Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Windows

Windows 0-Day Exploited In Ongoing Attacks 111

Posted by Soulskill
from the gift-that-keeps-on-giving dept.
An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.
Android

Delivering Malicious Android Apps Hidden In Image Files 113

Posted by timothy
from the best-case-never-touch-a-phone dept.
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)
Space

Mars Orbiter Beams Back Images of Comet's Surprisingly Tiny Nucleus 47

Posted by timothy
from the knowledge-through-correction dept.
astroengine writes The High-Resolution Imaging Science Experiment (HiRISE) camera on board NASA's Mars Reconnaissance Orbiter (MRO) has become the first instrument orbiting Mars to beam back images of comet Siding Spring's nucleus and coma. And by default, it has also become the first ever mission to photograph a long-period comet's pristine nucleus on its first foray into the inner solar system. Interestingly, through analysis of these first HiRISE observations, astronomers have determined that the icy nucleus at the comet's core is much smaller than originally thought. "Telescopic observers had modeled the size of the nucleus as about half a mile, or one kilometer, wide," writes a NASA Jet Propulsion Laboratory news release. "However, the best HiRISE images show only two to three pixels across the brightest feature, probably the nucleus, suggesting a size less than half that estimate."
Debian

Debian's Systemd Adoption Inspires Threat of Fork 547

Posted by timothy
from the tine-to-weigh-priorities dept.
New submitter Tsolias writes It appears that systemd is still a hot topic in the Debian community. As seen earlier today, there is a new movement shaping up against the adoption of systemd for the upcoming stable release [of Debian], Jessie. They claim that "systemd betrays the UNIX philosophy"; it makes things more complex, thus breaking the "do one thing and do it well" principle. Note that the linked Debian Fork page specifically says that the anonymous developers behind it support a proposal to preserve options in init systems, rather than demanding the removal of systemd, and are not opposed to change per se. They just don't want other parts of the system to be wholly dependent on systemd. "We contemplate adopting more recent alternatives to sysvinit, but not those undermining the basic design principles of "do one thing and do it well" with a complex collection of dozens of tightly coupled binaries and opaque logs."
The Internet

Ask Slashdot: Good Hosting Service For a Parody Site? 113

Posted by timothy
from the just-keep-backups dept.
An anonymous reader writes "Ok, bear with me now. I know this is not PC Mag 2014 review of hosting services. I am thinking of getting a parody website up. I am mildly concerned about potential reaction of the parodee, who has been known to be a little heavy handed when it comes to things like that. In short, I want to make sure that the hosting company won't flake out just because of potential complaints. I checked some companies and their TOS and AUPs all seem to have weird-ass restrictions (Arvixe, for example, has a list of unacceptable material that happens to list RPGs and MUDS ). I live in U.S.; parodee in Poland. What would you recommend?"
Graphics

Direct3D 9.0 Support On Track For Linux's Gallium3D Drivers 54

Posted by timothy
from the one-way-or-another dept.
An anonymous reader writes Twelve years after Microsoft debuted DirectX 9.0, open-source developers are getting ready to possibly land Direct3D 9.0 support within the open-source Linux Mesa/Gallium3D code-base. The "Gallium3D Nine" state tracker allows accelerating D3D9 natively by Gallium3D drivers and there's patches for Wine so that Windows games can utilize this state tracker without having to go through Wine's costly D3D-to-OGL translator. The Gallium3D D3D9 code has been in development since last year and is now reaching a point where it's under review for mainline Mesa. The uses for this Direct3D 9 state tracker will likely be very limited outside of using it for Wine gaming.
Wireless Networking

Samsung Achieves Outdoor 5G Mobile Broadband Speed of 7.5Gbps 36

Posted by Soulskill
from the who-needs-landlines dept.
Mark.JUK writes: Samsung has become the first to successfully demonstrate a future 5G mobile network running at speeds of 7.5Gbps in a stationary outdoor environment. They also managed 1.2Gbps while using the same technology and driving around a 4.3km-long race track at speeds of up to 110kph.

Crucially, the test was run using the 28GHz radio spectrum band, which ordinarily wouldn't be much good for mobile networks where wide coverage and wall penetration is an important requirement. But Samsung claims it can mitigate at least some of that by harnessing the latest Hybrid Adaptive Array Technology (HAAT), which uses millimeter wave frequency bands to enable the use of higher frequencies over greater distances. Several companies are competing to develop the first 5G technologies, although consumers aren't expected to see related services until 2020 at the earliest.
Security

Drupal Fixes Highly Critical SQL Injection Flaw 54

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."
Software

Apple Releases CUPS 2.0 178

Posted by Soulskill
from the onward-and-upward dept.
kthreadd writes: 15 years after the release of CUPS 1.0, Apple has now released version 2.0 of the printing system for GNU/Linux and other Unix-style operating systems. One of the major new features in 2.0 is that the test program for ippserver now passes the IPP Everywhere self-certification tests. Also, they've made an interesting blog post looking at the past and future of printing. Since the first major release in 1999, printing has become much more personal. Printer drivers are going away, and mobile usage is now the norm."
Power

Battery Breakthrough: Researchers Claim 70% Charge In 2 Minutes, 20-Year Life 395

Posted by Soulskill
from the but-only-works-for-left-handed-people dept.
New submitter chaosdivine69 writes: According to Scientists at Nanyang Technology University (NTU), they have developed ultra-fast charging batteries that can be recharged up to 70 per cent in only two minutes and have a 20-year lifespan (10,000 charges). The impact of this is potentially a game changer for a lot of industries reliant on lithium ion batteries. In the car industry, for example, consumers would save on costs for battery replacement and manufacturers would save on material construction (the researchers are using a nanotube structure of Titanium dioxide, which is an abundant, cheap, and safe material found in soil). Titanium dioxide is commonly used as a food additive or in sunscreen lotions to absorb harmful ultraviolet rays. It is believed that charging an electric car can be done in as little as 5 minutes, making it comparable to filling up a tank of gasoline.
Privacy

Dropbox Wasn't Hacked, Says Leaked Credentials Are From Unrelated Services 29

Posted by timothy
from the effect-is-the-same-to-users dept.
An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.
Books

Book Review: Scaling Apache Solr 42

Posted by samzenpus
from the read-all-about-it dept.
First time accepted submitter sobczakt writes We live in a world flooded by data and information and all realize that if we can't find what we're looking for (e.g. a specific document), there's no benefit from all these data stores. When your data sets become enormous or your systems need to process thousands of messages a second, you need to an environment that is efficient, tunable and ready for scaling. We all need well-designed search technology. A few days ago, a book called Scaling Apache Solr landed on my desk. The author, Hrishikesh Vijay Karambelkar, has written an extremely useful guide to one of the most popular open-source search platforms, Apache Solr. Solr is a full-text, standalone, Java search engine based on Lucene, another successful Apache project. For people working with Solr, like myself, this book should be on their Christmas shopping list. It's one of the best on this subject. Read below for the rest of sobczakt's review.
Transportation

Four Dutch Uberpop Taxi Drivers Arrested, Fined 282

Posted by timothy
from the not-so-laissez-faire dept.
An anonymous reader writes with news that authorities in the Netherlands have arrested four drivers sharing their car for money through the Uberpop app. The drivers were then released with a fine of EUR 4,200 (USD 5,300) each and further threatened with additional fines of EUR 10,000 (USD 12,600) for each time they might be caught doing it again. While similar bullying applied to short rentals of private rooms through sites like Airbnb hasn't had the same success so far the thoughts go to the fined drivers, hoping they won't ever be caught carrying their grandmother to the supermarket then have to explain how they dared. Uber says it will "fully support" the affected drivers."
The Internet

How Spurious Wikipedia Edits Can Attach a Name To a Scandal, 35 Years On 165

Posted by timothy
from the same-complaint-that-the-dracula-family-has dept.
Andreas Kolbe (2591067) writes For more than six years, Wikipedia named an innocent man as a key culprit in the 1978/79 Boston College point shaving scandal. The name Joe Streater was inserted into Wikipedia by an anonymous user in August 2008. The unsourced insertion was never challenged or deleted, and over time, Streater became widely associated with the scandal through newspaper and TV reports as well as countless blogs and fan sites, all of which directly or indirectly copied this spurious fact from Wikipedia. Yet research shows that Streater, whose present whereabouts are unknown, did not even play in the 1978/79 season. Before August 2008, his name was never mentioned in connection with the scandal. As journalists have less and less time for in-depth research, more and more of them seem to be relying on Wikipedia instead, and the online encyclopedia is increasingly becoming a vector for the spread of spurious information.
Graphics

NVIDIA Presents Plans To Support Mir and Wayland On Linux 80

Posted by Soulskill
from the going-official dept.
An anonymous reader writes: AMD recently presented plans to unify their open-source and Catalyst Linux drivers at the open source XDC2014 conference in France. NVIDIA's rebuttal presentation focused on support Mir and Wayland on Linux. The next-generation display stacks are competing to succeed the X.Org Server. NVIDIA is partially refactoring their Linux graphics driver to support EGL outside of X11, to propose new EGL extensions for better driver interoperability with Wayland/Mir, and to support the KMS APIs by their driver. NVIDIA's binary driver will support the KMS APIs/ioctls but will be using their own implementation of kernel mode-setting. The EGL improvements are said to land in their closed-source driver this autumn while the other changes probably won't be seen until next year.
Security

Interviews: Ask Reuben Paul What Hackers Can Learn From an 8-Year-Old 44

Posted by timothy
from the at-8-I-was-mostly-hiding-behind-the-bleachers dept.
Reuben A. Paul, aka RAPstar, has something of a head-start when it comes to learning about computer security: his father, Mano Paul, has been a security researcher (and instructor) for many years. So Reuben grew up around computers, seeing firsthand that they're neither mysterious nor impregnable. Reuben, though, has a curious mind and his own computer security interests, and a knack for telling others about them; last month, he became the youngest-ever speaker at DerbyCon, and explained some of what he's picked up so far on what kids can learn about security, as well as what the security field can learn from kids. (One hard to dispute nugget: "Kids are the best social engineers, followed by puppies.") Ask of Reuben whatever you'd like, below (please, one question per post), and we'll get answers to selected questions when we catch up with him at next week's Houston Security Conference. (This year's conference is sold out, but there's always 2015.)
AMD

AMD Building New GPU Linux Kernel Driver To Unify With Catalyst Driver 56

Posted by Soulskill
from the playing-well-with-others dept.
An anonymous reader writes: AMD is moving forward with their plans to develop a new open-source Linux driver model for their Radeon and FirePro graphics processors. Their unified Linux driver model is moving forward, albeit slightly different compared to what was planned early this year. They're now developing a new "AMDGPU" kernel driver to power both the open and closed-source graphics components. This new driver model will also only apply to future generations of AMD GPUs. Catalyst is not being open-sourced, but will be a self-contained user-space blob, and the DRM/libdrm/DDX components will be open-source and shared. This new model is more open-source friendly, places greater emphasis on their mainline kernel driver, and should help Catalyst support Mir and Wayland.
Operating Systems

Systemd Adding Its Own Console To Linux Systems 774

Posted by Soulskill
from the if-you-want-something-done-right dept.
An anonymous reader writes: The next version of systemd is poised to introduce an experimental "systemd-consoled" that serves as a user-space console daemon. The consoled furthers the Linux developers' goal of eventually deprecating the VT subsystem found within the Linux kernel in favor of a user-space driven terminal that supports better localization, increased security, and greater robustness of the kernel's seldom touched and hairy CONFIG_VT'ed code.
Security

Infected ATMs Give Away Millions of Dollars Without Credit Cards 83

Posted by Soulskill
from the i'll-order-a-dozen dept.
An anonymous reader writes: Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.
Stats

Nearly 700 Genetic Factors Found To Influence Human Adult Height 68

Posted by Soulskill
from the so-much-for-genetic-height-therapy dept.
damn_registrars writes: A consortium of scientists from many different countries reviewed genome-wide association study data sets of over 250,000 individuals in a search for genetic factors that influence adult height. Looking at Single Nucleotide Polymorphisms, the researchers found 697 distinct genetic markers that can explain some 20 percent of the heritability of human adult height. Previous studies had found around 180 such markers, but the larger sample set increased the ability to detect these changes, both within genes and in non-coding regions. Genes found in this set included ones from pathways not previously connected to skeletal growth.

This study is also significant for the sample size, which allows it to address whether the data from such large sets has a tendency to converge or diverge on genetic pathways; this study particularly favors the latter, which is of great utility toward studying other polygenetic conditions in the future. The original paper is likely paywalled, however the abstract is available for free and some of the collaborators behind it have other bits available for free in the meantime.

HELP!!!! I'm being held prisoner in /usr/games/lib!

Working...