Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Summary misleading, not really a vulnerability (Score 1) 118

The Register article has a bit more information. This isn't really a vulnerability. It's definitely not "remote code execution". It works like this:

- Microsoft provides a tool called AppLocker that can be used to limit the programs that can be run on a system.
- The AppLocker tool is not intended as a tight "security boundary". Instead, it is a way to implement company policies like "no playing games at work", or to help with software licensing, i.e. "the company system image has a copy of Photoshop, but you aren't in the Design department, so you aren't licensed to run it", and perhaps to reduce attack surface area.
- The Microsoft-provided sample AppLocker configuration (intended to show the syntax for AppLocker rules) happens to have a sample rule that whitelists all programs under C:\windows. This is not a "recommended" rule -- it's a "sample" rule.
- If you leave this rule in, there are a large number of ways to escape the sandbox.
- A researcher found another one. Yay, I guess?

The new one is interesting because I wouldn't have considered regsvr32 to be a command that allows for running of arbitrary other commands. On the other hand, it shouldn't belong in a production whitelist in the first place, so being able to use it to escape the sandbox isn't particularly interesting.

Comment Re:Old Saying (Score 1) 460

One solution would be having prepared statements for shell commands instead of doing those risky string concatenations.

And I have stopped using rm to delete files because this command is way too stupid and can take options from file-names.

I use find command,
run it dry once to show what is found
then run find stuffs-to-trash -delete

Comment Re:Make them all Caddys and Priuses (Score 5, Interesting) 748

Disguise all self driving cars as police cars... That should keep the drivers in the cars around them from driving as if there are no rules...

You have a good point with your funny comment.

Autonomous cars should have a very distinctive indicator light marker.
Slow vehicles have to use an orange rotating beacon here.
Cars operating autonomously should have something similar.

Comment Was not Oracle code in the first place (Score 0) 229

Not to defend the Devil but:
She basically acknowledge their product is highly bugged.
She says they prefer to deal with it internally and are doing quite well. (fair)
Given the base Flash code was not their own in the first place, and given their very uncomfortable posture:
I'd say, She is doing pretty well as an Executive. Not the brightest possible communication but still decent.

No need to beat a dead horse. It will not go any faster.

Comment Just spent a Weekend TRYING to Use 8.1 (Score 1, Interesting) 277

set it up in a VmWare... and it's horrid....horrible....unusable...wretched. What were they thinking!
Windows 7 was finally a stable and decent OS after the Vista fiasco and then they decided to take away the start menu and replace it with...uselessness.

It was this downhill trend that turned me from a Windows developer since Windows 3 (yes 3 LOL) to OS X. Today I downloaded the Eval copies of both the Enterprise and regular editions and I'll suppose I'll wait until next week to eval them but after wasting a day and a half on that 8.1 POS I don't have high expectations. I miss .NET but Windows just became too much of a grind.

Submission + - Opening Fixed-Code Garage Doors With a Toy in 10 Seconds

Trailrunner7 writes: It may be time to upgrade your garage door opener. Security researcher Samy Kamkar has developed a new technique that enables him to open almost any garage door that uses a fixed code–and he implemented it on a $12 child’s toy.

The attack Kamkar devised, known as OpenSesame, reduces the amount of time it takes to guess the fixed code for a garage door from several minutes down to less than 10 seconds. Most openers in commercially available garage door openers have a set of 12 dip switches, which are binary, and provide a total of 4,096 possible code combinations. This is a highly limited keyspace and is open to brute-force attacks. But even on such a small keyspace, those attacks take some time.

With a simple brute-force attack, that would take 29 minutes, Kamkar said. To begin reducing that time, he eliminated the retransmission of each code, bringing the time down to about six minutes. He then removed the wait period after each code is sent, which reduced the time even further, to about three minutes. Looking to further reduce the time, Kamkar discovered that many garage door openers use a technique known as a bit shift register. This means that when the opener receives a 12-bit code, it will test that code, and if it’s incorrect, the opener will then shift out one bit and pull in one bit of the next code transmitted.

Kamkar implemented an algorithm known as the De Bruijn sequence to automate this process and then loaded his code onto a now-discontinued toy called the Mattel IM-ME. The toy was designed as a short-range texting device for kids, but Kamkar reprogrammed it using the GoodFET adapter built by Travis Goodspeed. Once that was done, Kamkar tested the device against a variety of garage door openers and discovered that the technique worked on systems manufactured by several companies, including Nortek and NSCD. It also works on older systems made by Chamberlain, Liftmaster, Stanley, Delta-3, and Moore-O-Matic.

Comment Already within power circuit or useless (Score 2, Insightful) 243

When a device power circuit already integrate a voltage regulator, this is yet another battery scam.
If not, it is either a cheap or old piece of electronic.

This battery extender _is_ yet another battery scam.

Next expand your car mileage by adding a water sprayer, magic canister?

This is not news for nerds.

_This_ is scamvertisement.

Slashdot Top Deals

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...