Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Cloud Hacking Trick Allows Undetectable Changes To VM Memory

An anonymous reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS) [PDF] and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed. The de-duplication attack enables third parties to not only view and leak data, but also to modify it – installing malware or allowing unauthorised logins. Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.

Submission + - Should Cloud Vendors Cooperate With The Government? (helpnetsecurity.com)

An anonymous reader writes: More than one in three IT pros believe cloud providers should turn over encrypted data to the government when asked, according to Bitglass and the Cloud Security Alliance. 35 percent believe cloud app vendors should be forced to provide government access to encrypted data while 55 percent are opposed. 64 percent of US-based infosec professionals are opposed to government cooperation, compared to only 42 percent of EMEA respondents. This demands some form of open debate on the best approach to take in terms of addressing this most challenging issue.

Submission + - Widespread Linux Flaw Allows TCP Session Hijacking, Data Injection

Trailrunner7 writes: The TCP implementation in all Linux systems built since 2012 has a serious flaw that can allow an attacker to terminate or inject data into a session between any two vulnerable machines on the Internet. The bug could also be used to end encrypted connections or downgrade the privacy of connections run through Tor or other anonymity networks.

The vulnerability was introduced in Linux 3.6 and an attacker does not need to be in a man-in-the-middle position in order to exploit it. The researchers at the University of California Riverside who discovered the flaw say that it results from an attackers ability to infer the TCP sequence numbers for the packets flowing between two hosts.

Submission + - Lenovo Fails To Perform Planned Spark SSD Demo

An anonymous reader writes: Lenovo, the Chinese PC giant, planned to unveil its long-anticipated Project Spark solid state drive for data center use. However, it backed out of the demonstration at the last minute, citing a ‘reassessment of the risk’ involved with completing a demonstration of the technology so far from the 2017 mid-year release date. Project Spark represents Lenovo’s initial entry into the highly competitive SSD market. A demonstration was planned at the Flash Memory Summit in California but was cancelled on the same day. The prototype SSD, approximately the size of a memory stick, is believed to have between 6 and 8TB of storage space. Lenovo is currently researching linking multiple Project Spark cards onto a single board, which could provide storage capacity of more than 48TB.

Submission + - DOTA 2 Forums Hacked: Salted MD5 (zdnet.com)

cloud.pt writes: In another case of serious programmer impairment, the DOTA 2 official forums have been hacked, making available to the perpetrators around 2 million emails, usernames, and MD5 hashed passwords. You read that right — MD5. In a forum bound to a game released in 2013. For those unaware of how negligent this is,: one-way MD5 hashing has been deemed insecure (i.e. not-so-one-way) for almost a decade, with collision attack strategies reported as early as 2007 using off-the-shelf hardware at the time. That's as far back as the advent of the financial crisis, or a lifetime from an computer cryptography point of view (even for pre-Snowden standards).

Now to be fair, the hashing did use salting algorithms, but this should be seen as a moot point, since it should be common knowledge for any company that if you get something as important as a database or public-facing APIs hacked, your server-side source code is very likely under flawed protection by association. Some organizations just beg to be hacked with practices like these.

If you think you might have a compromised account, you are urged to change your identical or similar credentials in that and other services. Just make sure you don't use similar ones this time!

Originally reported by LeakedSource.com (paywalled) and made available by ZDNet.

Submission + - Weapons-drone student fights expulsion (bbc.co.uk)

Big Hairy Ian writes: A teenager who posted videos of drones firing a gun and a flamethrower is suing his university after he was expelled, the AP news agency reports.
Austin Haughwout claims he was kicked out of Central Connecticut state university over the footage.
The institution says he was expelled over threats to shoot people there. Mr Haughwout argued he was only joking.
Last month, Mr Haughwout and his father were ordered to give information about the drones videos to the authorities.

Submission + - Why Did The Stars Wars And Star Trek Worlds Turn Out So Differently?

HughPickens.com writes: In the Star Trek world there is virtual reality, personal replicators, powerful weapons, and, it seems, a very high standard of living for most of humanity while in Star Wars there is widespread slavery, lots of people seem to live at subsistence, and eventually much of the galaxy falls under the Jedi Reign of Terror. Why the difference? Tyler Cowen writes about some of the factors differentiating the world of Star Wars from that of Star Trek: 1) The armed forces in Star Trek seem broadly representative of society. Compare Uhura, Chekhov, and Sulu to the Imperial Storm troopers. 2) Captains Kirk and Picard do not descend into true power madness, unlike various Sith leaders and corrupted Jedi Knights. 3) In Star Trek, any starship can lay waste to a planet, whereas in Star Wars there is a single, centralized Death Star and no way to oppose it, implying stronger checks and balances in the world of Star Trek. 4) Star Trek embraces egalitarianism, namely that all humans consider themselves part of the same broader species. There is no special group comparable to the Jedi or the Sith, with special powers in their blood. 5) Star Trek replicators are sufficiently powerful it seems slavery is highly inefficient in that world.

Submission + - Ubuntu developer suggests dropping i386 support (ubuntu.com)

Ilgaz writes: Ubuntu developer Dimitri suggests dropping i386 support from Ubuntu and naturally,derivatives such as Kubuntu citing 3rd parties (Google and couple of "cool" developers named) dropping 32bit support&maintenance. On the other hand, Windows 10 which switched to rolling update model and will be the last ever Windows major version does support i386 and will continue to do so in foreseeable future.

Submission + - Brain activity decline linear, starting at 500 ppm CO2

An anonymous reader writes: Is there a CO2 — level sense that says “be calm, you sleep in a chamber”, “be active, you are outdoors”, similarly to the circadian rhythm? Or is it because atmospheric CO2 makes the blood PH decline sharply already? A study says “the exposure — response between CO2 and cognitive function is approximately linear across the concentrations used in this study,” which were in the range 500 ppm — 1500 ppm. 600 ppm is exceeded already in large cities and prognosed everywhere in several decades. Is the coal industry going to make the idiocracy real?

Comment Re:Don't Panic (Score 4, Informative) 535

The Green Party was consistent in being pro EU. They are generally excluded from the media debates as - (1) the First Past the Post favours the largest parties and the only other party that small is the UKIP - who make far better headlines for the media. (2) The print media are 80% owned by 5 anti-EU individuals who stand to gain more media power in a post-Brexit UK. (3) The UK Civil Service (completely anti-EU) are also very antagonistic towards their communitarian ethos.

Submission + - 'Women In the Workplace' Emojis Rejected By Unicode Consortium (themarysue.com)

itwbennett writes: The Unicode Consortium has spoken and a woman's place is not in workplace emojis — except in the traditional roles like dancer, princess, and mom-to-be. This might not seem like a very big deal, except when you consider that a 2014 survey found that '76% of American workers admit they have used emoji in digital communications to people in their professional life.' Add that to a growing body of research showing that 'You can't be what you can't see,' as Sheryl Sandberg famously asserted when launching a collection of stock photos depicting women at work. So, yes, even in emojis, representation matters.

Submission + - South Australia Refuses to Stop Using Unlicensed Medical Software (abc.net.au)

jaa101 writes: The Australian state of South Australia is being sued for refusing to stop using CHIRON, MS-DOS-based software from the 90s that stores patient records. Their licence expired in March 2015 but they claim it would be risky to stop using it. The vendor, Working Systems, says SA Health has been the only user of CHIRON since 2008 when they declined to migrate to the successor product MasterCare ePAS.

Submission + - Coding snobs are not helping our children (qz.com)

jader3rd writes: Quartz has an article written by the CEO of Ready about how public education should be embracing computer science, and how existing programmers don't like these efforts because they feel that doing so will result in kids being exposed to programming in a manner different then how they were introduced to it.

Writing software today is eerily similar to what it was like in the late 1950s, when people sat at terminals and wrote COBOL programs. And like the late 1950s, the stereotype of the coder is largely unchanged: mostly white guys with deep math skills, and minimal extroversion. Back in the Sputnik-era, people thought of programmers as a priesthood in lab coats: the sole keepers of knowledge that ran these exotic, and mysterious room-sized machines. Today the priesthood is a little hipper—lab coats have long given way to a countercultural vibe—but it’s still a priesthood, perhaps more druidic than Jesuitic, but a priesthood nonetheless

Submission + - Judges Ruled a Woman Can Sue the Website She Says Enabled Her Rapists

AmiMoJo writes: In 2011, an aspiring model flew to South Florida to meet a man she thought was a casting agent. Instead, she met up with Lavont Flanders, a former cop, and Emerson Callum, better known as the Jamaican porn star Jah-T. After they slipped her a Xanax, the two men filmed her rape for a porn series. In a decision that one day could have reverberations across the internet, a three-judge panel in California decided she can sue the Model Mayhem site that the pair used to lure their victims. "Congress has not provided an all purpose get-out-of-jail-free card for businesses that publish user content on the Internet," Judge Richard Clifton wrote in the panel's decision.

Slashdot Top Deals

Swap read error. You lose your mind.