Slashdot: News for nerds, stuff that matters

Android Jelly Bean Much Harder To Hack 184

Posted by Soulskill on Monday July 16, 2012 @10:05PM
from the also-not-as-tasty dept.

New submitter SternisheFan tips this quote from an article at Ars: "The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. In an analysis published Monday, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization. ASLR, as it's more often referred to, randomizes the memory locations for the library, stack, heap, and most other OS data structures. As a result, hackers who exploit memory corruption bugs that inevitably crop up in complex pieces of code are unable to know in advance where their malicious payloads will be loaded. When combined with a separate defense known as data execution prevention, ASLR can effectively neutralize such attacks."

High Security Handcuffs Opened With 3D-Printed and Laser-Cut Keys 202

Posted by Soulskill on Monday July 16, 2012 @08:00PM
from the enjoy-your-stay-on-the-watch-list dept.

Sparrowvsrevolution writes "In a workshop Friday at the Hackers On Planet Earth conference in New York, a German hacker and security consultant who goes by the name 'Ray' showed that he could open high-security handcuffs from manufacturers Chubb and Bonowi with plastic copies of keys that he cheaply produced with a laser-cutter and a 3D printer. Both companies attempt to control the distribution of their keys to keep them exclusively in the hands of authorized buyers such as law enforcement. Lasercut plexiglass versions of the Chubb key, which opens handcuffs like the ones used in passenger airline restraints, were selling for $4 at the conference. Ray plans to post the CAD file for the key on the 3D printing site Thingiverse after LockCon later this week."

First Look: Microsoft Office 2013 369

Posted by samzenpus on Monday July 16, 2012 @05:54PM
from the go-ahead-and-peek dept.

snydeq writes "Ever since the first beta editions of Windows 8 appeared, rumors have circulated over how Microsoft would revamp its other flagship consumer product, Office, to be all the more useful in the new OS. Would Office become touch-oriented and Metro-centric, to the exclusion of plain old Windows users? A first look at Office 2013 provides the short answer: No. 'Office 2013 has clearly been revised to work that much better in Windows 8 and on touch-centric devices, but the vast majority of its functionality remains in place. The changes made are mostly cosmetic — a way to bring the Metro look to Office for users of versions of Windows other than 8. Further, Office 2013 has been designed to integrate more closely with online storage and services (mainly Microsoft's), although those are thankfully optional and not mandatory.'"

Torvalds Bemoans Size of RC7 For Linux Kernel 3.5 158

Posted by samzenpus on Monday July 16, 2012 @03:52PM
from the too-big dept.

alphadogg writes "A host of small modifications and a large number of system-on-a-chip and PowerPC fixes inflated the size of release candidate No. 7 for Version 3.5 of the Linux kernel, according to curator Linus Torvalds' RC7 announcement, made on Saturday. Torvalds wasn't happy with the extensive changes, most of which he said he received Friday and Saturday, saying 'not cool, guys' in the announcement. However, the occasionally combustible kernel curator didn't appear to view this as a major setback. 'Now, admittedly, most of this is pretty small. The loadavg calculation fix patch is pretty big, but quite a lot of that is added comments,' he wrote, referring to the subroutine that measures system workload."

Skype Bug Sends Messages To Random Contacts 77

Posted by samzenpus on Monday July 16, 2012 @01:59PM
from the everyone-gets-a-message dept.

An anonymous reader writes "A bug has been discovered in Skype that sends users' private instant messages to other contacts whom the messages were never intended for. Skype has confirmed the issue and is working on a fix. 'We are aware that in rare circumstances IM's between two contacts could be sent to an unintended third contact,' a Skype spokesperson told Engadget. 'We are rolling out a fix for this issue in the next few days and will notify our users to download an updated version of Skype.'"

Yahoo! Closes Security Hole That Led To Breach 43

Posted by samzenpus on Monday July 16, 2012 @11:45AM
from the stopping-the-leak dept.

An anonymous reader writes "Yahoo! has patched the security hole that allowed hackers to access some 450,000 email addresses and passwords associated with Yahoo! Contributor Network and ultimately publish them last week. In the meantime, the group responsible for the hack of the official forum site of technology company NVIDIA has also dumped some user 800 records taken during the breach."

Report from HOPE: Cryptocat And Encryption in the Cloud 29

Posted by Unknown Lamer on Sunday July 15, 2012 @12:33PM
from the meow-meow-encryption dept.

In a world increasingly dominated by the cloud, privacy is often sacrificed for convenience. Imagine a world where you could use cloud services without allowing the provider to read your data. Author of Cryptocat (a browser-based secure chat system) Nadim Kobeissi shared the problems he faced developing Cryptocat, his solutions, and future of client-side cryptography. Read on for more.

Update: 07/18 03:48 GMT by U L : Slides (PDF) from and video of the talk are now online.

Defense Expert: Hire Hackers and Wage War 157

Posted by Soulskill on Sunday July 15, 2012 @08:23AM
from the institutionalized-anonymous dept.

Phoghat writes "A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them. 'Let's just say that in some places you find guys with body piercings and nonregulation haircuts,' says U.S. Naval Postgraduate School professor John Arquilla . 'But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them.'"

Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 240

Posted by Soulskill on Saturday July 14, 2012 @08:02PM
from the somebody-should-build-a-big-wall dept.

An anonymous reader writes "A former Pentagon analyst reports the Chinese government has 'pervasive access' to about 80 percent of the world's communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage. 'Not only do Huawei and ZTE power telecom infrastructure all around the world, but they're still growing. The two firms are the main beneficiaries for telecommunication projects taking place in Malaysia with DiGi, Globe in the Philippines, Megafon in Russia, Etisalat in the United Arab Emirates, America Movil in a number of countries, Tele Norte in Brazil, and Reliance in India.'"

NVIDIA Kills Online Store In Response To Hacker Claims 70

Posted by Soulskill on Saturday July 14, 2012 @03:50PM
from the have-you-tried-updating-your-drivers dept.

wiredmikey writes "Following a shutdown of its 'NVIDIA Developer Zone,' earlier this week after the online community for developers had been hacked, the graphics chip maker on Friday also shut down its online store. The group of hackers behind the attack, going by the handle of 'The Apollo Project,' made mention of the claimed compromise in its original post exhibiting its successful attack against the NVIDIA Developer Zone site. While the company has shut down the online store, it has not acknowledged that a successful attack has taken place. 'NVIDIA has suspended operation of the NVIDIA Gear Store (store.nvidia.com) as a precaution, following confirmed attacks on several of our other sites,' read a statement posted on the site posted. The claimed attackers wrote, 'We aren't acting extremely maliciously, we've used this database to target disgusting corporations who deserve to be brought to justice.. and we are getting there, slowly but surely.'"

Facebook "Like" System Devalued By Fake Users 99

Posted by timothy on Saturday July 14, 2012 @07:27AM
from the yeah-but-have-you-see-what-real-ones-like? dept.

New submitter k(wi)r(kipedia) writes "A BBC investigation has found evidence of fake users skewing the results of Facebook's 'Like' recommendation system. The BBC set up a Facebook page for a fake business called VirtualBagel and invited users to 'like' it. The page reportedly attracted 'over 1,600 likes' within twenty-four hours. The test appeared to confirm the claims of a social media marketing consultant who contacted the BBC after he noticed a disparity in the distribution of users 'liking' the products of his clients. 'While they had been targeting Facebook users around the world, all their "likes" appeared to be coming from countries such as the Philippines and Egypt.'"

O2's UK Network Crash Hits Offender Monitoring System 56

Posted by timothy on Saturday July 14, 2012 @04:40AM
from the feel-free-to-move-about-the-cabin dept.

judgecorp writes "Mobile operator O2's network crashed on Wednesday and Thursday of this week. In the aftermath it has emerged how other services rely on mobile networks. Law enforcement agencies were unable to track some convicted criminals wearing electronic tags, and the crash also disabled parts of London's network of 'Boris Bikes' — public hire bikes."

Niagra Framework Leaves Government, Private Infrastructure Open To Hacks 40

Posted by timothy on Friday July 13, 2012 @07:11PM
from the is-this-your-all-eggs-basket? dept.

benfrog writes "Tridium's Niagra framework is a 'marvel of connectivity,' allowing everything from power plants to gas pumps to be monitored online. Many installations are frighteningly insecure, though, according to an investigation by the Washington Post, leaving both public and private infrastructure potentially open to simple hacks (as simple as a directory traversal attack)."

City's IT Infrastructure Brought To Its Knees By Data Center Outage 102

Posted by Soulskill on Friday July 13, 2012 @05:32PM
from the watch-out-for-that-first-explosion,-it's-a-doozy dept.

An anonymous reader writes "On July 11th in Calgary, Canada, a fire and explosion was reported at the Shaw Communications headquarters. This took down a large swath of IT infrastructure, including Shaw's telephone and Internet customers, local radio stations, emergency 911 services, provincial services such Alberta Health Services computers, and Alberta Registries. One news site reports that 'The building was designed with network backups, but the explosion damaged those systems as well.' No doubt this has been a hard lesson on how NOT to host critical public services."

US ISPs Continue To Support DNSChanger Redirection Servers 87

Posted by Soulskill on Friday July 13, 2012 @05:11PM
from the you-had-one-job dept.

darthcamaro writes "On Monday of this week, the primary servers that kept those infected with the DNSChanger malware were taken offline. It's a story that sparked lots of media hype with people claiming that hundreds of thousands of people could lose their Internet access. As it turns out, major U.S. ISPs including Verizon, Cox, AT&T and CenturyLink all kept their own DNSChanger servers online, protecting any users from losing their access."

2010	Conservative Textbook Curriculum Passes Final Vote In Texas	895 comments
2006	Gonzales Says Publishing Leaks Is A Crime	889 comments
2005	Review: Star Wars Episode III	1265 comments
2003	Computing's Lost Allure	822 comments
2002	A First Look at Netscape 7	714 comments