Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:WordPad exploitable? (Score 3, Informative) 292

This type of bug relies on "glitches" in the memory management (simplifying it a bit...) of the program, not on any high-level misses in the actual mechanisms of the code. Any program written in a programming language without automatic memory management can be exploited in this way, if the programmer "misses his step" somewhere. They can also be devilishly hard to find, because data can be structured and handled in memory in very complex and abstract ways.

Hardware Hacking

An Open Source Coffee Machine 99

An anonymous reader writes "The Open Source Coffee Machine [video link] is a recycled coffee machine, controlled by a PC running Beremiz, and using some MicroMod CANopen I/O nodes from Peak-System. This machine have been prepared by Peak-System and Lolitech for SCS-Paris-08 exhibition. It served free coffee during four days at Peak-System's booth, and has been donated to IUT of Saint-Dié-des-Vosges, France, so that students can have fun practicing automation."

Comment Re:It's not just miles ahead of the competition... (Score 1) 125

A point is that one of the more useful basic features of NMap, the SYN partial-handshake scan (default when run as root) can't be replicated by nc. It always leaves marks in connect logs. Hping can replicate that feature though: "hping -8 -S known" will SYN scan all ports listed in /etc/services on

Comment It's not just miles ahead of the competition... (Score 2, Informative) 125

NMap is the best there is, period. There's not even specialist scanners that can up it's features, especially since you can set packet flags manually in the more recent versions. It really, really fills it's niche. I use it all the time in my daily life just for benign remote service discovery, and I assume many people do too. I've never had anyone complain about it either.

Comment Re:Idiotic (Score 1) 320

Okay, i stand corrected. The attack described in that article is obviously a professional targeted heist, especially considering the 0day. Just out of curiosity, how was the attack discovered? It should be quite possible to pull off that kind of attack without discovery even considering the spamming (injecting rookits with steganographic connect-back using dual-stage shellcode and making the website look like harmless viagra spam, assuming that the "unknown vulnerability" is a normal client memory corruption class of vuln). How do you know more subtle attacks aren't passing under your radar?

Comment Re:Wireless attack platform, yessire. (Score 1) 219

This and it's descendants is going to be really useful for hacking/pen testing. It's the perfect platform model for wireless attacks. Imagine walking through a crowd with one of these in your pocket, compromising computers and phones as people stream around you. Or, you could use it as a deniable relay, penetrating a 802.11 network via a cell connection to the phone. Or as a, enabling control of a rootkited server via a cell connection. That kind of stuff will be a lot easier to pull off with this kind of platform. Yes, i have a perverted mind. *sigh* But i think people with similiar minds will put this one to some real clever uses. I mean, all the heavy computing can be moved to a host behind TOR hidden service, or in a "bulletproof" country.

Whoopsie, I posted anonymous for some reason?

Comment Idiotic (Score 5, Insightful) 320

The "masses of probes" are just normal automated botnet attacks, and the "unidentified attacks" are probably just unwashed masses of skiddies. If you want me to believe that a real cyberwar (in this case more aptly named "computer espionage") is up and going you better give me or assure me that you have some sort of evidence (like captured transmissions showing that the attackers know what they are looking for in terms of intercepted/exfiltrated data) showing that you're actually being attacked by foreign governments or skilled people with an actual terrorist agenda. There is nothing in TFA except buzzwords, hyperbole and "x declined to comment".

Slashdot Top Deals

Technology is dominated by those who manage what they do not understand.