Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Simple Method Yields A Wrinkly, Durable, Water-Repellent Coating (acs.org)

ckwu writes: Superhydrophobic coatings that make water droplets dance and roll off of a surface show promise for applications such as self-cleaning cars, buildings, and food processing equipment. A new method creates a durable superhydrophobic coating by combining two common materials—Teflon and a shrinkable plastic—in a few simple steps. The researchers took inspiration from work done with the polystyrene material found in Shrinky Dinks--the children's crafting kit. They deposited Teflon onto a similar material called PolyShrink, heated it, and found that the Teflon formed a crinkled surface that helped water to bead and roll off easily. The best results came from putting Teflon onto polyolefin, a shrink wrap material. What's more, the surface is durable and repels water even after being scratched.

Submission + - Ask Slashdot: Huge problem with disconnections in online gaming with PS3/GT6

Brian Mahoney writes: I've been racing online for years, all through GT5 and now with GT6. Recently, for the last couple of months, my friends and I have been experiencing constant disconnections from the online lobbies we use to race. We don't get disconnected from PSN, just the lobbies. It doesn't matter if it's my lobby or someone in another country, there are continuous d/c headaches. PSN gives me a list of ports to forward but, as far as I know, these are the ones for PSN not for the lobbies. According to their site, every time I connect to another player's lobby (or they to mine), it's a different port. That's like 65,000 ports to forward. My question is: Is it me or is it PSN? I don't get disconnected when racing online with Project Cars on my PS4. That makes me think it's PSN but there doesn't seem to be a huge hue and cry online about the problems. Would different DNS numbers be better for P2P? The crazy thing is that it affects everyone I race with, even people who have never had a problem before. Thanks for any help or comments.

Submission + - Eclipse pushes new open IDE (prweb.com)

LeadSongDog writes: Backed by Codenvy, Microsoft Corp., Red Hat, and SAP, the Eclipse Foundation has touted a new cloud based IDE they call "Eclipse Che", built upon Java, Javascript, and Docker.

Submission + - Dell Open Sources DCEPT, A Honeypot Tool For Detecting Network Intrusions

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

Submission + - Stretchy Squid-Inspired Skin Glows in Different Colors (gizmag.com)

Zothecula writes: Besides having tentacles, squid and octopi are also both known for their color-changing skin. Well, soft-bodied robots may soon also share that attribute, thanks to research being carried out at Cornell University. Led by assistant professor Rob Shepherd, a team of grad students there has developed an electroluminescent rubber "skin" that not only emits light in different colors, but that can also do so while being stretched to more than six times its original length.

Comment Re:Government warnings?? (Score 3, Informative) 100

It's pretty simple - the attackers install backdoor trojans which phone home to various command-and-control (C2) servers. In some cases when the USG identifies a high-value (i.e. involved in corporate and/or government espionage) C2 in the U.S. they get a warrant to monitor all network traffic to and from that host at the upstream. Once you have netflow or pcap data you can pretty easily tell who the compromised companies are when you see their corporate firewall IP hitting the C2 at regular intervals.

Private-sector researchers do this as well sometimes, but you need cooperation from the upstream. Or in some cases, the attackers are sloppy enough to leave behind publicly-accessible server logs ala Shady RAT.

Government

Submission + - Attack Takes Down Russia's UK Embassy Site (eweekeurope.co.uk)

judgecorp writes: "A denial of service attack over the weekend overwhelmed the Russian Embassy site in the UK. Protesters object to a visit to Russia by Prime Minister david Cameron, while Russia refuses to extradite andrei Lugovoy, the man suspected of murdering former spy Alexander Litvinenko with radioactive Polonium in 2006. Lugovoy now serves in Russia's parliament."

Submission + - Atari targets retro community with cease & des (blogspot.com)

svenski writes: Atari User reports that Atari Inc. have begun to target the retro community and have now turned their attentions to atari2600.org, a website first registered in 2000, demanding the domain name be handed over.

Comment Re:Why is this supposed to be a government attack? (Score 1) 56

Hardly any of the trojans used by Chinese APT actors are sophisticated at all. All these sophisticated features you listed are fine if you're only looking to launch a single-purpose attack, like a Stuxnet. The Chinese APT actors want to maintain a long-term presence even after they are discovered on the network.

As the sophistication of the malware rises, so does the cost/time involved, so it limits how many trojans you can deploy at once. Once your super-sophisticated trojan with rootkit, traffic tunneling, AV circumvention, strong encryption, disk and network stealth features gets discovered, your capability to maintain a long-term presence ends and you have to develop another one from scratch. There are only so many programmers working at this skill level, you don't find them every day.

The Chinese APT actors' answer to the problem is simply to throw a ton of different entry-level programmers at the problem. Each one basically uses the same feature requirements list and comes up with a completely different malware codebase, each one by default undetected by AV since it is brand new. Then each actor group goes after their targets using a set of those malware families. If one is discovered, that's OK, because nine more are probably still live on the victim network.

Comment Re:Anything U don't recognize? Potential malware! (Score 1) 245

You have a chicken-and-the-egg problem. You said: "1.) Recovery Console bootup 2.) listsvc command to spot offending bogus MBR protecting driver (hello_tt.sys)" - in this case you have prior knowledge. You knew there was a rootkit in play, and you knew what it was named.

What if it has borrowed the name of another legit third-party driver? What if the rootkit code is just a stub inside another legit driver? This technique has been used by malware for years now. Now, how do you tell which is the malicious driver and which is not? How do you even tell if there is a rootkit in play at all? The answer is: other tools and techniques and most importantly, a lot of time spent.

Comment Re:Let ME correct YOU, point-by-point... apk (Score 1) 245

You missed the point. Yes, TDL4 malware can be cleaned manually, no one is disputing that. The entire system could be forensically sanitized - manually - using the recovery console or a liveCD. It could take a long time depending on how many payloads had been downloaded and how well they hide. But this is not enough to kill the botnet unless you do this to 4.5 million PCs all at once. I never said your TDL-4 removal steps were incorrect, I just said they would not "kill the botnet", which is what Microsoft is suggesting they can do.

While nothing is impossible in theory, trying to destroy this botnet "one rig at a time" as you suggest would take decades even if you had an army tracking them down and cleaning them. The botnet would die on its own by then because the hard drives of those systems would fail first. Again though, I am reply to Microsoft's claims here, not yours.

The part you are wrong about is being able to use ProcessExplorer to fully sanitize the PC of the remaining malware. The only thing that truly separates malware from non-malware is intent. That's it. A P2P filesharing client and a P2P bot could share 99.999% of the same code, with only a single hidden malicious function. Tell me where in ProcessExplorer you would see the difference.

I'm not sure if you truly understand rootkits if you think they can't hide from ProcessExplorer. Even the simpler kernel-mode rootkits can do this, removing the hidden process from the kernel's linked list of objects - the same list that ProcessExplorer has to request from the OS to show you that tree of parent/child processes.

Making a determination on whether or not a program is malware is very hard to do programatically and even for a human often takes hours poring over the code in a debugger trying to understand the program's intent. If it were so easy, antivirus programs would still be adequate protection in this day and age.

Comment Re:He's right, & here's my technique for it... (Score 2) 245

No one said TDL4 can't be cleaned from a single PC. Cleaning it from all of them near-simultaneously is what you would have to do to destroy this botnet. The MSRT tool is not capable of performing the steps you described.

BTW your steps could still leave malware on the system unless you are a forensic/malware expert and can tell good processes from bad in ProcessExplorer. It's not so easy as you make it seem. Even if you are that experienced in process analysis, there could still be other kernel-level rootkits hiding malicious processes from ProcessExplorer. It could take days to truly disinfect a TDL-4-infected system that had been downloading payloads for a while. That's why reformat/reinstall has become the best-practice for dealing with malware, even though it is anathema to most Windows users/admins.

Another thing to note is that Microsoft hasn't destroyed the Rustock botnet, they are merely suppressing it. They will never be able to clean all the infected Rustock PCs, because countless thousands of them don't get Windows updates (either because they are pirated copies of Windows or updates have been disabled by other malware) and thus will never run the MSRT tool. If MS ceases their efforts before every last machine is sitting in a dump somewhere, the botnet could return, however unlikely that the author would bother to restore control.

Comment Re:Time for IBM to work on the ZTIC successor? (Score 2, Interesting) 73

Have a look at Cronto - it's an out-of-band authentication system, similar to ZTIC but doesn't use an electrical connection to the computer that could be impacted by a malware infection on the PC. Instead it transfers encrypted/signed transaction details via visual code to the Cronto device (or Cronto app running on a camera-enabled smartphone). There are a few other similar systems from other vendors, but Cronto is the only one I've seen with a mobile app so far.

Slashdot Top Deals

She sells cshs by the cshore.

Working...