Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Security

Submission + - Silent, easily made Android root kit at Black Hat (electronista.com)

Submitted by Anonymous Coward
An anonymous reader writes: Not only did they make it an App but they gave it out on DVD! (I guess that's better than putting it on Google's marketplace).

(They claim) they did this to prompt Google to issue a fix. However, since the carriers seem to be very slow in updating the Android OS for their phones (a substantial number, perhaps a majority have never received an update), when can we expect a fix to get to the millions of phones out there? Compare this to the Apple ecosystem which received an update for their (admittedly widely publicized) Antennagate issue within weeks (whether or not it actually fixed anything is another question). In general Apple devices are (forcibly?) updated much more quickly. Perhaps this is because of his holinesses... I mean Steve Jobs powers of persuasion. ;)

From the link:
"SpiderLabs showed a rootkit at the Black Hat conference today that could compromise an Android phone without its owner's knowledge. The exploit, handed out on DVD at the hacking and security meetup, would let the wielder get complete control and personal data from an Android phone without triggering alerts. Team lead Nicholas Percoco said the app took just two weeks to build and would affect even modern Android 2.1 devices such as the HTC Desire and Legend."
Security

Submission + - The Canadian who holds the key to the Internet (thestar.com)

Submitted by drbutts
drbutts writes: The Toronto Star has an interesting story on how they are securing DNS: It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system" called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web.

Submission + - FCC gives thumbs-up to first LTE phone (arstechnica.com)

Submitted by eagledck
eagledck writes: The Federal Communications Commission has finally approved the first 4G Long Term Evolution (LTE) phone for sale in the US. Though the first LTE handset will be available through MetroPCS, the FCC has now opened the door for other LTE devices, including those for Verizon's in-testing LTE network
Space

Submission + - Mars Rover Spirit May Never Wake from Deep Sleep (discovery.com)

Submitted by
astroengine
astroengine writes: "After repeated calls from NASA to wake up Mars Exploration Rover Spirit from its low-energy coma, mission control is beginning to realize the ill-fated robot may never wake up again. After getting stuck in a sand trap in Gusev Crater and then switching into hibernation in March, rover operators were hopeful that the beached Spirit might yet be saved. Alas, this is looking more and more unlikely. In a statement, NASA said: "Based on models of Mars' weather and its effect on available power, mission managers believe that if Spirit responds, it most likely will be in the next few months. However, there is a very distinct possibility Spirit may never respond.""
Government

Submission + - Justice Department Sues Oracle, Alleging Fraud (cnet.com)

Submitted by suraj.sun
suraj.sun writes: Justice department lawsuit argues that Oracle's government customers--a wide array of agencies, including the State Department, the Energy Department, and the Justice Department itself--got deals "far inferior" to those the enterprise software giant gave to its commercial clients.

The allegations stem from a software deal between Oracle and the federal General Services Administration that the Justice Department says involved "hundreds of millions of dollars in sales" and that ran from 1998 to 2006. Under the contract, Oracle was required to inform the GSA when commercial discounts improved and to offer those same discounts to government buyers.

Oracle misrepresented its true commercial sales practices and thus defrauded the U.S., the lawsuit contends.

"We take seriously allegations that a government contractor has dealt dishonestly with the United States," said Tony West, assistant attorney general for the civil division of the Department of Justice, in a statement.

CNET News: http://news.cnet.com/8301-1001_3-20012193-92.html

Submission + - ISC Offers Response Policy Zones for DNS (circleid.com)

Submitted by penciling_in
penciling_in writes: ISC has made the announcement that they have developed a technology that will allow 'cooperating good guys' to provide and consume reputation information about domains names. The release of the technology, called Response Policy Zones (DNS RPZ), was announced at DEFCON. Paul Vixie explains: 'I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day.'
Apple

Submission + - An iPhone App Store that Apple Doesn't Control (xconomy.com)

Submitted by waderoush
waderoush writes: Princeton's Ed Felten has criticized the iPhone and iPad as Disneyland-like 'walled gardens' and says there's no way the iTunes App Store can 'offer the scope and variety of apps that a less controlled environment can provide.' Now there's a central marketplace where developers can sell iPhone-optimized apps without going through Apple's gatekeepers. Launched today, it's called OpenAppMkt and it's a showcase for mobile Web apps---not just the type seen back in 2007-2008, before the advent of the App Store, but also for new games and other apps developed using HTML5/CSS/JavaScript (in some cases, the same apps compiled and sold as native iPhone apps). Xconomy has a behind-the-scenes interview with OpenAppMkt's creators, who say they're not out to compete with the native App Store, but that developers deserve new ways to reach users.
Security

Submission + - Defcon Contest Rattles FBI's Nerves (infoworld.com)

Submitted by
snydeq
snydeq writes: "A Defcon contest that invites contestants to trick employees at 30 U.S. corporations into revealing not-so-sensitive data has rattled nerves at the FBI. Chris Hadnagy, who is organizing the contest, also noted concerns from the financial industry, which fears hackers will target personal information. The contest will run for three days, with participants attempting to unearth data from an undisclosed list of about 30 U.S. companies. The contest will take place in a room in the Riviera hotel in Las Vegas furnished with a soundproof booth and a speaker, so an audience can hear the contestants call companies and try to weasel out what data they can get from unwitting employees."
It's funny. Laugh.

Submission + - Who Is Downloading the Torrented Facebook Files? (gizmodo.com)

Submitted by eldavojohn
eldavojohn writes: Aside from the obvious answer of everyone on Slashdot, Gizmodo's got an interesting scoop on a list of IPs acquired from Peer Block revealing who is downloading the Facebook user data torrented this week. Apple, Church of Scientology, Disney, Intel, IBM and several major government contractors just to name a few. The article notes that this doesn't mean it's sanctioned by these companies or even known to be happening but the IP addresses of requests coming to one of the users' machines match to lists of IP blocks for each company.

Slashdot Top Deals

Mausoleum: The final and funniest folly of the rich. -- Ambrose Bierce

Close