Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - SPAM: New tool helps reconstruct sneakiest of attacks

alphadogg writes: Certain attacks that leave no trace on computer hard drives may be discoverable using a new tool that will be demonstrated at the Black Hat conference in Las Vegas next week, which will feature many security advances [spam URL stripped]. Researchers who work for Mandiant will present a means for piecing together what malicious activity might have been carried out by an attacker's payload that runs only in memory and so evades traditional disk forensics, the researchers say. In particular, the memory forensics tool being presented finds traces in memory of what activity might have been performed via Meterpreter, a software module for the open-source Metasploit penetration testing framework. Meterpreter can be injected into a legitimate running process on a victim computer and thereby avoid detection by host IDS/IPS software. Meterpreter can then be used as a platform for further attack, the researchers say.
Link to Original Source
Security

UK Court Rejects Encryption Key Disclosure Defense 708

truthsearch writes "Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."
Security

Government Begins Securing Root Zone File 198

Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.
Security

US Financial Quagmire Bringing Out the Scammers 272

coondoggie contributes this snippet from NetworkWorld: "You could probably see this one coming. With all of the confusion and money involved you knew there would be cyber-vultures out there looking to cash in. Well the Federal Trade Commission today issued a warning that indeed such increased phishing activities are taking place. Specifically the FTC said it was urging user caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. In many case such emails are only looking to obtain personal information — account numbers, passwords, Social Security numbers — to run up bills or commit other crimes in a consumer's name, the FTC stated."
Handhelds

Pandora Console Ready For Pre-Orders 309

Croakyvoice writes "Finally, months after the official announcement, 3,000 lucky people can now pre-order Pandora, possibly the world's fastest handheld console. It boasts a processor capable of up to 900 MHZ, PowerVR 3D graphics, a large 800x480 LCD touchscreen, Wi-Fi, Bluetooth, USB, dual SD card slots, TV out, dual analogue and digital controls, a clamshell DS Lite-style shape, and a 43-button mini keyboard. The console already boasts an amazing amount of ready-for-release software such as Ubuntu and many full-speed emulators for systems such as Snes, Amiga, Megadrive, and many more that are not publicly announced yet. The console is as powerful as the original Xbox and on a par with the Nintendo Wii. Those interested should visit OpenPandora.Org. For the full history of Pandora from inception until the present, check out the Pandora Homebrew Site."
Communications

Two Bills of Interest Advancing In Congress 129

pgn674 writes "While the Emergency Economic Stabilization Act of 2008 failed to pass in the House of Representatives, two other bills of interest to this community are currently moving through the US lawmaking process. One is the Broadband Data Improvement Act, which Communications Workers of America claims will help us towards bringing high-speed Internet access to all Americans. It will have the FCC increase their granularity in reporting the Internet accessibility of an area in the US, and redefine broadband measurements. It has passed through the House and the Senate, and differences in the passed versions are currently being resolved. The other bill is the Webcaster Settlement Act of 2008. Pandora is excited for this one as it will give them time to negotiate with SoundExchange (i.e. the RIAA) for new, more affordable royalty rates. The bill is currently in the Senate, and is expected to pass with ease."
The Military

US Congress Funds Laser Weapons 423

An anonymous reader writes "The Washington Post reports that the US Congress is funding laser weapons for use in the near future. Low-power lasers called 'dazzlers' are already being used in Iraq to temporarily reduce a person's vision. High-power laser weapons would allow precision attacks that minimize civilian casualties. From the Post: 'The science board said tactical laser systems could be developed for broader use because they "enable precision ground attack to minimize collateral damage in urban conflicts." The report suggested, for example, that "future gunships could provide extended precision lethality and sensing." The board also proposed using lasers to protect against rockets, artillery, mortars and unmanned airborne vehicles by blasting them out of the sky. Last month, the Army awarded Boeing $36 million to continue development of a high-energy laser mounted on a truck that could hit overhead targets. But deployment is not expected until 2016, even if all goes well.'"
Security

Most Companies Admit Their Data Is At Risk 60

Weblver1 writes "A recent survey of IT professionals published by web security firm Finjan shows that data-theft should be a good reason for concern. Based on answers from 1,387 professionals, 25% acknowledged that their organization has been breached. What's worse, 42% did not know and could not exclude a breach, reflecting on the number of organizations that could potentially be breached without anyone knowing after the fact. Other findings we should be concerned about include 82% of Healthcare IT respondents admitting that medical records are at risk of data-theft, and 68% of all sectors admitting sensitive corporate information can be compromised by cyber-criminals. Finjan's report is available here (PDF, registration required). This survey comes a week after Forrester Research found in their survey that IT security spending is expected to rise (or at least remain the same) — with the current level of data breaches and sensitive data that is not protected well enough, there is a good reason for it.
Bug

Widespread Keyboard Failures on OLPC's XO-1 264

otakuj462 writes "Many participants in OLPC's 'Give 1 Get 1' program of last November are now encountering what has come to be known as the 'stuck key' problem, in which one or more of the keys on their XO-1 laptop's built-in keyboard become stuck in an activated position, or are activated when adjacent keys are pressed. As of January 30th, the official word from OLPC is that the root cause of this problem is unknown because '[t]here are several manufacturers of the keyboards.' ('So far we don't know of any _reliable_ method of fixing the keyboard or the exact root cause.') It is unknown just how widespread this problem currently is, as the 30-day manufacturer's warranty has already expired for most G1G1 participants. However, the OLPC forums are full of reports. OLPC is currently deploying the XO-1 to children in Mongolia and Peru, as well as other developing nations. If OLPC is actively deploying units with known, critical hardware bugs, without a dedicated support infrastructure in place, to children who have never seen a computer before, should they still be considered to be a responsible organization? Did OLPC deploy their hardware too soon?"
Hardware Hacking

Submission + - Electronic hardware design

Simon2000 writes: "I find myself continually trawling Digikey and manufacturer websites for suitable components when doing hardware design. Of course I want every component I use to be the simplest, cheapest and most reliable part/IC that meets the specs. This takes time and eventually makes my head spin. How do the real experts do this most effectively?"
Movies

Submission + - HD format war over, a good thing?

CaptainTofu writes: I had a discussion with my co-worker about the HD format war and how I was glad that Blu-ray won over HD DVD, and he seemed somewhat indifferent. He went as far as to say that he wouldn't have minded if the format war never ended because the competition would be good for the market. He brought up how Apple competes with Microsoft, Coke versus Pepsi, etc. I couldn't come up with a good reason why the HD format war was a bad thing other than that it prevented many buyers from investing in one format over the other. My questions are: Is having Blu-ray being the winner necessarily a good thing for consumers besides the obvious? Do we not want to have the competition to bring prices down and better end products? I'm hoping for a winning argument that supports Blu-ray's victory as being good for the market!

Slashdot Top Deals

Feel disillusioned? I've got some great new illusions, right here!

Working...