By timothy from Slashdot's trustworthy-computing-of-course department
wiredmikey writes "As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how."
And an anonymous reader adds a note that Flame's infrastructure is massive
: "over 80 different C&C domains, pointed to over 18 IP addresses located in Switzerland, Germany, the Netherlands, Hong Kong, Poland, the UK, and other countries."Read Replies (0)
By timothy from Slashdot's why-don't-you-render-off-site-and-pay-for-it? department
It's not the first such attempt; here's a post from a few years back
about one called Smokescreen
, and another about QuickTime programmer Steve Perlman's subscription-based workaround
for iDevices.Read Replies (0)
By Unknown Lamer from Slashdot's two-devices-for-the-price-of-three department
writes with the scoop on Asus's new Transformer tablet/laptop devices: "If you've ever looked at an Asus Transformer and wished that it was slightly bigger, had an x86 processor, and ran Windows, I have good news: At Computex in Taiwan, Asus has unveiled just that. Dubbed the Transformer Book, this isn't some wimpy Atom-powered thing either: This Transformer will ship with a range of Ivy Bridge Core i3/5/7 processors and discrete Nvidia graphics. Like its Android-powered predecessors, the Transformer Book is a touchscreen tablet computer that plugs into keyboard docking station, effectively becoming a laptop (or ultrabook, if you prefer). Rounding out the specs, the Transformer Book will come in a range of models (11.6, 13, and 14 inches), your choice of SSD or HDD, up to 4GB of RAM. All three models will have an IPS display capable of full HD (1920×1080). There's a webcam on the front of the tablet portion of the Transformer, and a 5-megapixel shooter on the back. There's no mention of wireless connectivity, but presumably there's Bluetooth and WiFi; on the wired side, there seems to be only a single micro-HDMI socket (on the tablet), and a USB socket (on the keyboard/dock). On the software side, the Transformer Book will of course run Windows 8. It all sounds great — but Asus kept one tiny tidbit out of its presentation: battery life."
Aside from the Nvidia graphics (which, from the looks of it, can be disabled for the on-chip output), perhaps this could be the first "tablet" capable of running fully Free Software? (UEFI evil
aside).Read Replies (0)
By Unknown Lamer from Slashdot's listening-to-actual-users-instead-of-unicorns department
writes "KDE released the first beta for its version 4.9 of Workspaces, Applications, and Development Platform. With API, dependency and feature freezes in place, the KDE team's focus is now on fixing bugs and further polishing new and old functionality. Highlights of 4.9 include, but are not limited to: Qt Quick in Plasma Workspaces, many improvements in Dolphin file manager, deeper integration of Activities, and many performance improvements. The KDE Community is committed to improving quality substantially with a new program that starts with the 4.9 releases. The 4.9 beta releases are the first phase of a testing process that involves volunteers called 'Beta Testers.' They will receive training, test the two beta releases and report issues through KDE Bugzilla."
I was recently forced into installing GNOME 3 (who knew printing required removing GNOME 2); after trying for a while to get Sawfish working again in the deprecated fallback mode, I gave up and tried KDE again. I have to say that I was surprised: KDE 4.5 was unpolished and painful to use whereas 4.7 is pretty slick. With the GNOME 3 developers catering to some seemingly mythical user, it's nice to see the other major desktop using user feedback to make design decisions.Read Replies (0)