is7s - Slashdot User

Submission + - Exploit For Windows DoS Zero-Day Published, Patch Out On Tuesday? (helpnetsecurity.com)

Submitted by Orome1 on Friday February 03, 2017 @10:38AM

Orome1 writes: A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. It is a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. Tricking a user to connect to such a server should be an easy feat if clever social engineering is employed.

Submission + - Researcher Develops Explosion-Proof Lithium Metal Battery, 2X Power Of Li-Ion (hothardware.com)

Submitted by MojoKid on Tuesday January 31, 2017 @01:19PM

MojoKid writes: Tufts University professor and founder of Ionic Materials, Mike Zimmerman, hopes that his resilient ionic battery technology will finally replace Lithium Ion. The reason scientists and researchers pay so much attention to battery design is because today's lithium-ion technologies have several downsides, as we saw recently with Samsung's Galaxy Note 7 recall. If you were to take apart a lithium-ion battery, you'd find a positive electrode called the anode and a negatively charged electrode called the cathode. There's a thin separator that sits between the anode and cathode. Everything else is filled up with liquid, or electrolyte. Charging the battery causes positively charged ions to flow through the liquid from the negative side to the positive side. As you use the battery, the ions flow in the opposite direction. However, the electrolyte is extremely flammable and they can explode when pierced or overheated. Zimmerman's ionic battery trades the flammable liquid for a piece of plastic film to serve as the electrolyte. It isn't prone to overheating and catching fire. The same goes for piercing, cutting or otherwise destroying the battery. Also, unlike lithium-ion batteries, Zimmerman's ionic batteries use actual lithium-metal, which can store twice as much power. Lithium-ion batteries don't contain lithium-metal because they're even more prone to overheating and exploding than lithium-ion, but that risk is removed by Zimmerman swapping out the liquid electrolyte for a solid.

Submission + - Samsung Group Offices Raided By Korean Prosecutors (reuters.com)

Submitted by Anonymous Coward on Wednesday November 23, 2016 @04:42PM

An anonymous reader writes: South Korean prosecutors raided the offices of Samsung Group on Wednesday, a prosecution official said, after media reports of alleged links with a confidante of President Park Geun-hye who has been indicted in an influence-peddling scandal. Prosecutors also raided South Korea's largest pension fund, the National Pension Service (NPS), an NPS spokeswoman said. The Yonhap news agency reported that investigators were probing NPS's decision to approve the $8 billion merger of Samsung C&T Corp and Cheil Industries last year. The raids signaled that prosecutors are expanding their investigation into allegations of influence-peddling in the corruption scandal that has rocked Park's presidency over the relationship between the government and big businesses. NPS, the world's third-largest pension fund, has come under scrutiny by the media and civic groups over its approval as a major shareholder of the merger between two affiliates of Samsung Group, South Korea's largest family-run conglomerate. Its backing was seen as crucial to the success of the merger and some South Korean media reports said its approval came under mysterious circumstances. Prosecutors raided four locations — the NPS headquarters, NPS Investment Management office headquarters, Samsung Group offices and the office of a former NPS investment management official — said a prosecution official who was not authorized to speak to the media and declined to be identified. Park and her confidante, Choi Soon-sil, are under investigation for allegedly improperly pressuring major conglomerates, including the Samsung Group, to raise funds for foundations that backed Park's policy of promoting the cultural and sports communities.

Submission + - Researchers Bypass ASLR Protection on Intel Haswell CPUs (softpedia.com)

Submitted by Anonymous Coward on Wednesday October 19, 2016 @07:28PM

An anonymous reader writes: A team of scientists from two US universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures.

The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory, the very thing that ASLR protection was meant to hide.

While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows.

From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing.

Submission + - US Efforts To Regulate Encryption Have Been Flawed, Government Report Finds (theguardian.com)

Submitted by Anonymous Coward on Thursday June 30, 2016 @12:59AM

An anonymous reader writes: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection."

Submission + - BBC: Britain Votes To Leave The EU (washingtonpost.com)

Submitted by Anonymous Coward on Friday June 24, 2016 @01:10AM

An anonymous reader writes: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% — with more than 30 million people voting — the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation — but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 — the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states.

Submission + - Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere (arstechnica.com)

Submitted by Anonymous Coward on Tuesday June 14, 2016 @01:46PM

An anonymous reader writes: Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others.

To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website. Snaps can exist on the same system as either deb or RPM packages. Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps.

Submission + - Online Loans Made in China Using Nude Pictures as Collateral

Submitted by HughPickens.com on Tuesday June 14, 2016 @11:55AM

HughPickens.com writes: There is more than one way to get a student loan in China as People's Daily Online reports that many Chinese university students use their nude pictures as IOUs on online lending platforms, putting themselves at the risks of having everybody – including their parents – see them naked. Borrowers are also required to upload pictures of their ID cards and report their family information, including their address and cell phone numbers. "The nude photos will be made public if the borrowers fail to repay their debts with interest," an insider was quoted as saying. The credit varies based on the borrower’s education background. Usually an undergraduate student can receive 15,000 yuan ($2,277) in credit, while those studying at famous universities as well as doctorate students can receive even larger loans. Snapshots of threatening collection messages have also gone viral, with a photo of a female borrower and a message reading how the lender would send the photo and her naked video footage to her family members if she could not pay back her 10,000 yuan borrowed on an annual interest rate of 24 percent within a week. “Naked IOUs started long ago. Not only university students but many others also borrowed money with nude pictures,” says insider surnamed Zhang. Zuo Shenggao from Jingshi Law Firm says that nude photos are actually invalid as collateral in terms of laws. "Nude photos are not property. It is in the category of reputation rights," says Shenggao. "If anyone threatens to publish the photos online, they will violate the clients' reputation. At the same time, they are also spreading pornographic material. Both are illegal and they will commit double offence,"

Submission + - Firefox 47 Arrives With Synced Tabs Sidebar, Better YouTube Playback 1

Submitted by Anonymous Coward on Tuesday June 07, 2016 @01:14PM

An anonymous reader writes: Mozilla today launched Firefox 47 for Windows, Mac, Linux, and Android. The browser has gained a sidebar for synced tabs from other devices, improvements to YouTube playback and HTML5 support, and is seeing the end of support for Android Gingerbread.

Submission + - Finnish Mail System Abandons Tuesday Delivery for Some Mail

Submitted by jones_supa on Tuesday June 07, 2016 @11:10AM

jones_supa writes: In a world moving to electronic communications, the snail mail traffic has seen a huge drop. Because of this, the mail delivery organization of Finland (Posti) will not be delivering letters and magazines on Tuesdays anymore. Tuesday was selected because it generally has the lowest volume of mail. For example, magazines and advertisements are targeted to the end of the week, so that people have more time for shopping dreams in the weekend. Another reason is that Posti recently launched a lawn mowing service which operates on Tuesdays.

Submission + - Google Records Over 750,000 'Hijacking' Breaches In One Year (nbcnews.com)

Submitted by Anonymous Coward on Wednesday April 20, 2016 @05:08PM

An anonymous reader writes: A new study by Google and the University of California, Berkeley, claims over 700,000 websites were breached between June 2014 and June 2015. The research shows that "miscreants" had routinely hijacked thousands of vulnerable web servers for "cheap hosting and traffic acquisition." The exact number of recorded "hijacking incidents" within the period was 760,935 but google has been said they were able to curb the amount of breaches through direct communication with webmasters. Google's Safe Browsing Alerts sends notifications to network admins when potentially dangerous URLs are detected on their networks. These have reportedly increased the likelihood of a "cleanup" by more than 50 percent and reduced "infection lengths" by at least 62 percent. According to The Next Web, WordPress topped the chart of platforms that experienced the most breaches (almost half of all attacks). English websites experienced the most attacks, with Chinese, German, Japanese and Russian language websites following closely behind.

Submission + - Hacked Swedish Military Servers Used in Attacks on US Banks

Submitted by wiredmikey on Monday April 11, 2016 @09:27AM

wiredmikey writes: Swedish military computers were hacked and used in an attack targeting major US banks in 2013, the armed forces said on Monday. The attack knocked out the web sites of as many as 20 major US banks and financial institutions, sometimes for several days. According to Swedish military spokesman Mikael Abramsson, a server in the Swedish defense system had a vulnerability which was exploited by hackers to carry out the attacks.

At the time, the attack, which began in 2012 and continued for months, was one of the biggest ever reported. US officials blamed Iran, suggesting it was in retaliation for political sanctions and several earlier cyber attacks on its own systems.

Submission + - CIA Won't Waterboard Again, Even If Ordered By Future President (msnbc.com)

Submitted by Anonymous Coward on Monday April 11, 2016 @01:25AM

An anonymous reader writes: CIA Director John Brennan told NBC News in an exclusive interview that his agency will not engage in harsh "enhanced interrogation" practices, including waterboarding, which critics call torture — even if ordered to by a future president. "I will not agree to carry out some of these tactics and techniques I've heard bandied about because this institution needs to endure," Brennan said. The CIA used waterboarding and other techniques on terrorist suspects after the 9/11 attacks. But in January 2009, President Obama banned the practices in his first few days in office with an executive order. When asked specifically about waterboarding Brennan could not have been clearer. "Absolutely, I would not agree to having any CIA officer carrying out waterboarding again," he said.

Submission + - Hacker Weev Admits to Hacking Printers to Spew Racist and Anti-Semitic Messages (softpedia.com)

Submitted by Anonymous Coward on Monday March 28, 2016 @07:26PM

An anonymous reader writes: Andrew Auernheimer, a black hat hacker known as "Weev," has admitted to hacking thousands of Internet-connected printers and making them print out racist and anti-semitic messages. As you'd expect, the hack took place after the hacker used a simple port scanner and found out millions of unprotected, Internet-accessible printers. He then used a one-line Bash command that sent them a PostScript file on port 9100. This triggered all printers to print his anti-semitic message. Ironically, the hacker is a former Jew turned neo-nazi while incarcerated for a questionable "hacking" incident when he revealed to Gawker that AT&T had failed to protect one of their servers.

The printer hack affected devices at USC, UC Berkeley, Northwestern, UMass, Princeton, Brown University, the University of Wisconsin-Milwaukee, DePaul University in Chicago, Clark University in Worcester, and many more.

Comment Re:Oh it's another one of those (Score 1) 155

by is7s on Friday March 25, 2016 @07:16PM (#51779339) Attached to: Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up

I thought that was DOS too, how is it called then? Isn't that MS DOS running the boot code?

Slashdot Top Deals