Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Microsoft

Same Platform Made Stuxnet, Duqu; Others Lurk 89

wiredmikey writes "New research from Kaspersky Labs has revealed that the platform dubbed 'tilded' (~d), which was used to develop Stuxnet and Duqu, has been around for years. The researchers say that same platform has been used to create similar Trojans which have yet to be discovered. Alexander Gostev and Igor Sumenkov have put together some interesting research, the key point being that the person(s) behind what the world knows as Stuxnet and Duqu have actually been using the same development platform for several years." An anonymous reader adds a link to this "surprisingly entertaining presentation" (video) by a Microsoft engineer, in which "he tells the story of how he and others analysed the exploits used by Stuxnet. Also surprising are the simplicity of the exploits which were still present in Win7." See also the report at Secureist from which the SecurityWeek story draws.

Comment Re:NOT Ubuntu -- try Mandriva. (Score 1) 622

Wrong. They use different kernel versions, with different kernel patches. And most importantly, the userland apps certainly differ here and there. The most important example is the Mandriva Control Center. It's task-oriented, making it far more friendly than searching for configuration tools by name - in particular, if you have a localized system, where translations are often arbitrary and non-intuitive.

For specific examples, check out Mandriva's wizards for video cards, disk partitioning, network setup, network sharing. Now try to setup those things under Ubuntu without hitting the Ubuntu forums first.

That said, network card compatibility is pretty much hit or miss, as they often depend on binary blobs (either proprietary or windows drivers) that break in different ways with different kernel versions. My dad's current laptop's wifi only works reliably with WEP, not WPA, while mine kernel-panics with WEP. I bet bugs would manifest themselves differently on Ubuntu.

Comment Re:Cmake? Maven? (Score 3, Interesting) 29

CMake is there in the summary. Maven is not that popular probably due to its design to do "everything".

What seems to be really missing is autotools. Even if you don't want to admit it is better than most alternatives, it's the only one that really solves a ton of problems that no other tool is able to handle. Simply reading through the autoconf, automake and libtool manuals will teach you a lot about the many issues most other tools just ignore, or solve poorly.

Comment Re:One amusing aspect. (Score 1) 254

It's funny how the so called "homebrew" community is quick to hand anyone's head in a plate, when these companies would very much like to hang them all together. It's not like the bits fail0verflow didn't break were any harder anyways. They brought the pirates 80% of the way in, Geohotz already had the last, say, 15%, only feasible because of the first 80%. And fail0verflow now claims they have no responsibility on the piracy matter.

I don't have anything against the fail0verflow dudes, but I'm sure I will have an ironic smile on my face once one of them gets canned in the same way.

Submission + - Netflix likes open source (netflix.com)

Art3x writes: Netflix's VP of Systems and E-commerce Engineering, Kevin McEntee, just blogged his appreciation for open-source software and open standards. 'At Netflix we jumped on for the ride a long time ago and we have benefited enormously from the virtuous cycles of actively evolving open source projects,' he writes, and he says that Netflix not only uses but has contributed back to projects such as Hudson, Hadoop, Hive, Honu, Apache, Tomcat, Ant, Ivy, Cassandra, and HBase. Instantly streamed in a bunch of comments asking why there's no player for Linux.
Idle

Submission + - New Clothing Line Reminds TSA of the 4th Amendment (aolnews.com)

Hugh Pickens writes: "AOL News reports that there's a line of underclothes that offer a friendly reminder of the Fourth Amendment called 4th Amendment Wear. Metallic ink printed on shirts spells out the privacy rights stated in the amendment and is designed to appear in TSA scanners. The 4th Amendment Wear line also includes non-metallic options, including underpants for both adults and children. Should a passenger be stripped down, instead of the full amendment, they'll receive a more direct message: "Read the 4th Amendment Perverts." "If you're getting that close to kids' underwear, you have license to say something a little tongue-in-cheek," says creator Tim Geoghegan."
United States

Submission + - Paypal account frozen for making Wikileak donation (rathergather.com) 3

kaptink writes: Reddit user 'hellokevin11' blogs:

"I go to log into my business account, and it's locked. The girl on the phone told me it's because my account handles a large amount of money (it's a biz account), I recently sent a lot of money ($4000) overseas, and I also sent money to wikileaks. My account is being investigated for illegal activities and I have to account for what the money was used for. They want invoices and such."

I've been blacklisted as well. "This account has been permanently locked. All information associated with this account has been blocked from the PayPal system and cannot be registered with another account."

Submission + - Could the Wikileaks scandal boost Bitcoin? 1

An anonymous reader writes: Could the Wikileaks scandal and in particular the refusal of payment services such as PayPal to broker money boost the profile of Bitcoin, the decentralised peer-to-peer currency that nobody can control? PC World thinks so. FTA: "There's no single point of weakness. Nobody can stop the Bitcoin system or censor it, short of turning off the entire Internet. If Wikileaks had requested Bitcoins then they would have received their donations without a second thought"
Cellphones

Is 'Quadroid' the New 'Wintel'? 150

CWmike writes "'Wintel' is the term that for years defined Windows-based computers running Intel chips. Now a similar expression is emerging for smartphones: 'Quadroid,' a term that refers to the Qualcomm chips used inside smartphones running the Android mobile operating system. The term, recently coined in a report by the PRTM consultancy, could catch on, largely because Qualcomm provides 77% of the chips in phones running Google's Android, which is expected to take the No. 2 slot in 2010. And the Quadroid alliance is expected to grow. Like Wintel has for PCs, Quadroid could push down profit margins for smartphone manufacturers, some analysts say. That might seem like a good thing to consumers, but may not be so good for many phone makers."

Comment Re:Problems with Verifiable Voting (Score 1) 236

You always depend on a 3rd party to verify it. The entity responsible for the counting can be dishonest even with paper ballots.

Sure, they can count every vote for #3 as a vote for #2. But the system must then be designed to count the votes incorrectly. This is easy to verify later (take one of each ballot type, feed the votes into the system, see if it is counted properly).

Or they could just not give a shit, and ignore the counted votes, and using some arbitrary number instead. Because if you are not trusting the system to count the votes correctly, why would you trust a person to write down the totals to the proper candidate?

Comment Re:Problems with Verifiable Voting (Score 3, Interesting) 236

You do know that TED Talks consist of people going in front of other people and cameras, and talking, right? So perhaps the substance is indeed in the video.

The guy actually presents a very simple way to verify your vote was correctly registered, without ever revealing who you voted for. The secret is to remove the candidate names (by shredding that part of the ballot), scanning your vote into the system, and taking home the receipt, which contains no names. Only the system knows which is which. You can later use your receipt's code to see if it registered your vote properly (because it will match your receipt), but there is no way to know which candidate actually received that vote. It actually solves the problem of verification without compromising privacy.

Slashdot Top Deals

"Out of register space (ugh)" -- vi

Working...