Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Attackers Can Hijack Security Software via Microsoft Tool (securityweek.com)

wiredmikey writes: Researchers have identified a new technique that can be used by attackers to take full control of popular security software products.

The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications.

The attack, dubbed by the security firm Cybellum as “DoubleAgent,” allegedly affects the products of several vendors, including Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, Quick Heal and Symantec (Norton). Only a few of the vendors have released patches.

The tool works by loading a so-called “verifier provider DLL” into the targeted application’s process for runtime testing, which allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.

Submission + - U.S. Charges Russian FSB Officers For Hacking Yahoo, Millions Email Accounts (helpnetsecurity.com) 1

Orome1 writes: A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts. "People rightly expect that their communications through Silicon Valley internet providers will remain private, unless lawful authority provides otherwise. We will not tolerate unauthorized and illegal intrusions into the Silicon Valley computer infrastructure upon which both private citizens and the global economy rely,” said U.S. Attorney Brian Stretch for the Northern District of California.

Submission + - Bill Would Legalize Active Defense Against Hacks

Trailrunner7 writes: A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack.

Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty Act, the legislation seeks to amend the CFAA, the much-maligned 1986 law that is used in most computer crime prosecutions.

The proposed legislation includes the caveat that victims can’t take any actions that destroy data on another person’s computer, causes physical injury to someone, or creates a threat to public safety. The concept of active defense has been a controversial one in the security community for several years, with many experts saying the potential downside outweighs any upside. Not to mention that it’s generally illegal.

Submission + - Javascript side-channel attack can bypass ASLR

ripvlan writes: A new attack proposed and demonstrated by researchers uses Javascript to do a "simple" attack thereby bypassing all of the security goodness of Address Space Layout Randomization. ASLR is a technique to make sure memory isn't where you expect it to be — thus making Stack overflows and Heap overwrites difficult to implement in a predictable manner.

Researchers showed how a Javascript program can implement a side-channel attack on the Memory Management Unit of any CPU and discover the layout of memory. Their sample can also be injected into a Drive-By attack — thus making future exploits more...eh.. reliable. https://arstechnica.com/securi...

Submission + - Apple Will Fight 'Right To Repair' Legislation (vice.com)

An anonymous reader writes: Apple is planning to fight proposed electronics "Right to Repair" legislation being considered by the Nebraska state legislature, according to a source within the legislature who is familiar with the bill's path through the statehouse. The legislation would require Apple and other electronics manufacturers to sell repair parts to consumers and independent repair shops, and would require manufacturers to make diagnostic and service manuals available to the public. Nebraska is one of eight states that are considering right to repair bills; last month, Nebraska, Minnesota, New York, Massachusetts, Kansas, and Wyoming introduced legislation. Last week, lawmakers in Illinois and Tennessee officially introduced similar bills. According to the source, an Apple representative, staffer, or lobbyist will testify against the bill at a hearing in Lincoln on March 9. AT&T will also argue against the bill, the source said. The source told me that at least one of the companies plans to say that consumers who repair their own phones could cause lithium batteries to catch fire. So far, Nebraska is the only state to schedule a hearing for its legislation.

Submission + - LIGO doesn't just detect gravitational waves. It makes them, too (sciencemag.org)

sciencehabit writes: The Laser Interferometer Gravitational-Wave Observatory (LIGO) is not only the most sensitive detector of ripples in spacetime. It also happens to be the world's best producer of gravitational waves, a team of physicists now calculates. Although these waves are far too feeble to detect directly, the researchers say, the radiation in principle could be used to try to detect weird quantum mechanical effects among large objects.

Submission + - New York Sues Charter Over Slow Internet Speeds (reuters.com)

An anonymous reader writes: New York filed a lawsuit on Wednesday accusing Charter Communications Inc of short-changing customers who were promised faster internet speeds than it could deliver. The lawsuit in State Supreme Court in Manhattan accused Charter's Spectrum unit, until recently known as Time Warner Cable, of systematically defrauding customers since 2012 by promising and charging for services it knew it could not offer. At least 640,000 subscribers signed up for high-speed plans but got slower speeds, and many subscribers were unable to access promised online content such as Facebook, Netflix, YouTube and various gaming platforms, the complaint said. The lawsuit seeks "full restitution" for customers, as well as hefty civil fines. Among the allegations in the complaint was an accusation that Time Warner Cable leased older-generation modems to 900,000 subscribers knowing that the modems could not achieve faster internet speeds.

Submission + - Deep Learning Algorithm Diagnoses Skin Cancer As Well As Seasoned Dermatologists (extremetech.com)

An anonymous reader writes: Remember how that Google neural net learned to tell the difference between dogs and cats? It’s helping catch skin cancer now, thanks to some scientists at Stanford who trained it up and then loosed it on a huge set of high-quality diagnostic images. During recent tests, the algorithm performed just as well as almost two dozen veteran dermatologists in deciding whether a lesion needed further medical attention. The algorithm is called a deep convolutional neural net. It started out in development as Google Brain, using their prodigious computing capacity to power the algorithm’s decision-making capabilities. When the Stanford collaboration began, the neural net was already able to identify 1.28 million images of things from about a thousand different categories. But the researchers needed it to know a malignant carcinoma from a benign seborrheic keratosis. Dermatologists often use an instrument called a dermoscope to closely examine a patient’s skin. This provides a roughly consistent level of magnification and a pretty uniform perspective in images taken by medical professionals. Many of the images the researchers gathered from the Internet weren’t taken in such a controlled setting, so they varied in terms of angle, zoom, and lighting. But in the end, the researchers amassed about 130,000 images of skin lesions representing over 2,000 different diseases. They used that dataset to create a library of images, which they fed to the algorithm as raw pixels, each pixel labeled with additional data about the disease depicted. Then they asked the algorithm to suss out the patterns: to find the rules that define the appearance of the disease as it spreads through tissue. The researchers tested the algorithm’s performance against the diagnoses of 21 dermatologists from the Stanford medical school, on three critical diagnostic tasks: keratinocyte carcinoma classification, melanoma classification, and melanoma classification when viewed using dermoscopy. In their final tests, the team used only high-quality, biopsy-confirmed images of malignant melanomas and malignant carcinomas. When presented with the same image of a lesion and asked whether they would “proceed with biopsy or treatment, or reassure the patient,” the algorithm scored 91% as well as the doctors, in terms of sensitivity (catching all the cancerous lesions) and sensitivity (not getting false positives).

Submission + - SPAM: Russian Cybersecurity Expert Arrested Over Treason Charges

An anonymous reader writes: Cybersecurity expert Ruslan Stoyanov of Russia’s leading anti-virus company Kaspersky Lab has been arrested on charges of treason. The head of investigations at the multinational cybersecurity provider has been in pre-trial detention, alongside an official from Russia’s Federal Security Service (FSB), since December 2016. Stoyanov, an employee at Kaspersky since 2012, is an incident response specialist with particular expertise in distributed denial of service (DDoS) attacks. He is also thought to have held top positions within Moscow’s Ministry of Interior between 2000 and 2006. Kaspersky Lab has confirmed the arrest but has not revealed any further details on the probe.

Submission + - ASUS takes on Raspberry Pi with its 4K-capable, Kodi-ready Tinker Board (betanews.com)

BrianFagioli writes: If you love Raspberry Pi, but require a little more power for your projects, then ASUSâ(TM)s Tinker Board could be just what youâ(TM)re looking for.

Although thereâ(TM)s no shortage of Raspberry Pi alternatives, the low-cost Tinker Board is better than most because its quad-core 1.8GHz ARM Cortex-A17 processor has the oomph to handle 4K video and 24-bit audio, and it comes with twice as much RAM as the latest Pi.

Submission + - Eggs from Skin Cells? Why the Next Fertility Technology Will Open Pandora's Box (technologyreview.com)

schwit1 writes: Imagine you are Brad Pitt. After you stay one night in the Ritz, someone sneaks in and collects some skin cells from your pillow.

But that’s not all. Using a novel fertility technology, your movie star cells are transformed into sperm and used to make a baby. And now someone is suing you for millions in child support.

Such a seemingly bizarre scenario could actually be possible, say three senior medical researchers who today have chosen to alert the public to the social risks of in vitro gametogenesis, a technique they say could allow any type of cell to be reprogrammed into a sperm or egg.

Submission + - Carbon nanotube-based memory poised for commercialization in 2018 (computerworld.com)

Lucas123 writes: Nano-RAM, which is based on carbon nanotubes and is claimed to have virtually a limitless number of write cycles and can achieve up to 3.2 billion data transfers per second or 2.4Gbps — more than twice as fast as NAND flash — is now being produced in seven fabrication plants around the world. Fujitsu plans to develop a custom embedded storage-class memory module using a DDR4 interface by the end of 2018, with the goal of expanding its product line-up into a stand-alone NRAM product family. A new report from BCC Research states the NRAM will likely challenge all other memory types for market dominance and is expected to be used in everything from IoT sensors to smartphone memory and embedded ASICS for automobiles.

Submission + - Enigma encryption machines could help create fraud-proof bank cards

randomErr writes: German's Enigma ciphering machines technology will be used to create ultra-secure encryption cards. The digital Enigma machines inside the cards will replace the existing three-digit CVV security number and could remove the need for a PIN. These new credit and debit cards will have a complex Enigma-based machine integrated into them that will regularly create new three digit number combinations. This new system will hopefully add an extra step for would-be fraudsters. Near Field Communication (NFC) and possibly WiFi aerial or Bluetooth may be integrated as well.

Submission + - T-Mobile Announces Digits: One Phone Number For All Your Devices (theverge.com)

An anonymous reader writes: T-Mobile just revealed its answer to AT&T’s NumberSync technology, which lets customers use one phone number across all their connected devices. T-Mobile’s version is called Digits and it will launch in a limited, opt-in customer beta beginning today before rolling out to everyone early next year. “You can make and take calls and texts on whatever device is most convenient,” the company said in its press release. “Just log in and, bam, your call history, messages and even voicemail are all there. And it’s always your same number, so when you call or text from another device, it shows up as you.” When it leaves beta, Digits will cost an extra monthly fee, but T-Mobile isn’t revealing pricing today. “This is not going to be treated as adding another line to your account,” said COO Mike Sievert. “Expect us to be disruptive here.” And while its main feature is one number for everything, Digits does offer T-Mobile customers another big perk: multiple numbers on the same device. This will let you swap between personal and work numbers without having to maintain separate lines and accounts. You can also give out an “extra set” of Digits in situations where you might be hesitant to give someone your primary number; this temporary number forwards to your devices like any other call. You can have multiple numbers for whatever purposes you want, based on T-Mobile’s promotional video.

Submission + - Tor Phone Is Antidote To Google 'Hostility' Over Android, Says Developer (arstechnica.com)

An anonymous reader writes: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone—an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.

Slashdot Top Deals

The gent who wakes up and finds himself a success hasn't been asleep.

Working...