Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Unicode Control Characters May Camouflage Malware (

modus_operandi writes: (via Clever malware authors have come up with a way to disguise malicious executable files as innocuous data types by writing the file name backwards. On May 11, analysts at Norman ASA (anti-virus software vendor based in Sweden) published details of the exploit in "The RTLO unicode hole — sequence manipulation as an attack vector". The trick is accomplished by using Unicode control characters such as 0x202E (right-to-left override) and 0x202B (right-to-left embedding). Although the payload is likely to be targeted at users of Microsoft Windows operating systems (which rely on filename extensions to determine whether a binary is executable) the exploit also works on any operating system which handles Unicode correctly. That means Linux and UNIX-based operating systems, including Mac OS X, will also be fooled into displaying a deceptive filename. Luckily, it is not possible to set chmod +x as a default in your umask! Could this technique be used in other, heretofore unsuspected, social engineering attacks?

Submission + - Where Old Gadgets Go to Die (

webalert writes: With the holiday gift giving season behind us and the annual consumer electronics show a few days away, the thoughts of gadget lovers everywhere are turning to ways to make room for the latest and greatest.
Open Source

Submission + - Yahoo Beats Patent Troll That Beat Google (

jfruhlinger writes: "You may recall the saga of patent troll Bedrock, which claims that it has patents over Linux and successfully sued Google over Google's Linux use. Well, the verdict from Bedrock's suit against Yahoo on similar grounds has come in — and Yahoo is victorious, not least because Yahoo went second and got to see how the arguments in the Google case went."

Submission + - KPN Admits To Using Deep Packet Inspection (

stiller writes: In order to make up for the loss of income on its mobile network due to services such as whatsapp and skype, KPN — the largest fixed-line and mobile operator in the Netherlands — has taken severe measures: deep packet inspection of all mobile traffic in order to bill various services at different rates.

Submission + - Ubuntu 11.10 To Switch From GDM To LightDM (

dkd903 writes: Earlier, during the Natty development cycle we reported that LightDM is being considered as a replacement for GDM. That did not happen for Ubuntu 11.04, but today it has been confirmed at the Ubuntu Developer Summit at Budapest that LightDM is finally replacing GDM in Ubuntu 11.10 Oneiric.

Submission + - OBL Scam Marks Shift In Mac As Malware Target (

CWmike writes: "Scammers are distributing fake security software aimed at the Mac by taking advantage of the news that al-Qaeda leader Osama Bin Laden has been killed by U.S. forces, a security researcher said on Monday. A security firm that specializes in Mac software called the move 'a very big step forward' for malware makers targeting Apple's users. This is the first time scammers have targeted the Mac with a sophisticated, professional-looking 'rogueware' security application, said Peter James, a spokesman for Intego. On Monday, Intego published a detailed advisory about MAC Defender, noting that that it was 'very well designed, and looks professional.'"

Submission + - Dear Julian Assange: The Internet is the Most Appa ( 1

i4u writes: If you're a regular reader of Russia Today or a big fan of that white-haired rogue Julian Assange, you may want to watch this interview. In it, the Wikileaks founder calls Facebook the "most appalling spy machine that has ever been invented". He goes on to explain that the social network is accessible to US Intelligence, which means none of your data is ever really "private".

Slashdot Top Deals

Where are the calculations that go with a calculated risk?