Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - Over 40 vulnerable Windows device drivers have been discovered (eclypsium.com)

Submitted by Artem S. Tashkinov
Artem S. Tashkinov writes: Researchers from security company Eclypsium have discovered that more than forty drivers from at least twenty different vendors – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei – include critical vulnerabilities allowing an escalation of privileges full system level access. Considering how widespread these drivers are, and the fact that they are digitally signed by Microsoft, they allow an attacker to more successfully penetrate target systems and networks, as well as remain hidden. Also some of these drivers "are designed to update firmware, the driver is providing not only the necessary privileges, but also the mechanism to make changes" which means the attacker can gain a permanent foothold. Eclypsium has already notified Microsoft about the issues and at least NVIDIA has already released fixed drivers.

Submission + - Who Owns Your Wireless Service? Crooks Do (krebsonsecurity.com)

Submitted by trolman
trolman writes: Brian Krebs states "Who Owns Your Wireless Service? Crooks Do."

If you are somehow under the impression that you — the customer — are in control over the security, privacy and integrity of your mobile phone service, think again. And you’d be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel.

Comment Re:They'd catch shit if they didn't do this, too. (Score 1) 63

by trolman (#59058338) Attached to: Microsoft Contractors Are Listening To Some Skype Calls
Armed citizens are safe citizens. Don't let the politicians divide us.

Here is how they Divide and conquer the masses to pass their laws:
Anti-gun Politicians say they’re not against the use of firearms for all purposes. They say they’re against the use of firearms for some purposes. Like self-defense.

Anti-gun politicians claim they’d never dream of prohibiting guns. They’re only trying to control guns.

Anti-gun politicians claim they’re not prohibiting guns. They’re registering them. They’re regulating. They’re restricting. They’re licensing. They’re taxing. They’re suing — and allowing law suits against honest guns owners, gun manufacturers, and gun dealers.

The Gun Prohibitionists tell us they’re not prohibiting your guns; they’re prohibiting other people’s guns.

They say they’re not prohibiting gun ownership, they’re prohibiting buying and selling.

They’re not prohibiting guns; they’re prohibiting bullets and gun reloading materials and gunpowder and holsters.

They’re not prohibiting guns. They’re merely requiring people who own guns to have child-proof trigger locks. And criminal-proof homes so their guns can never be stolen.


Divide and Conquer. You get the idea.
They say they’re not prohibiting gun manufacture. They’re merely prohibiting manufacture of certain bad guns, wrong guns, or dangerous-looking guns.
They’re not prohibiting gun manufacture. They’re just prohibiting how guns can be transported to gun stores.
They’re not prohibiting gun possession. They’re merely prohibiting how you carry it when you carry it, and where you carry it.
Chapter 180 is not prohibiting your guns. It’s merely prohibiting other people’s guns.

Comment Skype used to be private (Score 3, Informative) 63

by trolman (#59058284) Attached to: Microsoft Contractors Are Listening To Some Skype Calls
Before Microsoft purchased and subsequently re-engineered Skype it was difficult to intercept and record. Now it is trivial to subpoena MS for a copy of any conversation. Now it is trivial to monitor Skype conversations. https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fyro.slashdot.org%2Fstory... and https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fyro.slashdot.org%2Fstory...

Comment Re:Potential sleep deficit anxiety !!! (Score 1) 271

by trolman (#59058160) Attached to: A Quarter of Humanity Faces Looming Water Crises
People need some kind of enemy otherwise how would they be controlled?

The latest fear headlines

Coca-Cola fears that climate change will cause water shortages

Why fresh water shortages will cause the next great global crisis

Try this for a change
Capture those anxiety-inducing thoughts
Be aware, but don’t fixate
Practice mindfulness and meditation
Develop personal mantras and affirmations
Employ logic
Take control of what you can, accept the things you can’t
Recognize that some fear is healthy
 https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.rewire.org%2Fliving%2F...

Submission + - New Spectre-like CPU Vulnerability Bypasses Existing Defenses (csoonline.com)

Submitted by itwbennett
itwbennett writes: Researchers from security firm Bitdefender discovered and reported a year ago a new CPU vulnerability that 'abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre,' writes Lucian Constantin for CSO. There are three attack scenarios involving SWAPGS, the most serious of which 'can allow attackers to leak the contents of arbitrary kernel memory addresses. This is similar to the impact of the Spectre vulnerability.' Microsoft released mitigations for the vulnerability in July's Patch Tuesday, although details were withheld until August 6 when Bitdefender released its whitepaper and Microsoft published a security advisory.

Submission + - Remember autorun.inf malware in Windows? Turns out KDE offers something similar (zdnet.com)

Submitted by Artem S. Tashkinov
Artem S. Tashkinov writes: A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing. The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below. The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with a large number of Linux distributions.

The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files. It was discovered that malicious .desktop and .directory files could be created that could be used to run malicious code on a user's computer. When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction — such as running the file.

Zero user interaction is required to trigger code execution — all you have to do is to browse a directory with a malicious file using any of KDE file system browsing applications like Dolphin.

Submission + - Microsoft Catches Russian State Hackers Using IoT Devices To Breach Networks (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday. “These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”

Microsoft researchers discovered the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in multiple customer locations were communicating with servers belonging to “Strontium,” a Russian government hacking group better known as Fancy Bear or APT28. In two cases, the passwords for the devices were the easily guessable default ones they shipped with. In the third instance, the device was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the attacks, they said they weren’t able to determine what the group’s ultimate objectives were.

Submission + - Physicists Overturn a 100-Year-Old Assumption on How Brain Cells Work. (sciencealert.com)

Submitted by Anonymous Coward
An anonymous reader writes:

In 1907 a French neuroscientist named Louis Lapicque proposed a model to describe how the voltage of a nerve cell's membrane increases as a current is applied.

Once reaching a certain threshold, the neuron reacts with a spike of activity, after which the membrane's voltage resets.

What this means is a neuron won't send a message unless it collects a strong enough signal.

Lapique's equations weren't the last word on the matter, not by far. But the basic principle of his integrate-and-fire model has remained relatively unchallenged in subsequent descriptions, today forming the foundation of most neuronal computational schemes.

According to the researchers, the lengthy history of the idea has meant few have bothered to question whether it's accurate.

"We reached this conclusion using a new experimental setup, but in principle these results could have been discovered using technology that has existed since the 1980s," said lead researcher Ido Kanter at the time.

"The belief that has been rooted in the scientific world for 100 years resulted in this delay of several decades."

Science, unsettled

Slashdot Top Deals

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Close