Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:The Police Shouldn't Be That Worried... (Score 1) 40

While your scenario is entirely plausible; why would anyone spend money to 'hack' a rental car? They wouldn't be able to predict who will drive it next or even when. I mean, sure, teenagers will shoplift spraypaint to tag up the local underpass; but with regards to this, the talented have better things to do and sophomoric aren't renting cars.

Personally, I'd worry about this less than I worry about skin cancer.

P.S. That being said, I will admit I bought a more expensive bluetooth OBD-II adapter to use in my explorer that requires a physical button press to pair. Cheaper adapters are generally discoverable when not connected to a host and used a generic 0000 or 1234 pin. I leave the adapter plugged in all the time because there's an old android tablet between the seats that logs OBD-II PIDs while I'm driving and auto-uploads them when I'm in my driveway.

Comment Re:Puh-leeze (Score 5, Funny) 72

Running out of conventional memory? Yeah, I know your pain. Well, I'll tell you a secret. There's this fancy thing called EMM386.. just add it to your CONFIG.SYS after the LOAD=HIMEM.SYS and don't forget to specify DOS=HIGH. It's really that easy and it should get you an easy extra 30 maybe even 45 kB more free RAM.


P.S. MSCDEX is for wimps.

Comment Re:uh - by design? (Score 1) 163

I agree. I call bullshit.

What he describes is plausible, especially if the flash is socketed. But, not bloody likely. Considering that this malware would have to add itself to the existing flash image as an option rom or by infecting and rewriting part of the bios code and then writing that back to the rom.. Unless this was a targeted attack, the malware author would have to work out logic for each one of the major base BIOSes in use - phoenix, award, dell, lenovo, etc to be able to infect them. This is ignoring lots of machines which prevent either prevent rewriting the flash without physical access or require the new system image to be signed. Also, keep in mind that testing this ahead of time is rather difficult given the wide range of different BIOSes on different motherboards, etc. any unexpected bug could render an infected machine unbootable. So, hell of a lot of work for the malware/virus author with quite a lot of risk for failure.. especially when there's a lot of lower hanging fruit.

I don't doubt that it's happened to someone out there.

Also, I do believe this is one of the scenarios Intel TXT is for.

Submission + - WebM support on 4chan (

An anonymous reader writes: Today we added support for WebM files on 4chan’s image boards.

While WebM is technically a video file format, it offers many advantages over animated GIFs—namely superior image quality, support for more than 256 colors, and reduced file size. Its main disadvantage is browser compatibility, however 86% of 4chan’s visits come from browsers that include full or partial support for WebM, and plug-ins are available for those that don’t (like Internet Explorer and Safari).

Submission + - Fifty Years Ago IBM 'Bet the Company' on the 360 Series Mainframe

Hugh Pickens DOT Com writes: Those of us of a certain age remember well the breakthrough that the IBM 360 series mainframes represented when it was unveiled fifty years ago on 7 April 1964. Now Mark Ward reports at BBC that the first System 360 mainframe marked a break with all general purpose computers that came before because it was possible to upgrade the processors but still keep using the same code and peripherals from earlier models. "Before System 360 arrived, businesses bought a computer, wrote programs for it and then when it got too old or slow they threw it away and started again from scratch," says Barry Heptonstall. IBM bet the company when they developed the 360 series. At the time IBM had a huge array of conflicting and incompatible lines of computers, and this was the case with the computer industry in general at the time, it was largely a custom or small scale design and production industry, but IBM was such a large company and the problems of this was getting obvious: When upgrading from one of the smaller series of IBM computers to a larger one, the effort in doing that transition was so big so you might as well go for a competing product from the "BUNCH" (Burroughs, Univac, NCR, CDC and Honeywell). Fred Brooks managed the development of IBM's System/360 family of computers and the OS/360 software support package and based his software classic "The Mythical Man-Month" on his observation that "adding manpower to a late software project makes it later." The S/360 was also the first computer to use microcode to implement many of its machine instructions, as opposed to having all of its machine instructions hard-wired into its circuitry. Despite their age, mainframes are still in wide use today and are behind many of the big information systems that keep the modern world humming handling such things as airline reservations, cash machine withdrawals and credit card payments. "We don't see mainframes as legacy technology," says Charlie Ewen. "They are resilient, robust and are very cost-effective for some of the work we do."

Comment Re:No contract, wifi-only (Score 1) 126

If you're the same anonymous coward, then I am flattered that you returned to check your post for my reply.

> And pardon me, but could you explain to me what the need is for a(n undocumented!) way to gain access to "certain files" on a phone by a remote person ? As far as I can tell there is nothing on a phone a remote person should have access to without the explicit say-so of the owner.

Sweet jesus. The system is not an undocumented way to allow a reomte, third party unauthenticated arbitrary access to your data. It's a system used to allow the modem firmware running on a separate DSP core to save and recall information. Yes, there exists a <b>possibility</b> that a flaw in the modem firmware could allow a third party to command the modem to make IPC requests to the device's host processor to read information and then, potentially, transmit it back. There is no evidence to suggest that such a flaw exists.

> You mean to say that as they all have got similar backdoors (do they ?) its OK ? Strange reasoning ...

No I don't mean to say all have any backdoors; a backdoor is a camouflaged or otherwise hidden system installed to circumvent access restrictions. This is niether camouflaged nor hidden. It's purpose is not to circumvent access controls. It is not a backdoor.

> Bottom line: A phone which has got RPC file-IO calls from the cellular into the smart part of the phone is at least questionable.

Questionable? Yes, of course. But do not attribute to malice what is adequately explained as incompetence.

Comment Re:OTA updates (Score 1) 126

I'm replying again because it occurred to me. to check the dictionary.

A backdoor is an indirect and devious system conceived for the purpose of allowing access to resources by circumventing security protections.

This is not. This is a set of IPC requests an "API" to allow the modem firmware to store non-volatile information in a specific location of the host phone's filesystem.

You're absolutely right that a backdoor is a backdoor; however, this is not a backdoor. If they'd really meant to introduce backdoors, don't you think they'd have made even a trivial effort to hide or obfuscate it? For example, D-Link's special request header “xmlset_roodkcableoj28840ybtide” that would bypass the web admin authentication. That's a backdoor. Minterpreting wrappers for read() and write() is not.

Slashdot Top Deals

In order to dial out, it is necessary to broaden one's dimension.