buzter - Slashdot User

Comment Re:No, there's no need (Score 2) 671

by buzter on Sunday March 04, 2012 @05:01PM (#39241745) Attached to: Ask Slashdot: Using Company Laptop For Personal Use

The system requirements are actually for the agent software. The firmware embedding is a persistence module that "self-heals" the agent software. The references to it surviving through reformatting and hard-drive replacement is the fact that the BIOS will re-install the agent on the new OS / Hard Drive. Black Hat 2009 had some research presented on the shortcomings of this technique, which is summarized on coresecurity: http://blog.coresecurity.com/2009/08/11/the-bios-embedded-anti-theft-persistant-agent-that-couldnt-response-handling-the-ostrich-defense/

That being said, preventing the agent from calling in when you know it should be calling in would be cause enough for an employer to be suspicious.

Comment Re:No, there's no need (Score 1) 671

by buzter on Sunday March 04, 2012 @04:36PM (#39241597) Attached to: Ask Slashdot: Using Company Laptop For Personal Use

Well, to be fair in this specific case, Absolute doesn't collect more than basic hardware and state information until you report it as stolen. And, yes, there are limitations to the BIOS implementation. It's really just a persistence module to reinstall the agent software on Windows and Mac OS. However, the inability for it to properly function and call in can be cause for alarm on the part of the employer.

Comment Re:No, there's no need (Score 5, Informative) 671

by buzter on Sunday March 04, 2012 @03:25PM (#39241113) Attached to: Ask Slashdot: Using Company Laptop For Personal Use

Keyloggers can be installed in the BIOS, though this is rare, it can be done.

Actually, it is not that rare. A company called Absolute is a pretty big player in the firmware level asset security control and recovery business. Every major vendor has models that embed their agent into the firmware of select machines. These agents persist through imaging/formatting. They allow tracking of IP address, geolocation on models with GPS, keylogging, remote bios lockdown, remote wiping, and more. You can see a list of models on their website at: http://www.absolute.com/partners/bios-compatibility

In short, I agree with the above posters. Play it safe and talk to your IT department. Ask them if you should buy your own laptop for non-work use or use a live cd.

Comment Re:'All powerful' root? (Score 2, Funny) 682

by WhiteWolf on Saturday March 15, 2008 @04:56PM (#22761356) Attached to: The REAL Reason We Use Linux

It looks like you're trying to murder your child! Can I help you:

* Make it look like a SIDS incident?

* Spoof a ransom note?

* File for insurance claims?

Damn paper-clip is EVIL, man. PURE FSCKING EVIL!

Fair Use Worth More Than Copyright To Economy 274

Posted by samzenpus on Wednesday September 12, 2007 @08:48PM from the make-more-money dept.

Dotnaught writes "The Computer and Communications Industry Association — a trade group representing Google, Microsoft, and Yahoo, among others — has issued a report (PDF) that finds fair use exceptions add more than $4.5 trillion in revenue to the U.S. economy and add more value to the U.S. economy than copyright industries contribute. "Recent studies indicate that the value added to the U.S. economy by copyright industries amounts to $1.3 trillion.", said CCIA President and CEO Ed Black. The value added to the U.S. economy by the fair use amounts to $2.2 trillion."

Sort Linked Lists 10X Faster Than MergeSort 326

Posted by kdawson on Sunday February 25, 2007 @03:43PM from the out-of-sorts dept.

virusfree tells us about a new algorithm that has been developed that the author claims can sort a linked list up to 10 times faster than MergeSort. "BitFast," a member of the Hash algorithms family, is available in C and C++ under the GPL.

Submission + - Software Bug Halts F-22 Flight

Submitted by mgh02114 on Sunday February 25, 2007 @03:20PM

mgh02114 writes: The new US stealth fighter, the F-22 Raptor, was deployed for the first time to Asia earlier this month. The first flight from Hawaii to Japan was forced to turn back when a software glitch crashed the F-22 on-board computers as they crossed the international date line. The delay in arrival in Japan was previously reported here and here, with rumors of problems with the software. CNN television, however, this morning reported that all every fighter completely lost all navigation and communications when they crossed the international date line. They reportedly had to turn around and follow their tankers by visual contact back to Hawaii. According to the CNN story, if they had not been with their tankers, or the weather had been bad, this would have been serious. CNN has not put up anything on their website yet. This follows previous reports that a software bug in the F-16, caught in simulation before the plane ever flew, that would have caused the fighter to flip upside down when flying over the equator.

TV Delays Driving AU Viewers To Piracy 394

Posted by kdawson on Sunday February 25, 2007 @02:26PM from the desperate-for-housewives dept.

Astat1ne writes in with a story in The Register about the delays Australian TV viewers are experiencing getting overseas-produced series and how this is driving many of them to download the shows via BitTorrent and other peer-to-peer networks. The problem is compounded by the fact that Australian viewers are unable to download legal copies of the episodes from the US iTunes website. Quoting: "According to a survey based on a sample of 119 current or recent free-to-air TV series, Australian viewers are waiting an average of almost 17 months for the first-run series first seen overseas. Over the past two years, average Australian broadcast delays for free-to-air television viewers have more than doubled from 7.9 to 16.7 months."

Submission + - IE7 and FF 2.0 share vulnerability

Submitted by hcmtnbiker on Sunday February 25, 2007 @01:35PM

hcmtnbiker writes: Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. The vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7, and Firefox 1.5.0.9. "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, ".value" parameter cannot be set or changed, and any changes to .type reset the contents of the field," said Michal Zalewski, the person that discovered the IE7 flaw. There are Proof of concepts for both IE7 and firefox

Submission + - Bacteria to protect against quakes

Submitted by

Roland Piquepaille

on Sunday February 25, 2007 @12:41PM

Roland Piquepaille writes: "If you live near the sea, chances are high that your home is built over sandy soil. And if an earthquake strikes, deep and sandy soils can turn to liquid, with some disastrous consequences for the buildings sitting on them. But now, U.S. researchers have found a way to use bacteria to steady buildings against earthquakes by turning these sandy soils into rocks. Today, it is possible to inject chemicals in the ground to reinforce it, but this can have toxic effects on soil and water. On the contrary, this use of common bacteria to 'cement' sands has no harmful effects on the environment. But so far, this method is limited to labs and the researchers are working on scaling their technique. Here are more references and a picture showing how unstable ground can aggravate the consequences of an earthquake."

A Developers Security Bugs Primer 35

Posted by CmdrTaco on Sunday February 25, 2007 @12:08PM from the important-stuff-here-people dept.

CowboyRobot writes "ACM Queue's current issue on Open Source Security includes a short article by Eric Allman of Sendmail on how to handle security bugs in your code. "Patch with full disclosure. Particularly popular in the open source world (where releasing a patch is tantamount to full disclosure anyway), this involves opening the kimono and exposing everything, including a detailed description of the problem and how the exploit works... Generally speaking, it is easier to find bugs in open source code, and hence the pressure to release quickly may be higher.""

67-Kilowatt Laser Unveiled 395

Posted by kdawson on Saturday February 24, 2007 @06:11PM from the very-big-sharks dept.

s31523 writes "Lawrence Livermore National Laboratory in California has announced they have working in the lab a Solid State Heat Capacity Laser that averages 67 kW. It is being developed for the military. The chief scientist Dr. Yamamoto is quoted: 'I know of no other solid state laser that has achieved 67 kW of average output power.' Although many lasers have peaked at higher capacities, getting the average sustained power to remain high is the tricky part. The article says that hitting the 100-kW level, at which point it would become interesting as a battlefield weapon, could be less than a year away."

Submission + - Another Hit on AACS: Device Key Found

Submitted by henrypijames on Saturday February 24, 2007 @06:09PM

henrypijames writes: The intense effort by the fair-use community to circumvent AACS (the content protection protocol of HD DVD and Blu-Ray) has produced yet another stunning result: The AACS Device Key of the WinDVD 8 has been found, allowing any movie playable by it to be decrypted. This new discovery by ATARI Vampire of the Doom9 forum is based on the previous research of two other forum members, muslix64 (who found a way to located the Title Keys of single movies) and arnezami (who extracted the Processing Key of an unspecified software player). AACS certainly seems to be falling apart bit for bit every day now.

Submission + - Improvements to the Download Process

Submitted by ant_tmwx on Saturday February 24, 2007 @05:55PM

ant_tmwx writes: Metalinks collect information about files in an XML format used by programs that download. The information includes mirror lists, ways to retrieve the file on P2P networks, checksums for verifying and correcting downloads, operating system, language, and other details. Using Metalinks details the Free Software programs you can use to download them with. There are also clients on Mac and Windows. With a list of multiple ways to download a file, programs can switch to another method if one goes down. Or a file can be downloaded from multiple mirrors at once, usually making the download go much faster. Downloads can be repaired during transfer to guarantee no errors. All this makes things automatic which are usually not possible or at least difficult, and increases efficiency, availability, and reliability over regular download links. OpenOffice.org, openSUSE, and other Linux/BSD distributions use them for large downloads.

Are Unfinished Products Now the Norm? 111

Posted by Cliff on Saturday February 24, 2007 @05:44PM from the not-ready-for-prime-time dept.

Paul asks: "Long ago when digital synthesizers first became commonly available, I recall a reviewer lamenting how he was getting more and more products to test whose software was unfinished and buggy and would require updates and fixes (this, before the internet allowed easy downloads, would have meant a journey to a specialist repair center). The review also commented how this common problem with computer software was spreading (this was before Windows 95 was out), and asked if it was going to become the norm. These days it seems ubiquitous, with PDAs, digital cameras, PVRs and all manner of complex goods needing after-market firmware fixes often simply to make them have the features promised in the adverts, let alone add enhancements. Are we seeing this spread beyond computers and computer-based products; jokes apart, will we be booting our cars up and installing flash updates every week to prevent computer viruses getting into the control systems? Can anyone comment on any recent purchases where they've been badly let down by missing features, or are still waiting for promised updates even whilst a new model is now on the shelves? How can we make the manufacturers take better responsibility? Apart from reading every review possible before making a purchase, what strategy do you have, or propose, for not being caught out?"

Slashdot Top Deals