Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com)

An anonymous reader writes: A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware.

Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10, and not earlier OS versions, and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Submission + - When ISP copyright infringement notifications go wrong

Andy Smith writes: Yesterday I received an email from my ISP telling me that I had illegally downloaded an animated film called Cubo and the Two Strings. I'd never heard of the film and hadn't downloaded it. The accusation came from a government-approved group called Get It Right From a Genuine Site. I contacted that group and was directed to their FAQ. Worryingly, there's no way to correct a false report. The entire FAQ is written from the position that either you, or someone on your network, definitely downloaded what you're accused of downloading. Their advice to avoid any problems with your ISP is simply to not download anything illegally again. But if they can get it wrong once, then surely they can get it wrong again. How widespread is this problem? What safeguards are in place to ensure that people aren't falsely accused? Why has the government allowed this scheme to operate without the accused having some right to defend themselves?

Submission + - Why Don't Mobile OSs offer a Kill Code? 1

gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter and it wipes all private information on the phone?

In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information. I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone.

This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.

So slashdot, what say you?

Submission + - UK seeks next generation of code breakers (bbc.com)

AHuxley writes: The BBC is reporting on a new plan to shape the UK's intake of code breakers.
500 students will be educated at a boarding school to help with the UK's future cybersecurity needs.
The support will come from a private non-profit consortium.
Maths, computer science, economics, and physics will be part of the curriculum alongside cybersecurity.
The hope is that the UK can find more cybersecurity professionals due to a shortage of critical talent.
Aptitude tests and coding skills will help sort applications.

Submission + - WordPress auto-update server had flaw allowing persistent backdoors in websites (theregister.co.uk)

mask.of.sanity writes: Up to a quarter of all websites on the internet could have been breached through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of their choice to verify code updates are legitimate.

Submission + - Brain Cancer Patients Live Longer by Sending Electric Fields Through Their Heads (ieee.org)

the_newsbeagle writes: The big problem with treating glioblastoma, the most aggressive type of brain tumor, is that nothing really works. Surgeons cut out the tumor as soon as it's detected and blast left-behind cells with radiation and chemo, but it always comes back. Most glioblastoma patients live only one or two years after diagnosis.

The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients' lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others.

The catch: Patients have to wear electrodes on their heads around the clock, and they're wired to a bulky generator/battery pack that's carried in a shoulder bag.

Submission + - SPAM: Assange says WikiLeaks to expose Google

schwit1 writes:
  • WikiLeaks founder Julian Assange promised to release information on subjects including the U.S. election and Google
  • Assange said WikiLeaks plans to start publishing new material starting this week, but wouldn't specify the timing and subject
  • He warned that the so called 'October Surprise' will expose Google
  • Assange did not reveal what type of information would be leaked about the tech giant, but his 2014 book could provide a clue
  • In it, he wrote: '(Eric) Schmidt's tenure as CEO saw Google integrate with the shadiest of U.S. power structures...'

Link to Original Source

Submission + - Lawsuit: Yahoo CEO Marissa Mayer Led An Illegal Purge Of Male Employees (mercurynews.com)

Tasha26 writes: It seems like there is only bad news for Yahoo this week. On top of 1 billion breached account, Verizon only just been told about it and secretly scanning customer emails on behalf of NSA, there is now news of a gender discrimination lawsuit against Yahoo CEO Marissa Mayer.

According to a media executive fired from Yahoo last year "Marissa Mayer encouraged and fostered the use of an employee performance-rating system to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees." In addition to Mayer, 2 other female executives, Kathy Savitt and Megan Liberman, were identified in the lawsuit for discriminating against male employees.

Hardware

Submission + - Ask Slashdot: Best geek toys for goldfish

commlinx writes: As it approaches Christmas I'm in the process of adding a geek touch to my goldfish tank and need some ideas from the Slashdot community. So far I have collected a few static plastic models, such as the Enterprise NCC-1701, R2D2 and a Supreme Dalek to glue to the bottom of the tank; however I would also like to add some more dynamic items. I already have a USB controlled switchable power socket connected to a Raspberry Pi to control the main tank light remotely and was thinking this might be expanded to control some LEDs, motors and maybe even some Nixie tubes. However I'm unsure of the best way to interface these together and also wondering what precautions are needed because the water in the tank may not be pure? I look forward to hearing ideas from the community and am interested in how you would approach the problem.

Submission + - A blackhole at quarter the size of its galaxy (bbc.co.uk)

An anonymous reader writes: Astronomers have spotted an enormous black hole — the second most massive ever — but it resides in a tiny galaxy. The galaxy NGC 1277, just a quarter the size of our own Milky Way, hosts a black hole 4,000 times larger than the one at the Milky Way's centre.

Submission + - Draft Executive Order seeks to sneak SOPA & PIPA in by the back door (jdnash.com)

TrueSatan writes: In a way so underhand that few but the MAFIAA and friends could have contemplated it a new draft Executive Order seeks to implement an equivalent to the failed SOPA/PIPA regulations claiming that SOPA/PIPA themselves only failed due to "industry concerns". The order also gives a clear presumed guilty verdict against any who are accused of infringement.abandoning any pretence of "innocent until proven guilty".
Idle

Submission + - Nazi Budda Came from Space (bbc.co.uk)

mattaw writes: "This "Indiana Jones" style story of Nazi's acquiring this ancient historical statue from Tibet began when scientist Ernst Schafer working for Heinrich Himmler, head of the SS was commissioned to search Tibet for ancient "Aryan" evidence. Himmler was said to believe the Aryan race originated in Tibet and was keen to recover objects from the area.

The icing on the cake is that the statue is made of real meteorite and that scientists have been able to identify the actual one as the Chinga meteorite that fell in the border region of eastern Siberia and Mongolia about 15,000 years ago."

Australia

Submission + - ASIC wants Australian ISPs to store all content visited (smh.com.au)

nemesisrocks writes: "ASIC, Australia's version of the SEC, has called for phone call and internet data to be stored by Australian ISPs, in a submission to the Parliamentary Inquity into mandatory data retention.

Not only does the authority want the powers to intercept the times, dates and details of telecommunications information, it also wants access to the contents of emails, social media chats and text messages."

Security

Submission + - Penetration Testing for the Masses 2

compumike writes: Every week we read about companies being hacked through insecure websites. Big companies have in-house security teams, but a new browser-based website penetration testing tool can scan, attack, and detect the biggest threats, such as SQL injection, XSS, and other vulnerabilities, finding holes in more than 90% of websites scanned — even in frameworks like Django and Rails. Can expensive security consultants be replaced by an army of machines providing website security for the masses?

Slashdot Top Deals

The decision doesn't have to be logical; it was unanimous.

Working...