Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com)

An anonymous reader writes: A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware.

Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10, and not earlier OS versions, and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Submission + - When ISP copyright infringement notifications go wrong

Andy Smith writes: Yesterday I received an email from my ISP telling me that I had illegally downloaded an animated film called Cubo and the Two Strings. I'd never heard of the film and hadn't downloaded it. The accusation came from a government-approved group called Get It Right From a Genuine Site. I contacted that group and was directed to their FAQ. Worryingly, there's no way to correct a false report. The entire FAQ is written from the position that either you, or someone on your network, definitely downloaded what you're accused of downloading. Their advice to avoid any problems with your ISP is simply to not download anything illegally again. But if they can get it wrong once, then surely they can get it wrong again. How widespread is this problem? What safeguards are in place to ensure that people aren't falsely accused? Why has the government allowed this scheme to operate without the accused having some right to defend themselves?

Submission + - Why Don't Mobile OSs offer a Kill Code? 1

gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter and it wipes all private information on the phone?

In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information. I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone.

This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.

So slashdot, what say you?

Submission + - Medical Disclaimer: 561Pharmacological Properties (561pharmacologicalproperties.com)

An anonymous reader writes: The information contained on this web site and mobile application is for knowing the great values, advantages of plants and fruits for health. 561Pharmacological Properties use of fruits, plants, vitamins and important minerals for better health.

Submission + - UK seeks next generation of code breakers (bbc.com)

AHuxley writes: The BBC is reporting on a new plan to shape the UK's intake of code breakers.
500 students will be educated at a boarding school to help with the UK's future cybersecurity needs.
The support will come from a private non-profit consortium.
Maths, computer science, economics, and physics will be part of the curriculum alongside cybersecurity.
The hope is that the UK can find more cybersecurity professionals due to a shortage of critical talent.
Aptitude tests and coding skills will help sort applications.

Submission + - WordPress auto-update server had flaw allowing persistent backdoors in websites (theregister.co.uk)

mask.of.sanity writes: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate.

Submission + - Brain Cancer Patients Live Longer by Sending Electric Fields Through Their Heads (ieee.org)

the_newsbeagle writes: The big problem with treating glioblastoma, the most aggressive type of brain tumor, is that nothing really works. Surgeons cut out the tumor as soon as it's detected and blast left-behind cells with radiation and chemo, but it always comes back. Most glioblastoma patients live only one or two years after diagnosis.

The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients' lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others.

The catch: Patients have to wear electrodes on their heads around the clock, and they're wired to a bulky generator/battery pack that's carried in a shoulder bag.

Submission + - SPAM: Assange says WikiLeaks to expose Google

schwit1 writes:
  • WikiLeaks founder Julian Assange promised to release information on subjects including the U.S. election and Google
  • Assange said WikiLeaks plans to start publishing new material starting this week, but wouldn't specify the timing and subject
  • He warned that the so called 'October Surprise' will expose Google
  • Assange did not reveal what type of information would be leaked about the tech giant, but his 2014 book could provide a clue
  • In it, he wrote: '(Eric) Schmidt's tenure as CEO saw Google integrate with the shadiest of U.S. power structures...'

Link to Original Source

Submission + - Lawsuit: Yahoo CEO Marissa Mayer Led An Illegal Purge Of Male Employees (mercurynews.com)

Tasha26 writes: It seems like there is only bad news for Yahoo this week. On top of 1 billion breached account, Verizon only just been told about it and secretly scanning customer emails on behalf of NSA, there is now news of a gender discrimination lawsuit against Yahoo CEO Marissa Mayer.

According to a media executive fired from Yahoo last year "Marissa Mayer encouraged and fostered the use of an employee performance-rating system to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees." In addition to Mayer, 2 other female executives, Kathy Savitt and Megan Liberman, were identified in the lawsuit for discriminating against male employees.

Comment Is this all caused by UPnP? (Score 1) 279

I've read a few of these stories lately and while personally I run a Mikrotik router with a separate access point I thought the vast majority of shitty consumer routers still had a basic firewall that blocked all incoming connections by default? Plus for those that don't presumably all these IoT device would need NAT on your typical home network to be accessible externally so does anyone know if UPnP is required for these exploits to work? I realize this only applies to external port scans but I'd assume that's how most botnets find target devices rather than because of outgoing connections to the vendor's server that may be compromised.

Comment Re:Inherently Insecure (Score 1) 237

1. A solution that uses a central server only for the purpose of establishing the IP address of your chosen call recipient, then allows all communication to that recipient to happen directly, point-to-point. There is no need to route call traffic through central servers (unless you want to listen in). Ahem. Skype.

I'm not so sure with mobile devices that's as easy as it sounds. I'm not aware of the situation in other countries but in Australia you normally sit behind NAT and don't get a publicly routable IP address. I once inquired with with a carrier if it was possible to get one so I could VNC into an embedded system using a dynamic DNS arrangement and the answer was it was only available as an add-on option for corporate accounts, and that meant having a minimum of 500 phone services.

Comment Re:Canon here I come (Score 1) 272

I don't really know anything about (semi-)professional photography, but I always assumed objectives from different manufacturers were compatible. Can't you use your old glass with the new, different camera?

Just as a bit of additional background modern lenses and flashes may do a bit more than you'd imagine. I'm a Canon user but say I attach a 70-200 zoom lens the auto-focus motor is in the lens so if say tracking a moving vehicle in servo mode there's a constant stream of information flowing between the camera and lens to try and hold it in focus. The current focal length also gets reported back as I zoom in and out, and if a compatible flash is attached it will mechanically move reflectors to direct the most flash power into a smaller area that will still cover the scene.

Those are proprietory protocols but have been reverse-engineered by 3rd party lens manufacturers. Occasionally though the OEM will begin using some new feature / protocol that was always present in their lenses and it's not uncommon to hear that a 3rd party lens needs to go back to the factory for a firmware update to work with a newly released camera.

Slashdot Top Deals

You cannot have a science without measurement. -- R. W. Hamming

Working...