Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Think Your Phone's Fingerprint Sensor is Safe? Think Again (nytimes.com)

SuperLocrian writes: Human fingerprints are unique but they comprise whorls and other patterns that are not. And that could be a security problem for the sensors on electronic devices, which use only portions of fingerprints to unlock their secrets. Researchers at New York University Tandon School of Engineering and Michigan State University have published a study showing that these sensors can be 'faked out' by digitally produced fingerprints that are a composite of commonly found portions of fingerprint. The researchers, including Nasir Memon, professor of computer science and engineering at NYU Tandon, created a set of artificial “MasterPrints” that matched partial prints similar to those used by phones 26-65 percent of the time.

Comment Re:Matlab and a few games (Score 1) 222

What about your wireless router? The firmware in your car? Your smartphone? Hell, even MicroSD cards run an embedded OS on an ARM processor to handle bad block remapping and to make it easier to test the cards before they leave the factory.

If you want to stick strictly to your desktop PC, let's talk about the software running on your network card, GPU, SSD, hard drive (some hard drives even have serial ports that you can connect to and see terminal output!).

I guarantee you that you use a *lot* more computers every day than you realize, and the vast majority of them run proprietary software.

Comment Globally Unique (Score 1) 213

Thanks to my parents' decision to go with a hyphenated last name, my full name is (as far as I can tell) globally unique. This is actually a great thing for me, since I'm in academia and it's best if people can just google my name and find papers I've written etc.

Comment Re:That was rather pretty (Score 1) 291

I also had a paper at this year's CCS conference, so perhaps I can shed some light on the process. The publisher had some fairly picky requirements for the PDFs, and warned that most PDFs created by (for example) pdflatex would probably not pass muster. So along with a PDF we had to submit a Postscript file so that they could distill it into a PDF that met their requirements if necessary. That's likely what happened here--the final Acrobat Distiller step was probably done by the publisher to make everything fit their publishing requirements.

Comment Re:Vendor B ancient IOS (Score 1) 196

I believe this has been shown incorrect; from the article:

As it turns out, the reason for all those routing resets and general instability was due to a previously unknown Cisco bug involving AS paths close to 255 in length.

(emphasis mine). More info:


And the Cisco description (the bug ID, CSCsx73770, is linked in there, but you need a login to access it):


Comment Re:This seems abrupt (Score 1) 856

Last time I installed Ubuntu it still asked for a password for the normal user account. It asked for that same password when it needed to elevate privileges and perform some configuration command as root (via sudo).

So, you have a password, and if you need to you can get root-level privs, but the random everyday stuff you do doesn't have the potential to wipe out the whole OS.

Seems like a win-win to me, really.


Submission + - Damn Vulnerable Linux

Scott Ainslie Sutton writes: "Enterprise GNU/Linux Resource Linux.com have highlighted a newly created GNU/Linux distribution named Damn Vulnerable Linux, built upon Damn Small Linux. The distribution, headed by Thorsten Schneider, aims to deliver the Operating System in such a way that it allows Security Students first hand insight and hands on experience with Security issues within GNU/Linux in order to teach them protection and mitigation techniques The project's website describes the distribution as 'the most vulnerable, exploitable Operating System ever' and it's true, the developers have ensured that it contains outdated, ill-configured, flawed code and contains GNU/Linux 2.4 Kernel which is known to have many exploitable avenues in itself. Damn Vulnerable Linux's website can be viewed here."

Submission + - Final AACS key found

julie-h writes: The PowerDVD AACS private key for playing Blu-Ray and HD-DVD's have been found. This was the last key needed. What does this mean? We don't have to sniff/snoop Volume IDs anymore. We can create a program that can decrypt (or play if you will) a disc without any need for WinDVD or PowerDVD. So no sniffing/extracting of keys anymore. And more over: it can work on all platforms... In other words: we can make our own independent, user friendly player (or decrypter).

Submission + - Released Wordpress source code included hack

Slinky Sausage writes: "Thousands of servers running the Wordpress blogging software are at tremendous risk after it was revealed that a cracker had hacked into the Wordpress download servers and modified the software's source code. The hack was done shortly after the new version 2.1.1 was released, and the hack was undetected for several days, meaning that thousands of people who have upgraded to the latest 'security release' version of Wordpress have unintentionally installed what amounts to a trojan horse on their web server."

Slashdot Top Deals

In less than a century, computers will be making substantial progress on ... the overriding problem of war and peace. -- James Slagle