Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Hardware Hacking

First PlayStation 3 Custom Firmware Created 269

Stoobalou writes "Hot on the heels of the discovery of the the PlayStation 3 private root key, and its subsequent leakage by iPhone hacker Geohot, the first custom firmware for the formerly impenetrable console has been released. A code wrangler known only as Kakaroto reckons he has created the world's first custom firmware for the popular console — although if you're expecting it to help you play pirated games, you might be a little disappointed."
Science

Why Published Research Findings Are Often False 453

Hugh Pickens writes "Jonah Lehrer has an interesting article in the New Yorker reporting that all sorts of well-established, multiply confirmed findings in science have started to look increasingly uncertain as they cannot be replicated. This phenomenon doesn't yet have an official name, but it's occurring across a wide range of fields, from psychology to ecology and in the field of medicine, the phenomenon seems extremely widespread, affecting not only anti-psychotics but also therapies ranging from cardiac stents to Vitamin E and antidepressants. 'One of my mentors told me that my real mistake was trying to replicate my work,' says researcher Jonathon Schooler. 'He told me doing that was just setting myself up for disappointment.' For many scientists, the effect is especially troubling because of what it exposes about the scientific process. 'If replication is what separates the rigor of science from the squishiness of pseudoscience, where do we put all these rigorously validated findings that can no longer be proved?' writes Lehrer. 'Which results should we believe?' Francis Bacon, the early-modern philosopher and pioneer of the scientific method, once declared that experiments were essential, because they allowed us to 'put nature to the question' but it now appears that nature often gives us different answers. According to John Ioannidis, author of Why Most Published Research Findings Are False, the main problem is that too many researchers engage in what he calls 'significance chasing,' or finding ways to interpret the data so that it passes the statistical test of significance—the ninety-five-per-cent boundary invented by Ronald Fisher. 'The scientists are so eager to pass this magical test that they start playing around with the numbers, trying to find anything that seems worthy,'"
Iphone

Submission + - 13 Year old girl sues Apple over moisture sensors (tekgoblin.com)

tekgoblin writes: A 13 year old Korean girl is suing Apple for charging her for repairs to her iPhone 3G which was still under warranty. Apple claimed that the warranty was void because the moisture sensors inside the phone had been triggered. The family is asking for $251 in compensation because they believe the moisture sensors were triggered without actually being exposed to water. The family was actually approached by a lawyer to settle but the family declined and still wanted to pursue it in court. The family wants Apple to realize their poor positioning of moisture sensors and not falsely trigger for someone else.

Submission + - Another arrested in Japan for using anonymous P2P (animenewsnetwork.com)

renrutal writes: "A 43-year-old man is the second known person arrested in Japan for using Perfect Dark to share copyrighted material in its encrypted P2P network.

According to the [Kyoto-based] High-Tech Crime Task Force, the Okayama police, and the Saga police, the Osaka-based suspect uploaded about a thousand files, including anime. The suspect admitted that he thought he would not get caught because he was using Perfect Dark.

Perfect Dark is the third generation of japanese anonymous P2P network clients, developed with the intent to fix the security flaws found in its predecessors Winny and Share, in spite of also adopting a "Secure through Obscurity" closed-source model. In 2004, Winny's developer, Isamu Kaneo, was charged 1.5 million yen for assisting in copyright infringement, but he was acquited last October. Since 2008, at least 15 people were arrested in Japan suspect of uploading copyrighted material to those "secure" networks."

Security

Submission + - Two years later, Apple still won't fix Safari hole (goodgearguide.com.au) 2

angry tapir writes: "Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani's work developing what's known as a "carpet bomb" attack, the security researcher said in an interview. "I told Apple about it two years ago, and they responded back, saying it was more of an annoyance than anything else." However, after Dhanjani went public with the flaw in May 2008, another security researcher showed how carpet bombing could be combined with another Windows attack to run unauthorized software on a Windows PC. Apple then shipped a fix for Safari on Windows, but not for Safari on Mac OS X."
Government

Submission + - China Rejects US Piracy Claims as "Groundless" (reuters.com)

eldavojohn writes: Earlier this month, a United States piracy list fingered China, Russia and Canada as the first, second and third worst governments (respectively) for enforcing copyright policy in the world. China's Foreign Ministry has rejected these claims as "groundless" just before meeting with Secretary of State Hillary Clinton and Treasury Secretary Timothy Geithner.on Monday and Tuesday in Beijing to address copyright policy. The official Chinese statement read, "The involved U.S. Congress members should respect the fact and stop making groundless accusations against China." The plan nevertheless remains to use the visit to pressure China into overhauling their failed attempts to curb piracy since software piracy in China appears to be a social norm with the Chinese government possibly even leading by example.
Security

Submission + - SPAM: Hacker develops multi-platform rootkit for ATMs

alphadogg writes: One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference.

He plans to give the talk, entitled "Jackpotting Automated Teller Machines," at the Black Hat Las Vegas conference, held July 28 and 29. Jack will demonstrate several ways of attacking ATM machines, including remote, network-based attacks. He will also reveal a "multi-platform ATM rootkit," and will discuss things that the ATM industry can do to protect itself from such attacks, he writes in his description of the talk, posted this week to the Black Hat Web site.[spam URL stripped]

Jack was set to discuss ATM security problems at last year's conference, but his employer, Juniper Networks, made him pull the presentation after getting complaints from an ATM maker that was worried that the information he had discovered could be misused.

Link to Original Source

Submission + - VirtualBox beta supports OS X as guest OS on Macs (virtualbox.org)

milesw writes: In addition to a slew of new features, VirtualBox 3.2.0 Beta 1 offers experimental support for Mac OS X guests running on Apple hardware. Got to wonder if Ellison discussed this with Jobs beforehand, given Apple's refusal to allow virtualizing their (non-server) OS.
Encryption

Submission + - Recourse for Draconian Encryption Requirements? 3

CryoStasis writes: I work for a major hospital in the northeast. Recently the hospital has taken it upon itself to increase its general level of computer security. As a result they now require full disk encryption on any computer connected to their network on site. Although I think this stance is perhaps a little over exuberant most of these computers are machines that have been purchased with hospital funding. In the department that I work in however many of the employees (myself included) have their own personal machines that they bring to work every day. For obvious reasons we're rather reluctant to allow the hospitals IT staff to attempt installation of the encryption. Those who have allowed the encryption to be installed on their personal machines have had major problems occur afterwords using both Macs and Windows machines (ranging from severe/total data loss, frequent crashes and general slowness) which the hospital does very little to remedy. To make matters worse the hospital is now demanding that any machine which is used to check email (via email clients or webmail directly) be encrypted, including desktop style machines at home, which must be brought in to the IT department as they refuse to distribute the encryption software to the employees for install. By monitoring email access they have begun harassing employees who check email from off campus stating that their email/login access will be disabled unless they bring in their computers. I have no intention of letting these people install anything on my machine, particularly software which their IT staff clearly doesn't have a solid grasp of. Have other Slashdot readers come across this kind of a problem? Do I have any recourse, legal or otherwise, to stop them from requiring me to install software on my personal machines?
GNU is Not Unix

Submission + - HTC Delays Release of GPL'ed Linux Kernel Source (ginkel.com)

Specialist2k writes: Apparently, HTC have been busy these days signing patent deals, so that they have forgotten about the true origins of the Android operating system running on many of their mobile phones. While these phones are running a customized version of the GPL'ed Linux kernel, HTC has been unwilling to provide the corresponding source code for the HTC Desire's Linux kernel for nearly a month now. Unfortunately, HTC already have a well-known history of GPL violations with no apparent signs of any improvement.
Crime

Submission + - UK Jails US Programmer for Refusal to Decrypt File (geek.com) 2

An anonymous reader writes: Geek.com article on lengthy TheRegister.co.uk story. JFL was sentenced to 13months in jail. A US computer scientist whilst travelling to the UK has been the first person to be jailed under the country’s relatively new laws that require suspects to surrender passwords for encrypted files. The 33 year old man, identified only as ‘JFL’, is currently being detained indefinitely under mental health legislation, but was originally charged with and jailed for refusing to divulge passwords that would allow investigating officers to examine the contents of encrypted drives and file containers on his computers. The man, who has no prior convictions, was originally arrested on arrival into the UK from France, where sniffer dogs detected what turned out to be an unpacked model rocket from hobbyist company estes in his luggage. He was allowed to continue to the UK before being arrested by counter terrorism police.
Microsoft

Microsoft Gets Back Its FAT Patent In Germany 113

Dj writes to let us know that Microsoft has regained its FAT patent in Germany. (We discussed it three years ago when the German Federal Patent Tribunal ruled that Microsoft's patent on the FAT file system, with short and long names, was not enforceable.) "The [German] appeal court's decision brings it into line with the US patent office's assessment of the FAT patent. In early 2006, after lengthy deliberations, the latter confirmed the rights to protection conferred by [US] patent number 5,579,517, claiming that the development was new and inventive."
Security

Submission + - Phishing Education Test is blocked...for phishing (blogspot.com)

An anonymous reader writes: From the Sunbelt Software Blog: It appears a website called ismycreditcardstolen.com, designed to "educate users about the dangers of phishing" has itself been flagged by Firefox as a reported web forgery. The site, which asks visitors to enter their credit card details to "see if they've been stolen" takes the hapless visitor to a page warning them about the perils of phishing, giving them advice on how to avoid similar scams and also provides a link to the Anti-Phishing Working Group's website. Or at least it did, until various browsers started blocking it. I've done a little bit of digging, and it looks like one of the creators is taking questions here. As the blog post notes, the project was likely doomed to failure both because of the domain name itself and also because it uses anonymous Whois data, which isn't exactly going to make security people look at it in a positive light. Does anyone out there think this was a good idea? Or will malicious individuals start playing copycat on a public now trained to think sites like this are just "harmless education"?

Slashdot Top Deals

There are two kinds of egotists: 1) Those who admit it 2) The rest of us

Working...