NSA Says It Foiled Plot To Destroy US Economy Through Malware
Airgap-Jumping Malware May Use Ultrasonic Networking To Communicate
"Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"
More Students Learn CS In 3 Days Than Past 100 Years
Review: Puppet Vs. Chef Vs. Ansible Vs. Salt
and two positives make it a negative :)
Physicists Discover Geometry Underlying Particle Physics
The Slashdot headline, not the physics.
DARPA Begins Work On 100Gbps Wireless Tech With 120-mile Range
This is actually a DARPA help wanted ad. And from description of the project sounds like a good job opportunity for some slashdoters.
here is the ad:
and here is the proposers' day conference:
Ask Slashdot: Server Room Toolbox?
in my case, poor/bad cables, especially the ones you buy, rather than ones you make, rank very low on things that actually happen. before I check the actual cable I do other things:
1. see if nic led is on, both on router and computer
2. ping the gateway
3. see if there was traffic on the nic
4. re-seat the cable, especially if plastic clip is missing - if that is the case I change the cable.
5. if distance is short, replace cable
had an interesting experience with a bad "connection". One summer the well pump, which is drilled inside the old stone well, 80 ft below ground, stopped working. The plumber comes, he climbs half way down the stone well in order to reach the well-cap, takes the entire pump+hose+wire (80ft) out, tests the pump, concludes that the pump is dead, replaces the pump, the wire (80ft), and makes a new water-tight connection. A year later the pump stops working again and I call the same plumber. My instinct was that the water-tight connection, 80 ft below ground, leaked, and made a short. The plumber comes, and rather than pulling out 80ft of pump to test the water-tight connection, the first thing he does is disconnect the pump from the mechanical fuse. And guess what... the mechanical fuse was bad. The fuse would trip even when there was nothing connected to it.
Ask Mark Shuttleworth Anything
1. Do you think the touch screen interface already the standard on phones and tablets will replace the traditional standard of keyboard & mouse interface on desktops/laptops in the next 5 years, 10 years, 20 years?
2. On a desktop/laptop, do you think a touch screen interface would be as functional/productive/efficient as keyboard & mouse?
Mozilla MemShrink Set To Fix Firefox Memory
you right... It has not been a decade, but it does have memory issues since the beginning of FF.
Mozilla MemShrink Set To Fix Firefox Memory
FF had memory issues a DECADE ago.
Checkpoint of the Future Coming Soon To Airports
i can see why the nerds might be upset.
NATO Report Threatens To 'Persecute' Anonymous
from the NATO document: http://www.nato-pa.int/default.asp?SHORTCUT=2443
 Reducing Systemic Cybersecurity Risk, OECD/IFP Project on “Future Global Shocks”. ”. By Peter Sommer and Ian Brown. January 2011.
“Reducing Systemic Cybersecurity Risk”
I think the NATO paragraph is supposed to paraphrase this quote on p32:
"The main practical limitations to hacktivism are that the longer the attack persists the more likely it is that counter-measures are developed and put in place, perpetrators identified, and groups penetrated by law enforcement investigators."
Ask Slashdot: Good Homeschool Curriculum For CS??
here are the schools in NYC that match CS
Introduction to Computer Science (Section 01) @ The Bronx HS
the math page which includes the CS at Bronx HS
and the different match/cs course offered
Ask Slashdot: Best Linux Distro For Computational Cluster?
care to provide a link to that "informative" claim, and please don't say OpenAFS.
Red Hat Nears $1 Billion In Revenues, Closing Door On Clones
just found out a new RHEL clone (thanks to distrowatch.com News 03.21.2011) - PUIAS http://puias.math.ias.edu/ is an RHEL clone "... started long before CentOS or other projects were available."
The question is: if CentOS fizzles for whatever reasons, how many will switch to one of the less than 5, one-man-show RHEL clone, how many will dig in and pay for RHEL, and how many will switch to non-RHEL?
What Pinball Looks Like When the Stakes Are High
At least in Firefox, "Zoom Out" is also an option.
Interview With the Man Behind WikiLeaks
Very Medieval, but do you mean something like the "Fourth Estate" - http://en.wikipedia.org/wiki/Fourth_estate
or the "Fifth Estate" - http://en.wikipedia.org/wiki/Fifth_Estate ?
the other Estates http://en.wikipedia.org/wiki/Third_Estate#Third_Estate
More Gas Station Credit-Card Skimmers
A link http://www.networkworld.com/community/blog/newest-attack-your-credit-card-atm-shims?t51hb&hpg1=mp in the original story, entitled "Newest Attack on your Credit Card: ATM Shims" has some interesting information:
"The shim needs to be extremely thin and flexible. In fact it must be less than 0.1mm"
"The shim is inserted using a "carrier card" that holds the shim, inserts it into the card slot and locks it into place on the internal reader contacts."
"Once inserted, the shim is not visible from the outside of the machine. The shim then performs a man-in-the-middle attack between an inserted credit card and the circuit board of the ATM machine."
"flexible shims are recently being mass produced and widely used in certain parts of Europe"
"Diebold released five new anit-skimming protection levels for its ATM devices june 1st 2010...Unfortunately, none of these helps with the shim skimming attack. That problem has yet to be solved mechanically yet."
Network Adapter Keeps Talking While a PC Is Asleep
and my comment to the first story: http://slashdot.org/comments.pl?sid=1213805&cid=27741803
I'm guessing the inventor's statistics "In the office environment, 52% of respondents left their machines on for remote access, and 35% did so to support applications running in the background, of which e-mail and IM were most popular (47%)." are still true.
Strong Passwords Not As Good As You Think
Is this the whole "piece" he wrote?
Is Linux's "Overall Market Share" Statistic Meaningful?
"In statistics, a result is called statistically significant if it is unlikely to have occurred by chance. "A statistically significant difference" simply means there is statistical evidence that there is a difference; it does not mean the difference is necessarily large, important, or significant in the common meaning of the word....
The significance level is usually represented by the Greek symbol, (alpha). Popular levels of significance are 5%, 1% and 0.1%. If a test of significance gives a p-value lower than the -level, the null hypothesis is rejected...."
Browzer hasn't submitted any stories.
Browzer has no journal entries.