Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Impeding the West's intelligence efforts (Score 1) 100

Oh comon. As if the the fact that intelligence agency could possibly use a preinstalled microphone of an electronic device, is in any way non-obvious or as if it's problematic that the 'intended' knows about this.

Truth is that all terrorists so far used unencrypted normal SMS services and burner phones, or the unencrypted chat services of various Playstation games. What, you want to make it a secret that intelligence agencies can see the chatlogs of Playstation games, too?

Mister obvious is obvious. A microphone in a smartTV can obviously be turned against the owner of the smartTV. Nothing special or secret about that. The news here is just the fact that with this it got confirmed that intel-agencies are doing this actively. Not that they can. They can from day one, even from before TV-sets came with microphones.

Comment The implant requires physical access ... (Score 3, Insightful) 100

With physical access, they are in your living room. That means they could also just stick a tiny microphone at the back of the TV, or underneath your coach, or .. drill a hole in your walls, insert microphone, fix the hole with some material that doesn't block sound too much and repaint the fixed wall. Endless possibilities.

I'm more concerned when the smartTV can be remotely turned into a listening device. Which, btw, wouldn't surprise if also that would be possible. Either way, my TV ain't online. Nexflix, if I ever want it, will go via another device to the TV.

Comment Re:Not a big deal (Score 3, Informative) 38

Download the PDF. Go to page 15 and read the implementation of the unique_service_name function. There are 7!! rash amateur code exploits in about 30 - 50 lines of code, brackets and return calls included. That means every strcpy and even every strncpy is creating an exploitable situation. That kind of rash amateurism in implementation has nothing to do with the protocol. A mind boggling stupid idiot must have written that code. The amount of stink you see in each and every line of the implementation is what makes any serious programming speechless.vA minimal amount of code review would have blocked the contribution entirely.

We should put the blame of this one on the programmer. Not on the protocol. That doesn't mean UPnP doesn't stink together with the implementation. Especially since often the guys writing reference and often-used libraries for a protocol, are also the ones who defined the protocol. So of the implementation is like that code, which it likely is, then I'm pretty sure the protocol isn't going to conform to RFC 1925.

Comment Still a young sector (Score 1) 138

This shows that we are still a young sector. We only have two mainstream operating systems.

For example the car industry has multiple major mainstream car brands, models and domains (sports cars, SUV, sedan, etc).

I expect even more kinds of operating systems, operating system brands and operating system principles to become mainstream.

We're still a young sector.

Comment Re:One broken, forever broken (Score 1) 202

In the leaks you can find for almost all tools and implants that the developers of the tools provide methods to remove and also auto-remove the implant.

For example, Hive: page 4 of this https://wikileaks.org/ciav7p1/... :
  is the self delete delay (in seconds). Amount of time since last successful beacon or
trigger allowed to pass before self-deletion occurs. If unused, the default value is 60
days in seconds.

There is also an entire section devoted to self-delete, on page 14: 4.1 (S) Self-Delete

Comment It also tells us (Score 1) 202

They are using git, have troubles with idiots who put binaries in git, know about Git-Flow (my favorite branching technique), are doing retrospectives (so Scrum sprints), are trying to do something that looks like semver.org for release numbering (although most of it is quite wrongly numbered). All in all, quite a typical software development company. Okayish in software development processes and practices. Could be better here and there.

Comment Executing code in a input buffer? yeah, suck it up (Score 4, Informative) 59

You asked for it Lenovo and/or Intel. This turns an incoming buffer into a funciton pointer and executes arbitrary incoming code:

v3 = *(VOID **)(CommunicationBuffer + 0x20);
v4 = CommunicationBuffer;
*(v3 + 0x8)(*(VOID **)v3, &dword_AD002290, CommunicationBuffer + 0x18);

That's moron. You asked for it. Now suck it up. Apologize to the world for creating a obvious backdoor.

I'm quite sure it won't be the only one coming from Intel's headquarters. And yes, security-researchers will keep digging them up and expose them. Forever.

Comment Re:Technology can't stop these (Score 1) 1144

Not really true. We even have a saying in Dutch: "over de schreef gaan" which comes from the "schreef" which was a wooden block the size a city or town allowed a knife to be. When you entered the city-walls you were asked to put your knifes on the schreef. If your knife was larger than the schreef, then it went over the schreef. Nowadays it's a way of saying that you went to far with something.

But this "schreef" thing actually existed in the 16th century. If you go to a good museum they probably still have the wooden block of the European city you are visiting a museum of.

This means that weapon control was regulated since hundreds of years in European cities and towns.

Comment Re:Not quite logical (Score 1) 230

Well, our universe expands. Perhaps particles are being added somewhere at its edges, and to make room for the new guys we get universe-wide expansion in return. Which would or could mean that we are inside a black hole (or, that our universe is a black hole) and particles, stars and planets are swirling around it and getting sucked in from time to time.

But I don't know. I am not an astrophysicist.

Comment Re:Where was the NSA? (Score 1) 313

Google employed 47,756 people in 2013, I heard that NSA employs around 40,000 people. So Google has about the same amount of 'analyst for every n Americans' as the NSA has. Both the NSA and Google operate both outside of the USA and inside of the USA. My conclusion is that I should be equally worried about the NSA as I am about Google. Besides, NSA doesn't have to play fair and (can) reuse(s) the results of Google by stealing the data.

Comment Re:Hypocrites (Score 1) 162

Either way. Whatever direction it went. I consider the NSA and the GCHQ to be the same organization anyway. And it doesn't matter. What matters is that within the NATO alliance we have members that distrust the other members so much that they feel the need to spy on them. That to me means that NATO is no coordinated effort whatsoever and that NATO is utterly broken and members of it distrust each other massively. That is the world we have in 2014. Thank you UK and US. Not.

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.

Working...