bhima - Slashdot User

Submission + - Stealthy, tricky to remove rootkit targets Linux systems on ARM and x86 (pcworld.com)

Submitted by Kinwolf on Tuesday September 06, 2016 @10:06AM

Kinwolf writes: Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove. Called Umbreon, after a Pokémon character that hides in the darkness, the rootkit has been in development since early 2015, runs from user mode but hijacks libc system calls. According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system.

Submission + - Publishers must let online readers pay for news anonymously (theguardian.com)

Submitted by mspohr on Friday September 02, 2016 @10:58PM

mspohr writes: The Guardian has an opinion piece by Richard Stallman which argues that we should be able to pay for news anonymously.
From the article:
"Online newspapers and magazines have come to depend, for their income, on a system of advertising and surveillance, which is both annoying and unjust.
Readers are rebelling by installing ad blockers, which cut into the publisher’s surveillance-based income. And in response, some sites are cutting off access to readers unless they accept being surveilled. What they ought to do instead is give us a truly anonymous way to pay."
He also (probably not coincidentally) has developed a method to do just that.
"For the GNU operating system, which was created by the free software movement and is typically used with the kernel Linux, we are developing a suitable payment system called GNU Taler that will allow publishers to accept anonymous payments from readers for individual articles. "

Submission + - How stingray is zapping the fourth amendment

Submitted by Presto Vivace on Saturday May 21, 2016 @11:30AM

Presto Vivace writes: How Militarized Cops Use the Intrusive Technology Stingray, and Much More, to Intrude on Our Rights — Police nationwide are secretly exploiting intrusive technologies with the feds' complicity.
Thanks to this call-and-response process, the Stingray knows both what cell phones are in the area and where they are. In other words, it gathers information not only about a specific suspect, but any bystanders in the area as well. While the police may indeed use this technology to pinpoint a suspect’s location, by casting such a wide net there is also the potential for many kinds of constitutional abuses—for instance, sweeping up the identities of every person attending a demonstration or a political meeting. Some Stingrays are capable of collecting not only cell phone ID numbers but also numbers those phones have dialed and even phone conversations. In other words, the Stingray is a technology that potentially opens the door for law enforcement to sweep up information that not so long ago wouldn’t have been available to them.

This is why it matters who wins the mayor and city council races. Localities do not have to accept this technology.

Submission + - Sci-hub domain been shut down by Elsevier (torrentfreak.com)

Submitted by Taco Cowboy on Thursday May 05, 2016 @02:05AM

Taco Cowboy writes: Several ‘backup’ domain names are still in play, including Sci-Hub.bz and Sci-Hub.cc

In addition to the alternative domain names users can access the site directly through the IP-address 31.184.194.81

Its TOR domain is also still working — http://scihub22266oqcxt.onion/

Authorized or not, there is definitely plenty of interest in Sci-Hub’s service. The site currently hosts more than 51 million academic papers and receives millions of visitors per month

Many visits come from countries where access to academic journals is limited, such as Iran, Russia or China. But even in countries where access is more common, many researchers visit the site, an analysis from Science magazine revealed last week

Submission + - $40 of hardware is enough to hijack $28k professional drones from 2km away (theregister.co.uk)

Submitted by mask.of.sanity on Friday April 01, 2016 @01:45AM

mask.of.sanity writes: Thieves can hijack US$28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from 2km away thanks to a lack of encryption which is not present due to latency overheads.

Submission + - Mass surveillance silences minority opinions, according to study

Submitted by sittingnut on Monday March 28, 2016 @11:40PM

sittingnut writes: According to a study(pdf) by Elizabeth Stoycheff, from Wayne State University, published in Journalism and Mass Communication Quarterly, and referred to in Washington Post, "knowing one is subject to surveillance and accepting such surveillance as necessary, act as moderating agents in the relationship between one’s perceived climate of opinion and willingness to voice opinions online." In other words, "knowledge of government surveillance causes people to self-censor their dissenting opinions online". This study adds to the well-researched phenomenon, known as “spiral of silence”, of people suppressing unpopular opinions to fit in, by explicitly examining how government surveillance affects self-censorship. Participants who claimed, they don't break any laws and don't have anything to hide, and tended to support mass surveillance as necessary for national security, were the most likely to silence their minority opinions.

Submission + - India forged Google SSL certificates

Submitted by NotInHere on Wednesday July 09, 2014 @08:20PM

NotInHere writes: As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA.

Submission + - How Vacuum Tubes, New Technology Might Save Moore's Law (hothardware.com)

Submitted by MojoKid on Monday June 23, 2014 @07:57PM

MojoKid writes: The transistor is one of the most profound innovations in all of human existence. First discovered in 1947, it has scaled like no advance in human history; we can pack billions of transistors into complicated processors smaller than your thumbnail. After decades of innovation, however, the transistor has faltered. Clock speeds stalled in 2005 and the 20nm process node is set to be more expensive than the 28nm node was for the first time ever. Now, researchers at NASA believe they may have discovered a way to kickstart transistors again — by using technology from the earliest days of computing: The vacuum tube. It turns out that when you shrink a Vacuum transistor to absolutely tiny dimensions, you can recover some of the benefits of a vacuum tube and dodge the negatives that characterized their usage. According to a report, vacuum transistors can draw electrons across the gate without needing a physical connection between them. Make the vacuum area small enough, and reduce the voltage sufficiently, and the field emission effect allows the transistor to fire electrons across the gap without containing enough energy to energize the helium inside the nominal "vacuum" transistor. According to researchers, they've managed to build a successful transistor operating at 460GHz — well into the so-called Terahertz Gap, which sits between microwaves and infrared energy.

Submission + - Mt. Gox CEO Returns to Twitter, Enrages Burned Investors

Submitted by Anonymous Coward on Thursday June 19, 2014 @06:17PM

An anonymous reader writes: Mark Karpeles doesn't seem to understand how much anger and trouble the $400 million Mt. Gox fiasco caused his customers. According to Wired: "After a long absence, the Mt Gox CEO has returned to Twitter with a bizarre string of tone-deaf tweets that were either written by a Turing test chat bot, or by a man completely oblivious to the economic chaos he has wrought. His first message after losing hundreds of millions of dollars worth of bitcoins? 'What would we do without busybox?'—a reference to a slimmed-down Linux operating system used on devices such as routers. He’s also Tweeted about a noodle dish called yakisoba and Japanese transportation systems." Andreas Antonopoulos, the CSO with Blockchain says, "He continues to be oblivious about his own failure and the pain he has caused others. He is confirming that he is a self-absorbed narcissist with an inflated sense of self-confidence who has no remorse.”

Submission + - German Intel Agency Helps NSA Tap Fiber Optic Cables in Germany 2

Submitted by Anonymous Coward on Thursday June 19, 2014 @04:39PM

An anonymous reader writes: Der Spiegel has written a piece on the extent of collaboration between Germany's intelligence agency, Bundesnachrichtendienst (BND), and the U.S.'s National Security Agency (NSA). The sources cited in the piece do reveal BND's enthusiastic collusion in enabling the NSA to tap fiber optic cables in Germany, but they seem inconclusive as to how much information from the NSA's collection activity in the country is actually shared between the NSA and BND. Of note is evidence that the NSA's collection methods do not automatically exclude German companies and organizations from their data sweep; intelligence personnel have to rectro-actively do so on an individual basis when they realize that they are surveilling German targets. Germany's constitution protects against un-warranted surveillance of correspondence, either by post or telecommunications, of German citizens in Germany or abroad and foreigners on German soil.

Submission + - Quantum or not, controversial computer runs no faster than a normal one (sciencemag.org)

Submitted by sciencehabit on Thursday June 19, 2014 @02:24PM

sciencehabit writes: The D-Wave computer, marketed as a groundbreaking quantum machine that runs circles around conventional computers, solves problems no faster than an ordinary rival, a new test shows. Some researchers call the test of the controversial device, described online today in Science, the fairest comparison yet. But D-Wave argues that the computations used in the study were too easy to show what its novel chips can do.

Submission + - Ask Slashdot: What's the best rapid development language to learn today? 2

Submitted by Anonymous Coward on Sunday June 15, 2014 @12:34AM

An anonymous reader writes: Many years ago, I was a coder—but I went through my computer science major when they were being taught in Lisp and C. These days I work in other areas, but often need to code up quick data processing solutions or interstitial applications. Doing this in C now feels archaic and overly difficult and text-based. Most of the time I now end up doing things in either Unix shell scripting (bash and grep/sed/awk/bc/etc.) or PHP. But these are showing significant age as well.

I'm no longer the young hotshot that I once was—I don't think that I could pick up an entire language in a couple of hours with just a cursory reference work—yet I see lots of languages out there now that are much more popular and claim to offer various and sundry benefits.

I'm not looking to start a new career as a programmer—I already have a career—but I'd like to update my applied coding skills to take advantage of the best that software development now has to offer.

Ideally, I'd like to learn a language that has web relevance, mobile relevance, GUI desktop applications relevance, and also that can be integrated into command-line workflows for data processing—a language that is interpreted rather than compiled, or at least that enables rapid, quick-and-dirty development, since I'm not developing codebases for clients or for the general software marketplace, but rather as one-off tools to solve a wide variety of problems, from processing large CSV dumps from databases in various ways to creating mobile applications to support field workers in one-off projects (i.e. not long-term applications that will be used for operations indefinitely, but quick solutions to a particular one-time field data collection need).

I'm tired of doing these things in bash or as web apps using PHP and responsive CSS, because I know they can be done better using more current best-of-breed technologies. Unfortunately, I'm also severely strapped for time—I'm not officially a coder or anything near it; I just need to code to get my real stuff done and can't afford to spend much time researching/studying multiple alternatives. I need the time that I invest in this learning to count.

Others have recommended Python, Lua, Javascript+Node, and Ruby, but I thought I'd ask the Slashdot crowd: If you had to recommend just one language for rapid tool development (not for the development of software products as such—a language/platform to produce means, not ends) with the best balance of convenience, performance, and platform coverage (Windows, Mac, Unix, Web, Mobile, etc.) what would you recommend, and why?

Submission + - Deforestation Depletes Fish Stocks

Submitted by Rambo Tribble on Saturday June 14, 2014 @11:00AM

Rambo Tribble writes: Adding to the well-known fish-killing effects deforestation has in increasing turbidity and temperature in streams, a study published in Nature Communications, (abstract, PDF access), demonstrates deforestation causes a depletion of nutrients in associated lake aquatic ecosystems and, as a consequence, impacted fish stocks. Lead author Andrew Tanentzap is quoted as saying, 'We found fish that had almost 70% of their biomass made from carbon that came from trees and leaves instead of aquatic food chain sources.' This has troubling implications as, 'It's estimated that freshwater fishes make up more than 6% of the world's annual animal protein supplies for humans ...' Additionally, this may have significance in regard to anadromous species, such as salmon, which help power ocean ecosystems. The BBC offers more approachable coverage.

Submission + - Online shoppers across Europe now have new rights

Submitted by mrspoonsi on Saturday June 14, 2014 @08:24AM

mrspoonsi writes: Previously, anyone who bought a product online was allowed seven business days during which they were able to change their mind and return the product for a full refund. This ‘cooling-off period’, during which a refund can be requested without being required to give a reason for the cancellation, has now been extended to fourteen calendar days from the date on which the goods are received. Online retailers and providers are now also banned from 'pre-ticking' optional extras on order forms, such as those adding insurance to the cost of a purchase. For the first time, laws have also been introduced to offer a cooling-off period for digital content, including music, films and books, as BBC News reports. Consumers may now cancel an order for digital content within fourteen days, but only if they have not downloaded it.

Comment This is old news (Score 1) 80

by bhima on Saturday May 31, 2014 @08:22AM (#47135097) Attached to: German Intelligence Agency Planning To Follow Big NSA Brother On Shoestring

I live in Austria and for the past decade there has been a steady stream of news indicating that several European governments have on going programing which are similar and/or complementary to those the Americans are running.

Moreover, as is the case with reports dealing with American programs, when they say "will soon implement", "working on", or "future programs" it's most often the case that such programs are already in place and now what is being worked on is mechanism to use the data they produce in the prosecution regular domestic crimes.

Slashdot Top Deals