Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Smart contact lenses for HUD, health (

adaviel writes: Babak Parviz at the University of Washington has created an active contact lens that could be used as a transparent heads-up display, or to continuously monitor blood sugar in people with diabetes. The device is RF-powered so requires no wires — though early models might make the wearer look like the Terminator, with visible circutry around their pupils.

Submission + - Car immobilisers may be crackable (

adaviel writes: Car immobilisers may be cracked by criminals, according to a study by Karsten Nohl of Security Research Labs. He finds many manufacturers still using 40-bit encryption, while one used the publicly-visible VIN as a key for the car's internal data network. Many, however, think it still easier to steal a Mercedes with a flat-bed truck.

Submission + - Negative temperatures may be possible (

adaviel writes: Scientists have discovered a new way to make negative temperatures. Apparently this is nothing new, but for me it was one of those "whoa!" moments like when I found that the holes in P-type semiconductor have positive mass, according to quantum mechanics.
(Negative as in below zero Kelvin, of course, not just regular winter freezing...)

Submission + - Jihadi magazine #2 out ( 2

adaviel writes: The second issue of the English-language jihadi magazine Inspire is out. Along with the expected "how to blow up enemies and influence people" articles there is a section on using a public-key crypto program "Asrar al-Mujahideen". The use of multiple file download sites in the gateway document is interesting as a way to avoid censorship.

(I sometimes wonder if we spend too much resources fighting these guys. The effort would probably be put to better use doing almost anything — combating climate change, improving highway safety, eradicating malaria, fixing the New Orleans levees — which would have a better ROI in human lives. The German V-1 and Japanese balloon bomb terror weapons in WWI were considered ineffective; they just didn't kill enough people, and after a while Londoners got blasé about the V-1. The same might be said about most of the current car bombs and threats; it might be better to ignore them and work on more important issues.)

Comment Wind turbines, too (Score 1) 1141

I recall a story, probably from here in Canada, that a utility had to replace wind generators on remote sites with much more expensive solar panels, because "hunters" found the moving blades an irresistible target. (yes there are yahoos here too - you can find informal rifle ranges up logging roads. They're just a bit quieter and more polite :-)

I have to wonder at the brains of someone who would try to shoot down a high-voltage transmission line, considering what might happen if they succeeded and the line landed anywhere near them, their truck or friends.

Comment Re:Where's the paper? (Score 1) 410

I'd like to see the actual paper, which doesn't seem to be linked. Do they mean 25 purchases to one location, or 25 purchases per delivery run?

Buses, by the way, have a similar problem. Buses have good energy efficiency when full and when going roughly from source to destination. They have terrible efficiency when they're running winding routes designed to cover as much area as possible, carrying few people. Which is the typical suburban bus situation.

The figure for 25 purchases refers to "25 orders delivered at the same time" This is from Plepy's paper "the grey side of ict", which quotes a 1999 paper by G. Jönson, F. Orremo, C. Wallin and K. Ringsberg. Which I could not find .. time to go home and eat ..:-7

Comment Re:What do assumptions do again? (Score 1) 410

Not having the actual study, it's hard to say, but it seems like there's some big assumptions here.

Looks like it's a meta-study; it seems to quote this:, quoted by someone else, which is a 2001 study from the US. Also this: - a study of online book retailing in Japan in 2001.

I may have got this all wrong, and there may be some new UK research I didn't find.

Comment Re:virus scanner (Score 1) 488

A rootkit as I understand is a software package run after one has got root. The intent of the rootkit is to hide the nefarious activity (IRC server, warez stash etc.) from the user or admin. LKM rootkits tell the kernel to ignore certain process id's, ip addresses etc. while old-style rootkits overwrite programs like ps, top, ls with modified ones.
A rootkit might contain a backdoor as part of the kit.

Comment Forget the self-advertisement, it's a real issue (Score 4, Informative) 488

The situation appears to be exactly as described by Ksplice.
CVE-2010-3081 has been discussed on RedHat forums and elsewhere.
The Ac1db1tch3z exploit published on the full disclosure list
does indeed appear to contain a backdoor (0p3n1ng th3 m4giq p0rt4l).
From the comments, the vulnerability was found in 2008 and the exploit has been used by the author for some time, and may have been circulating in the underground. When the vulnerability was found and disclosed by Ben Hawkes, the exploit was published to a wider audience.
A number of sysadmins may well have run the exploit on their systems to prove to themselves that this was a real threat. In doing so they may unknowingly have left a backdoor.
More commonly, proof-of-concept exploits posted on full-disclosure lists are crafted by security researchers, do not contain backdoors, and are relatively easy to read. In this case, the disclosed exploit is crafted by a hacker, may well contain a backdoor, and is written with leetspeak runtime messages and obfuscated code.

I admit I do not fully understand the code in the exploit or in the detection tool, or indeed the nature of the backdoor. However, on a Fedora 9 system, running the detector says there is no backdoor. After the exploit is run, the detector says there is a backdoor, so
the exploit must have changed the state of the system in some way. The detector looks for 3 separate backdoors; the one on my
test system disappears after reboot. As I thought the fix was to update the kernel to a patched version, which requires a reboot, I'm not sure how the backdoor could survive. I do not see how having the backdoor is riskier than having an unpatched system.

I can say, though, that the vulnerability exists in stock kernels 2.6.25 - 2.6.36, and was back-ported by RedHat into 2.6.18 used
in RHEL 5 (hence CENTOS 5). As stated by others, an unprivileged user account is required in order to exploit the vulnerability, which exists only on 64-bit x86 systems which also can run 32-bit code. One published mitigation step, which does not require a reboot, is to disable 32-bit compatibility mode by writing into /proc.

Comment Stop using passwords (Score 1) 563

Give up passwords, move to certificates, SSH keys, biometrics etc. It doesn't matter how good your password is, it's toast if someone grabs it off a hacked server/client/WiFi (BTW there's some Brazilian hackers busy installing trojan sshd everywhere they can get to).
Re. stupid website passwords, I've started generating random 20-char passwords and using FireFox to remember them (with a master password, of course). A bit of a pain moving between computers, I really need to get some secure sync scheme sorted out (they do exist)


Submission + - The demographics of Web search ( 1

adaviel writes: Reported in New Scientist, Weber and Castillo describe research indicating that demographics may help Web searches, e.g. for women "wagner" is a composer, while for US men "wagner" is a paint sprayer.

Submission + - USB cupwarmer might steal your data (

adaviel writes: New Scientist recently reported work by researchers at the Royal Military College of Canada on hardware-based USB trojans. While the concept is not new (I saw a cool demo of an iPod pwning a Mac over Firewire at CanSecWest a few years ago), USB is interesting because of all the goofy "harmless" devices like personal fans, cellphone chargers etc. — an attacker might ask a victim "can I charge my phone on your laptop?", but the "charger" actually emulates a keyboard and headphone, able to execute commands and download data.

Submission + - Feds & Hollywood Seize Domains of Movie Pirate 1

adeelarshad82 writes: The federal government and Hollywood teamed up to seize domain names of seven sites that allegedly trafficked in copyrighted movies without due payment. The so-called "Operation in Our Sites" sting targeted,,,,,,,, and The operation was run by the U.S. Immigration and Customs Enforcement (ICE) and the U.S. attorney for the Southern District of New York, in conjunction with several Hollywood studios. Unlike past anti-piracy efforts, the sites did not actually offer the movies for download, but instead streamed the movies and TV shows against ads. Previously, movie crackdowns had concentrated on sites that distributed movie files, most recently using the BitTorrent protocol.

Submission + - LMRP Containment Operation Deployed (

adaviel writes: BP announced that oil and gas is being received onboard the Discoverer Enterprise following the successful placement of a containment cap.
This might sound lame, but it was done using some cool remotely-piloted robots in 5000ft of murky water. BP's site has excellent live video, animations, and shots of the ROV control centre which are as good as anything from the Hubble repair mission or Star Trek. It might have taken weeks and weeks to get all this equipment into place, but once there things have been happening — not just one, but multiple alternative remediation attempts in parallel. I'm totally impressed, not least by their ability to stop miles of cable and pipes from getting tangled. I can't even keep 2 cellphone chargers neat.

Slashdot Top Deals

Computers are useless. They can only give you answers. -- Pablo Picasso