Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Memory Disclosure Vulnerability in the Great Firewall of China

An anonymous reader writes: Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China

“We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.”

Submission + - Undocumented "backdoor" found in Bluetooth chip used by a billion devices (bleepingcomputer.com)

ZipNada writes: The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

Submission + - Daylight Saving Time Preferences (poll) (gallup.com) 2

superposed writes: Daylight Saving Time is a perennial flashpoint on Slashdot that is coming up again this weekend in the U.S.. Gallup reports that most Americans prefer to eliminate DST but they canâ(TM)t agree on which alternative to adopt. In other words, there is no majority support for any of the three options: switch twice a year, permanent standard time, or permanent advanced time.

Each of these has downsides. I suspect that DST is a solid second-choice winner that canâ(TM)t get a plurality, but might win in anti-plurality voting (everyoneâ(TM)s least-bad choice).

To assess that, please choose the poll item that best matches your ranking of most-preferred to least-preferred option. Then we can hash out a winner via instant-runoff or anti-plurality voting in the comments (they will probably differ).

A. Standard, Advanced, DST
B. Advanced, Standard, DST
C. Standard, DST, Advanced
D. Advanced, DST, Standard
E. DST, Standard, Advanced
F. DST, Advanced, Standard
G. Sync with CowboyNeal

Submission + - New open source Windows-compatible operating system released (github.com) 2

paugq writes: Free95, a new lean, Windows-compatible operating system is available from GitHub. In its current form, it can run very basic Win32 GUI and console applications but its developer promises to keep working on it to reach DirectX and een game compatibility.

Submission + - Google Introduces Debian Linux Terminal App For Android (zdnet.com)

An anonymous reader writes: Today, Linux is only available on the latest Pixel devices running Android 15. When Android 16 arrives later this year, it's expected that all sufficiently robust Android phones will be able to run Linux. Besides a Linux terminal, beta tests have already shown that you should be able to run desktop Linux programs from your phone — games like Doom, for example. The Linux Terminal runs on top of a Debian Linux virtual machine. This enables you to access a shell interface directly on your Android device. And that just scratches the surface of Google's Linux Terminal. It's actually a do-it-all app that enables you to download, configure, and run Debian. Underneath Terminal runs the Android Virtualization Framework (AVF). These are the APIs that enable Android devices to run other operating systems.

To try the Linux Terminal app, you must activate Developer Mode by navigating to Settings > About Phone and tapping the build number seven times. I guess Google wants to make sure you want to do this. Once Developer Mode is enabled, the app can be activated via Settings > System > Developer options > Linux development environment. The initial setup may take a while because it needs to download Debian. Typically this is a 500MB download. Once in place, it allows you to adjust disk space allocation, set port controls for network communication, and recover the virtual machine's storage partition. However, it currently lacks support for graphical user interface (GUI) applications. For that, we'll need to wait for Android 16.

According to Android specialist Mishaal Rahman, "Google wants to turn Android into a proper desktop operating system, and in order to do that, it has to make it work better with traditional PC input methods and display options. Therefore, Google is now testing new external display management tools in Android 16 that bring Android closer to other desktop OSes."

Submission + - DoD DEI Search Flags Photo of WWII Plane 'Enola Gay' for Deletion (apnews.com)

fahrbot-bot writes: The AP reports that it obtained a database that shows that the Defense Department has flagged over 26,000 photos and online posts on its website for deletion — because the administration has determined they have some kind of correlation to DEI.

Some of the selections for deletion are concerning. The AP reports that among the images to be axed are a photo of U.S. Air Force Col. Jeannie Leavitt, the country’s first female fighter pilot, and photos of the Tuskegee Airmen, the decorated Black military pilots who served in a segregated WWII unit.

One selection is a photograph of the Enola Gay, the World War II aircraft that dropped an atomic bomb on Hiroshima, Japan, in August 1945. Pilot Col. Paul Tibbetts Jr. named the plane after his mother, Enola Gay Tibbets.

An anonymous official who spoke to the outlet did mention that it’s not clear if the database has been finalized.

Submission + - Post-election Ukraine/Germany partnership on satellite intel undercuts Trump! 1

sleeplesseye writes: After Russia's invasion of Ukraine, Ukraine's Deputy PM Mykhailo Fedorov — who has since taken over the country's technology-centered Ministry for Digital Transformation — wrote a letter to the world's leading providers of microwave-based SAR satellite imagery — able to see through dark nights and cloudy skies — seeking real-time imagery to help in the defense of Ukraine.
In July of last year, Ukraine signed a memorandum of understanding with ICEYE, a Finnish company, who promised not to provide satellite data to Russia and its intermediaries, something that US companies like Maxar and Planet repeatedly failed to do, at the expense of the Ukrainian people. Fast forward to November 11th, just six days after Trump's reelection. German arms maker Rheinmetall entered into a partnership with Finnish company ICEYE, to provide Ukraine with real-time SAR satellite imagery for the war, with the German Ministry of Defense picking up the entire cost of the project.
So now, even as the Trump administration cuts off sharing satellite intelligence with Ukraine — likely taking business & jobs away from US satellite companies — Finland's ICEYE and Germany's Rheinmetall stand to benefit.

Submission + - Mice Give First Aid (thetimes.com)

databasecowgirl writes: The Times is reporting an interesting study published in Science in which mice demonstrated doing first aid. In the replicated study, an anaesthetised mouse is exposed to another mouse who recognises the distress and clears airway to revive the unconscious mouse.

The mice had never seen an unconscious animal before, so the behaviour is thought to be instinctive.

Submission + - Coming Soon: The European Digital Identity Wallet (off-guardian.org)

An anonymous reader writes: The elite are already running large-scale pilot schemes for the future they want and we don’t. They are not being subtle about this. They are not hiding it.

The plan is a single government-issued app that holds your medical records, employment records, travel records, education records, vaccination records, tax records, financial records as well as (potentially) copies of your signature, fingerprints, facial scans, voice samples and DNA.

All stored handily on your phoneand shared with the governments of nineteen countries (plus Ukraine) and over 140 other public and private partners. Everyone from Deutsche Bank to the Ukrainian Ministry of Digital Progress to Samsung Europe.

You will use this app to make payments, apply for loans, pay your taxes, pick up your prescriptions, cross international borders, start businesses, book doctor’s appointments, apply for jobs and even sign digital contracts online.

Businesses and government agencies would access this data from the back-end to conduct “automated background checks”.

Submission + - This is the Opportunity rover's final photo of Mars (cnn.com)

pgmrdlm writes: Last May, Opportunity took a look around Perseverance Valley on the inner slope of Endurance Crater's western rim. The valley is about the length of two football fields and it's full of descending shallow troughs.
Ironically, Perseverance Valley became Opportunity's final resting place when a planet-encircling dust storm took over Mars in June, blocking the sun from reaching the rover's solar panels. Engineers lost contact on June 10 and persistently sent more than a thousand signals and commands to the rover over eight months until they realized the mission was over on February 13.
But before those dark days, Opportunity acted like a tourist, snapping 354 photos between May 13 and June 10 that would create one last beautiful panorama of the place it will forever call home.

Submission + - Microsoft will pester Windows 7 users to upgrade to Windows 10 with pop-ups (betanews.com)

Mark Wilson writes: Anyone who is still using Windows 7 doesn't have much longer until the operating system is no longer supported by Microsoft. Come January 14, 2020 only those enterprise customers who are willing to pay for Extended Security Updates will receive any kind of support.

Microsoft has already done a lot to encourage Windows 7 diehards to make the move to Windows 10, and now it is stepping things up a gear. Throughout 2019, the company will show pop-up notifications in Windows 7 about making the switch to the latest version of Windows.

Comment BTC and the IRS (Score 1) 376

We make assumption that Bitcoin can be considered a currency by design. Since it is not back by any national bank or precious metal by design (Yes, you trade BTC to other currencies or gold, but it has highly variable exchange rate.). So, how does the IRS treat transactions involving BTC? They treat like a capital gain, either short term or long term, depending on how long you have possessed the BTC. That makes for intricate accounting, and it means the taxes involved for each transaction depending on the change of value while held. US dollars may rise or fall in value with respect to Euros or U.K. Pounds, but you are not taxes for any gain value. You are taxed for Bitcoins, which make them similar to other commodities.
Until some country undertakes making BTC their currency, it remains a commodity. If it becomes a foreign currency, then other parts of the Tax code come into play. Go talk to a good CPA or financial lawyer, and you will find that BTC offers some novel financial possibilities, but there are limitations in taxes and transaction costs.

Comment More like 3000 Jobs in Wisconsin, if it happans (Score 2) 131

The quote from Terry Gou about the possible number of jobs is misleading. There will not be 30,000 - 50,000 jobs involved for the plant in SE Wisconsin, more like 3000, if that many. Let's not conflate the possible economic benefits. I cite the report on PBS Newshour tonight to back my claims.

Slashdot Top Deals

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...