Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Windows 10 UAC Bypass Uses Backup and Restore Utility (

An anonymous reader writes: A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware.

Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10, and not earlier OS versions, and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Submission + - JBoss Java Server Backdoor Puts 3.2 Million Servers at Risk (

An anonymous reader writes: A few weeks back the US and Canada were issuing joint alerts on the increase in ransomware infections. One of the reasons of those alerts is the SamSam ransomware which uses vulnerabilities in older JBoss servers to infect corporate networks with a backdoor and spread the ransomware to all users connected to the central server. Cisco has performed a thorough search on this JBoss backdoor, and found over 3.2 vulnerable servers. Looking more closely at the files and clues left behind by the usual SamSam backdoor, they've discovered 2,100 servers where the backdoor was in an inactive state, waiting to receive and spread the ransomware. The backdoor (a webshell) was also tracked down to the JexBoss project on GitHub, from where the crooks took code to build their webshell.

Submission + - Safety checks faked at German nuclear power stations (

mdsolar writes: German energy giants EnBW and RWE have admitted that employees did not carry out routine safety readings on equipment measuring radioactivity at their nuclear power stations, but pretended they had. Both workers were immediately barred from the premises and then dismissed.

Regional public broadcaster SWR, which broke the story, reported on Thursday that EnBW's power station in Philippsburg, Baden-Württemberg (pictured above), had been shut down by the state Environment Ministry until a mandatory inquiry was completed. RWE's nuclear power station in Biblis, Hesse, has been shut down since 2011, but radioactivity levels are still being monitored there.

In a statement released on Wednesday, EnBW said that it had informed the state Environment Ministry of the neglected readings — which occurred in December — on April 5, immediately after discovering them during another routine check. In the ensuing investigation, the energy company found that "the same employee had apparently faked seven further routine checks on similar installations. Legal options against the worker are being examined."

Submission + - Canadian PM Trudeau explains quantum computing

vulcanrob writes: A reporter tries to waylay Canadian Prime Minister Justin Trudeau with a policy question in a press conference regarding quantum computing, and Trudeau parries by explaining quantum computing. It's nice to see a world leader who knows even a little about science and who does not perpetuate the stereotype that science is not understandable by everyday people.

Submission + - UC Davis Spent $175,000 To Bury Search Results After Cops Pepper-Sprayed Protest ( 1

An anonymous reader writes: The University of California, Davis spent at least $175,000 to improve its reputation on the internet after images of campus police pepper-spraying protestors went viral in 2011, according to documents obtained by The Sacramento Bee. The money went to public relations firms that promised to clean up the university's search results. One company outlined a plan for "eradication of references to the pepper spray incident," according to the documents, and was eventually paid nearly $93,000, including expenses, for a six-month campaign in 2013. After that, the Bee reports, the university paid $82,500 to another PR firm to create and follow through on a "search engine results management strategy." The latter firm was later given thousands more in other contracts to build a university social media program, and to vet its communications department.

Submission + - How South Park Saved Fair Use (

SonicSpike writes: For 19 seasons, South Park has provided cutting cultural commentary centered around the foul-mouthed adventures of elementary school students Stan, Kyle, Kenny, and Cartman. But the raunchy cartoon has also helped establish an important legal entertainment precedent that expands free speech rights.

"When anybody creates anything, basically, that thing automatically gets copyrighted and for the most part it can't be used in certain ways without permission," explains Higgins. "But there are some really important exceptions to that rule, and there are some really important places where we say, 'Actually, members of the public, no matter who they are, can use this thing for all sorts of reasons without getting permission.'"

In 2010, EFF became unlikely allies with the media giant Viacom—the owner of Comedy Central—which had been sued by Brownmark Films after a 2008 South Park episode called "Canada on Strike" parodied a popular viral video by the musician Samwell.

The South Park version of the video, starring a recurring character named Butters, mimics the original video nearly shot-for-shot. The stunningly unsubtle lyrics are slightly abbreviated but otherwise unchanged. The kids post their rendition to "YouToob" and watch as it grabs millions of hits. Brownmark was not amused.

EFF and Viacom argued that the South Park episode was a clear case of fair use, as it was a parody commenting on the viral video trend. The criteria under which a fair use determination is made include whether or not the work transforms the original work, the nature of the original work, how much of the original work is used, and whether it affects the market for the original work. One reason the suit was so important was that the video walked several lines: It was a close copy, it was not transformative in the sense that term had been traditionally understood, it used a significant proportion of the original, and it was for commercial rather than educational use.

The case eventually made its way to the 7th Circuit Court of Appeals, where the judges ruled in favor of South Park. The decision cited EFF's argument that lawsuits too often are "baseless shakedowns" designed to extract cash from deep-pocketed creators and distributors, such as Viacom. "Ruinous discovery heightens the incentive to settle rather than defend these frivolous suits," it said. "District courts need not, and indeed ought not, allow discovery when it is clear that the case turns on facts already in evidence."

The ruling has become important to entertainment law, because it says that a fair use suit can be stopped before going to trial. This can help creators avoid the huge costs of litigation brought on by frivolous copyright lawsuits.

According to The Hollywood Reporter, the "What, What (In the Butt)" case has been the most cited in courtrooms across the country in the last five years, thanks to the growth of digital content.

Submission + - Canadian Police Obtained BlackBerry's Global Decryption Key (

schwit1 writes: A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010.

And while neither the RCMP nor BlackBerry confirmed that the cellphone manufacturer handed over the global encryption key, and both fought against a judge's order to release more information about their working relationship, the Crown prosecutors admitted that the federal police service had access to the key.

Submission + - SPAM: Investing in Treatment for Depression and Anxiety Leads to Four-Fold Return

jones_supa writes: Depression and anxiety disorders cost the global economy US$1 trillion each year. However, a new study led by World Health Organization finds that every dollar invested in scaling up treatment for depression and anxiety leads to a return of four dollars in better health and ability to work. The study, published in The Lancet Psychiatry (PDF), provides a strong argument for boosting investments in mental health services in countries of all income levels. The new study calculated treatment costs and health outcomes in 36 low-, middle- and high-income countries for the 15 years from 2016-2030. The estimated costs of scaling up treatment, primarily psychosocial counselling and antidepressant medication, amounted to US$ 147 billion. Yet the returns far outweigh the costs. A 5% improvement in labour force participation and productivity is valued at US$ 399 billion, and improved health adds another US$ 310 billion in returns.

Submission + - New meta-study confirms scientific consensus on climate change (

Lasrick writes: We have a new resource to dispel the myth that there is a lack of scientific consensus on climate change. While a number of past studies have measured the level of scientific consensus on climate change, no one has published a summary of the many consensus estimates—until now. In a paper published in Environmental Research Letters on April 12, John Cook collaborated with the authors of seven of the leading consensus studies to perform a meta-study of meta-studies synthesising the research into scientific consensus on climate change. (A meta-study combines the findings from multiple studies.) Among climate scientists, the estimates of consensus varied from 90 to 100 percent, with a number of studies converging on 97 percent, the very figure derided by Ted Cruz, Donald Trump, and others opposed to action on global warming. He explains the meta-study in this article.

Submission + - Sweden's Supreme Court rules against Wikimedia (

An anonymous reader writes: Wikimedia argues that freedom of panorama in the country has been challenged by the ruling, as it "does not allow individuals or organizations to post images online of publicly-placed artwork without permission from the artist."

Submission + - Nest is about to deliberately break one of its own products.

CanadianMacFan writes: From the article on Vox:
Nest is a Silicon Valley company that makes a widely praised home thermostat — I wrote about the device last year. Google acquired the company in 2014. And not long after that, Nest acquired a company called Revolv that sold a hub allowing customers to electronically control the lights in their homes.

Nest wasn't really interested in Revolv's hub, though. Instead, it wanted to get its hands on Revolv's talented engineers and reassign them work on other Nest projects. Revolv stopped selling its hub at the time of the acquisition in October 2014.

Now Arlo Gilbert notes an announcement on Revolv's home page: "As of May 15, 2016, Revolv service will no longer be available. The Revolv app won’t open and the hub won’t work."

Nest isn't just going to stop providing software updates or security fixes for the Revolv hub. It's going to deliberately make these devices totally useless. If you made the mistake of buying a Revolv hub to control lights in your house, you're going to have to buy a replacement device or else you'll no longer be able to control your lights from your smartphone, and — depending on how things are set up — you might not be able to turn them on at all.

Submission + - Flaw In HID Door Controllers Lets Attackers Unlock Doors, Deactivate Alarms

An anonymous reader writes: Trend Micro researcher Ricky Lawshae has unearthed a critical vulnerability in HID’s VertX and Edge door controllers. Exploiting the flaw is easy, and could result in attackers gaining complete control of the device, meaning they could unlock doors and switch off alarms controlled through it. HID’s access control systems are ubiquitous, and keep unwanted individuals out of many rooms and spaces in a huge number of office buildings, government complexes, hospitals, aeroports, etc. These vulnerable devices are part of those systems: the controllers check the information sent by the card readers once an access card is swiped through them, and control all the functions of the door.

Slashdot Top Deals

Where are the calculations that go with a calculated risk?