Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Submission + - Bank software update hits mortgage repayments (computerworlduk.com)

ChiefMonkeyGrinder writes: Clydesdale Bank and Yorkshire Bank have blamed a software glitch for under-calculating customer mortgage repayments. In a statement, the banks have admitted to miscalculating around 18,000 borrowers’ repayments, which has led to customers underpaying. Customers are now being told to fork out more money as the banks try to recoup the money customers should have been paying in line with their mortgage terms.
Security

Submission + - Dell and its new super secure firefox (networkworld.com)

SnugglesTheBear writes: 'The browser, which is based on version 3.6 of Firefox, comes with Adobe Reader and Flash plug-ins, as well as the ability to create 'white' and 'black' lists of the processes that may be started during web surfing as well as the sites that can be visited.

"Limiting browser use to specific sites can control usage and protect from cross-site scripting attacks. By specifying which sites are to be blocked, it makes it easy to keep users away from known bad sites, and thereby limit their exposure to attacks," Dell said.' Coupled with the malware shipped in Dell's motherboards, you will still have an infected machine, but perhaps this can help..

Open Source

Submission + - Lightspark 0.4.2 open source Flash player released (h-online.com)

suraj.sun writes: The Lightspark project has released version 0.4.2 of its free, open source Flash player. According to Lightspark develoepr Alessandro Pignotti, the alternative Flash Player implementation is "designed from the ground up to be efficient on current and (hope fully) future hardware".

The latest release of Lightspark features better compatibility with YouTube videos, sound synchronisation support and the ability to use fontconfig for font selection. Other changes include plug-in support for Google's Chrome/Chromium web browser and support for Firefox's out of process plug-in (OOPP) mode, which was added in version 3.6.4 of the browser.

H-online: http://www.h-online.com/open/news/item/Lightspark-0-4-2-open-source-Flash-player-released-1042757.html

Google

Submission + - Nexus One A Failed Experiment In Online Sales 1

shmG writes: The demise of the Google Nexus One phone is fairly straightforward: a lack of sales killed the product While it will continue to sell through Vodafone in Europe, KT in Korea and a few others, the experiment of Google selling a phone direct to consumers online is dead. "The bottom line is people like to look at phones in the store. Google has a lot to learn about phone sales, this is one lesson they learned,"
Botnet

Submission + - Inside the Black Energy 2 Botnet (threatpost.com)

Trailrunner7 writes: Threatpost has an interesting column that provides a detailed analysis of the notorious Black Energy 2 botnet, which has been wreaking havoc with DDoS attacks, spam operations and playing a part in web redirects and malware campaigns. "The bot has several main functions: it hides the malware code from antivirus products, infects system processes and, finally, offers flexible options for conducting a range of malicious activities on an infected computer when commands are received from the botnet command-and-control (C&C) center. Each task is performed by a different component of the malicious program.

Initially, the Black Energy bot was created with the aim of conducting DDoS attacks, but with the implementation of plugins in the bot’s second version, the potential of this malware family has become virtually unlimited. (However, so far cybercriminals have mostly used it as a DDoS tool). Plugins can be installed, e.g. to send spam, grab user credentials, set up a proxy server etc. The upd command can be used to update the bot, e.g. with a version that has been encrypted using a different encryption method. Regular updates make it possible for the bot to evade a number of antivirus products, any of which might be installed on the infected computer, for a long time.

This malicious tool has high potential, which naturally makes it quite a threat. Luckily, since there are no publicly available constructors online which can be used online to build Black Energy 2 bots, there are fewer variants of this malware than say, ZeuS or the first version of Black Energy. However, the data we have shows that cybercriminals have already used Black Energy 2 to construct large botnets, and these have already been involved in successful DDoS attacks.

Science

Submission + - Astronomers find star 300 times as massive as Sun (sciencemag.org)

sciencehabit writes: Science reports: Using the world's most powerful ground-based telescope, astronomers have identified the seven heaviest stars ever found. One of these "blue supergiants" has a mass equivalent to 300 of our Suns—or twice as much mass as prevailing theory said a star could acquire. All will eventually go supernova, but the type of explosion they will generate is unknown. They could form neutron stars or black holes or obliterate themselves.

Submission + - E.T. Throws Stones (metro.co.uk)

xednieht writes: Bosnian man's house hit an incredible 6 times by meteorites — believes ET is messing with him. The odds of being hit by a meteorite are very small yet since 2007 his house has been hit 6 times. Belgrade University confirms the rocks he handed over are in fact meteorites.
AMD

Submission + - ARM blocked from server market, says analyst (eetimes.com)

An anonymous reader writes: Despite a number of announcements in recent months that ARM and Marvell would be having a tilt at the server market, an analyst from Future Horizons gives them little hope of success. Big players like Google are solidly based on Intel, need 64-bit processing and will not migrate to ARM for legacy reasons, according to Mike Bryant, quoted here.

Submission + - Facebook: man claiming ownership has no case (skunkpost.com)

crimeandpunishment writes: Attorneys for Facebook and a New York man claiming majority ownership of the site faced off in a Buffalo courtroom Tuesday, and if Facebook gets its way there won't be too many more days in court. The site wants to get Paul Ceglia's claim thrown out of court. He claims a seven-year-old agreement with Facebook founder Mark Zuckerberg entitles him to 84 percent of the company. Facebook acknowledges Ceglia and Zuckerberg worked together, but says the contract Ceglia submitted was full of "things that don't make sense".
Windows

Submission + - Researchers prep windows that work as solar cells (eetimes.com)

An anonymous reader writes: Researchers at New Energy Technologies Inc. (Burtonsville, Maryland), are developing SolarWindow technology, and plan to unveil a working prototype of the world's first-ever glass window capable of generating electricity in a matter of weeks, according to this EE Times story . Up until now solar cells have been opaque. But if you can see through a solar cell why shouldn't we make every window a solar cell?
Science

Submission + - Battling Asteroids, Nanobots, and A.I. (nytimes.com)

Maria Williams writes: The Lifeboat Foundation is a nonprofit that seeks to protect people from some seriously catastrophic technology-related events. It funds research that would prevent a situation where technology has run amok, sort of like a pre-Fringe Unit.

The organization has a ton of areas that it's looking into, ranging from artificial intelligence to asteroids. A particular interest for the group revolves around building shields and lots of them, such as Neuroethics Shield — "to prevent abuse in the areas of neuropharmaceuticals, neurodevices, and neurodiagnostics."

Security

Submission + - Is open source SNORT dead? (networkworld.com)

alphadogg writes: Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead?

The Open Information Security Foundation (OISF), a nonprofit group funded by the U.S. Dept. of Homeland Security (DHS) to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars.

The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled.

"Snort is not conducive to IPv6 nor to multi-threading," Jonkman says, adding, "And Snort 3.0 has been scrapped."

According to Jonkman, OISF's first open source release Suricata 1.0 is superior to Snort in a number of ways, including how it can inspect network packets using a multi-threading technology to inspect more than one packet at a time, which he claims improves the chances of detecting attack traffic

Security

Submission + - Next Adobe Reader Will Include Sandboxing (threatpost.com)

Trailrunner7 writes: The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software. The security feature, called "Protected Mode," is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe's security chief Brad Arkin.

In an interview with Threatpost, Arkin said the sandbox is scheduled for release before the end of this year and is based on Microsoft's Practical Windows Sandboxing technique. The sandbox will be turned on by default and will display all operations in a PDF file in a very restricted manner. The first sandbox implementation will isolate all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Arkin believes this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.

Slashdot Top Deals

PURGE COMPLETE.

Working...