulating the assumptions of someone who is merely talented. I, on the other hand, have known geniuses [...] I may actually be one myself." End of story? Not quite, here is the kicker. The guy responds: "To the best of my knowledge, there are less than 30 people on this planet who can claim having designed a successful operating system entirely from scratch[...]. I'm one of them." It turns out that ESR's "victim", not content with having written one of the earliest 3D game, is also behind HP's Itanium virtualization technology...
Social Networks

Study Recommends Online Gaming, Social Networking For Kids 189

Blue's News pointed out a report about a study sponsored by the MacArthur Foundation which found that online gaming and social networking are beneficial to children, teaching them basic technical skills and how to communicate in the Information Age. The study was conducted over a period of three years, with researchers interviewing hundreds of children and monitoring thousands of hours of online time. The full white paper (PDF) is also available. "For a minority of children, the casual use of social media served as a springboard to them gaining technological expertise — labeled in the study as 'geeking out,' the researchers said. By asking friends or getting help from people met through online groups, some children learned to adjust the software code underpinning some of the video games they played, edit videos and fix computer hardware. Given that the use of social media serves as inspiration to learning, schools should abandon their hostility and support children when they want to learn some skills more sophisticated than simply designing their Facebook page, the study said."

Comment Re:Good intentions and all that... (Score 1) 51

The thing with spyware is that it's included in legitimate apps, typically, and the user has to click through an EULA. Also, all software sold with the intended purpouse of large-scale crime have to be explicitly designed for the fraud in question (code for capturing credit card numbers and passwords from browser sessions/committing various forms of DDOS attacks for example.) The purpose of the software is obvious from it's construction (which conveniently also sets it apart from how commercial pen testing tools are constructed, which have no need for the above features, not to mention how they are marketed.) Relatively benign hacking software not explicitly designed for large-scale economic crime (phearbot, phatbot, poison ivy) would certainly slip under the pen-test or remote administration heading while actually being used in a very large amount of semi-skilled targeted attacks, but on the other hand these are not at all as dangerous given the assumption that the attacker simply acts as a passive consumer that cannot modify the tools he has bought (which is the load-bearing point of first post), and that the crimes we are looking to prevent are DDOS/data encryption extortion and large-scale credit card fraud.

Slashdot Top Deals

Garbage In -- Gospel Out.

Working...