Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Windows

Submission + - Microsoft Confirms Zero-Day Hours After Exploit (computerworld.com)

CWmike writes: Microsoft confirmed on Tuesday an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug. A patch is under construction, but Microsoft does not plan to issue an emergency update to fix the flaw. The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake. Metasploit says successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet.
Apple

Submission + - Elliptic Labs to bring touchless gestures to iPad (edibleapple.com)

An anonymous reader writes: Elliptic Labs will reveal their Touchless Gesture User Interface technology at CES 2011. Elliptic Labs sprung forth from the signal processing environment at the University of Oslo and what they’ve come up with is an iPod dock which creates a “touchless zone” that extends out about 1 foot in front and to the sides of the iPad screen. Users can then initiate a number of gestures, much like on Microsoft Kinect, to manipulate onscreen content.

Submission + - Auditors question TSA's use of and spending on tec (washingtonpost.com) 1

Frosty Piss writes: Government auditors have faulted the TSA and its parent agency, the Department of Homeland Security, for failing to properly test and evaluate technology before spending money on it. The TSA spent about $36 million on devices that puffed air on travelers to "sniff" them out for explosives residue. All 207 of those machines ended up in warehouses, abandoned as unable to perform as advertised, deployed in many airports before the TSA had fully tested them. Since it was founded in 2001, the TSA has spent roughly $14 billion in more than 20,900 transactions with dozens of contractors, including $8 billion for the famous new body scanners that have recently come under scrutiny for being unable to perform the task for which they are advertised. 'TSA has an obsession of finding a single box that will solve all its problems. They've spent and wasted money looking for that one box, and there is no such solution.' Said John Huey, an airport security expert.
Earth

Submission + - End the Ethanol Insanity

theodp writes: It's now conceivable, says BusinessWeek's Ed Wallace, that the myth of ethanol as the salvation for America's energy problem is coming to an end. Curiously, the alternative fuel may be done in by an unlikely collection of foes. Fervidly pro-ethanol in the last decade of his political career, former VP Al Gore reversed course in late November and apologized for supporting ethanol, which apparently was more about ingratiating himself to farmers. A week later, Energy Secretary Steven Chu piled on, saying: 'The future of transportation fuels shouldn't involve ethanol.' And in December, a group of small-engine manufacturers, automakers, and boat manufacturers filed suit in the U.S. Court of Appeals to vacate the EPA's October ruling that using a 15% blend of ethanol in fuel supplies would not harm 2007 and newer vehicles. Despite all of this, the newly-elected Congress has extended the 45 cent-per-gallon ethanol blending tax credit that was due to expire, a move that is expected to reduce revenue by $6.25 billion in 2011. 'The ethanol insanity,' longtime-critic Wallace laments, 'will continue until so many cars and motors are damaged by this fuel additive that the public outcry can no longer be ignored. Adding an expensive, harmful, useless filler to gasoline just to win farmers' gratitude is not remotely the same as having a legitimate national energy policy.'
Electronic Frontier Foundation

Submission + - What is Traitorware?

theodp writes: The EFF's Eva Galperin offers a brief primer on Traitorware, devices that act behind your back to betray your privacy. 'Your digital camera may embed metadata into photographs with the camera's serial number or your location,' writes Galperin. 'Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership.' She concludes: 'EFF will be there to fight it [Traitorware]. We believe that your software and devices should not be a tool for gathering your personal data without your explicit consent.' Can we get an Amen, Alex Tapanaris?
Google

Submission + - VLC For Android May Arrive In Early 2011 (digitizor.com)

dkd903 writes: The development of an Android client for VLC has been going on for months now, but it has been slowed down by the fact that Android’s multimedia output libraries are in JAVA. VLC itself is based on C and so translating them to JAVA is difficult and takes time.

With the newer Android NDK, however, using native codes for Android apps has been becoming easier. So, the VLC developers have developed two basic modules for audio and video output based on the new NDK and most of the VLC libraries has been ported to Android.

Comment Re:Did the banks detect the no-pin transaction (Score 2) 162

Looking through the article, it looks like the terminal requests the transaction as chip and PIN, the MITM hardware changes the transaction flag to chip and signature, and the smart card responds with an OK. Unfortunately, it's the same OK as if the smart card had in fact received a transaction type of chip and PIN with the attached PIN being the correct one. The flaw is in having the smart card response being the same for both kinds of transactions. If instead, there was a signature method OK, and a different PIN # OK, then the terminal would catch the difference. This way, the terminal sends back to the bank: "I requested a chip and PIN transaction, and the smart card said that the PIN was good", when in fact all the smart card saw was the terminal say that the user requested a chip and signature transaction. The bank would have no way to realize that what the smart card saw wasn't what the terminal (and probably the bank) requested.

Comment Re:Sigh (Score 1) 326

Myself as well. I can't justify my hard-earned money going to support the ever increasingly draconian DRM schemes of the newer games. And, I'd discovered (and rediscovered) some old friends. RIP Good Old Games. I hope they come back in some form that doesn't screw that up too much.

Slashdot Top Deals

If I set here and stare at nothing long enough, people might think I'm an engineer working on something. -- S.R. McElroy

Working...