By EditorDavid from Slashdot's bit-flipping-tricks department
An anonymous Slashdot reader writes:
Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...
Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."Read Replies (0)
By EditorDavid from Slashdot's reusable-rockets department
Saturday a SpaceX rocket completed the company's fourth successful landing at sea (watched by over 100,000 viewers on YouTube and Flickr). Saturday's landing means Elon Musk's company has now recovered more than half the rockets they've launched. An anonymous Slashdot reader quotes Saturday's report from The Verge:
Tonight's landing was particularly challenging for SpaceX... The Falcon 9 had to carry its onboard satellite -- called JCSAT-16 -- into...a highly elliptical orbit that takes the satellite 20,000 miles out beyond Earth's surface. Getting to GTO requires a lot of speed and uses up a lot of fuel during take off, more so than getting to lower Earth orbit. That makes things difficult for the rocket landing afterward...there's less fuel leftover for the vehicle to reignite its engines and perform the necessary landing maneuvers.
CEO Elon Musk said the company is aiming to launch its first landed rocket sometime this fall...SpaceX's president, Gwynne Shotwell, estimates that reusing these landed Falcon 9 vehicles will lead to a 30 percent reduction in launch costs.
SpaceX named their drone ship "Of Course I Still Love You."Read Replies (0)
By EditorDavid from Slashdot's predicting-the-future department
"The world's next energy revolution is probably no more than five or ten years away," reports The Telegraph. "Cutting-edge research into cheap and clean forms of electricity storage is moving so fast that we may never again need to build 20th Century power plants in this country..." Slashdot reader mdsolar quotes their article:
The US Energy Department is funding 75 projects developing electricity storage, mobilizing teams of scientists at Harvard, MIT, Stanford, and the elite Lawrence Livermore and Oak Ridge labs in a bid for what it calls the "Holy Grail" of energy policy. You can track what they are doing at the Advanced Research Projects Agency-Energy (ARPA-E). There are plans for hydrogen bromide, or zinc-air batteries, or storage in molten glass, or next-generation flywheels, many claiming "drastic improvements" that can slash storage costs by 80pc to 90pc and reach the magical figure of $100 per kilowatt hour in relatively short order. "Storage is a huge deal," says Ernest Moniz, the U,S. Energy Secretary and himself a nuclear physicist. He is now confident that the U.S. grid and power system will be completely "decarbonized" by the middle of the century.
One energy consultant predicts the energy storage market will be worth $90 billion in 2025 -- 100 times larger than it is today.Read Replies (0)
By EditorDavid from Slashdot's car-alarm department
Long-time Slashdot reader chicksdaddy quotes a report from Security Ledger:
One of every five software vulnerabilities discovered in vehicles in the last three years are rated "critical" and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive. "These are the high priority 'hair on fire' vulnerabilities that are easily discovered and exploited and can cause major impacts to the system or component," the firm said in its report...
The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation... The result is that vehicle cybersecurity vulnerabilities are not solvable using "bolt-on" solutions, IOActive concluded...
The article argues we're years away from standards or regulations, while describing auto-makers as "wedded to the notion that keeping the details of their systems secret will ensure security."Read Replies (0)
By EditorDavid from Slashdot's memories-of-1993 department
An anonymous reader writes: Tim Gihring at MinnPost talks to the creators of what was, briefly, the biggest thing in the internet, Gopher. Gopher, for those who don't know or have forgotten, was the original linked internet application, allowing you to change pages and servers easily, though a hierarchical menu system. It was quick, it was easy to use, and important for this day and age, it didn't have Flash.
The article remembers Tim Berners-Lee describing the idea of a worldwide web at a mid-March, 1992 meeting of the Internet Engineering Task Force, at a time when Gopher "was like the Web but more straightforward, and it was already working."
Gopher became magnitudes more popular -- both MTV and the White House announced Gopher sites -- leading to GopherCons around the country. Just curious -- how many Slashdot readers today remember using Gopher?Read Replies (0)
By EditorDavid from Slashdot's do-not-pass-Go department
He grew up in San Jose, and at the age of 25 sold his second online advertising company to Yahoo for $300 million just nine years ago. Friday Gurbaksh Chahal was sentenced to one year in jail for violating his probation on 47 felony charges from 2013, according to an article in The Guardian submitted by an anonymous Slashdot reader:
Police officials said that a 30-minute security camera video they obtained showed the entrepreneur hitting and kicking his then girlfriend 117 times and attempting to suffocate her inside his $7 million San Francisco penthouse. Chahal's lawyers, however, claimed that police had illegally seized the video, and a judge ruled that the footage was inadmissible despite prosecutors' argument that officers didn't have time to secure a warrant out of fear that the tech executive would erase the footage.
Without the video, most of the charges were dropped, and Chahal, 34, pleaded guilty to two misdemeanor battery charges of domestic violence... In Silicon Valley, critics have argued that Chahal's case and the lack of serious consequences he faced highlight the way in which privileged and wealthy businessmen can get away with serious misconduct.. On September 17, 2014, prosecutors say he attacked another woman in his home, leading to another arrest. Friday Chahal was released on bail while his lawyer appeals the one-year jail sentence for violating his probation.Read Replies (0)
By EditorDavid from Slashdot's voting-twice-for-$15 department
An anonymous Slashdot reader quotes a report from CBS News:
For the hackers at Symantec Security Response, Election Day results could be manipulated by an affordable device you can find online. "I can insert it, and then it resets the card, and now I'm able to vote again," said Brian Varner, a principle researcher at Symantec, demonstrating the device...
Symantec Security Response director Kevin Haley said elections can also be hacked by breaking into the machines after the votes are collected. "The results go from that machine into a piece of electronics that takes it to the central counting place," Haley said. "That data is not encrypted and that's vulnerable for manipulation."
40 states are using a voting technology that's at least 10 years old, according to the article. And while one of America's national election official argues that "there are paper trails everywhere," CBS reports that only 60% of states conduct routine audits of their paper trails, while "not all states even have paper records, like in some parts of swing states Virginia and Pennsylvania, which experts say could be devastating."Read Replies (0)
By EditorDavid from Slashdot's Second-Generation-Robotic-Droid-Series-2 department
An anonymous Slashdot reader quotes The Guardian:
The British actor who played R2-D2 in the Star Wars films has died at the age of 81 after a long illness. Kenny Baker, who was 3-feet 8-inches tall, shot to fame in 1977 when he first played the robot character.
He went on to play the character in The Empire Strikes Back and Return of the Jedi, as well as the three Star Wars prequels from 1999 to 2005. He also appeared in a number of other much loved films in the 1980s, including The Elephant Man, Time Bandits and Flash Gordon.
Baker's niece told the newspaper that "He brought lots of happiness to people and we'll be celebrating the fact that he was well loved throughout the world..."Read Replies (0)
By EditorDavid from Slashdot's serious-replies-only department
An anonymous Slashdot reader writes:
The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity." Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."Read Replies (0)
By EditorDavid from Slashdot's we-are-still-alone department
Long-time Slashdot reader sehlat shares "a highly accessible summary" of a new theory about why we haven't yet find life on other planets -- that "we're not latecomers, but very, very early." From Lab News:
The universe is 13.8 billion years old, with Earth forming less than five billion years ago. One school of thought among scientists is that there is life billions of years older than us in space. But this recent study in the Journal of Cosmology and Astroparticle Physics argues otherwise... "We find that the chance of life grows much higher in the distant future..."
Stars larger than approximately three times the Sun's mass will perish before life has a chance to evolve... The smallest stars weigh less than a tenth as much as the sun and will glow for 10 trillion years, meaning life has lot of time to begin on those planets orbiting them in the 'habitable zone'. The probability of life increases over time so the chance of life is many times higher in the distant future than now.
The paper ultimately concludes that life "is most likely to exist near 0.1 solar-mass stars ten trillion years from now."Read Replies (0)
By EditorDavid from Slashdot's 73-years-after-the-original department
An anonymous reader quotes The Verge:
GoldenEye: Source received its first update in more than three years this week. It's free to download and it features 25 recreated maps, 10 different multiplayer modes, and redesigned versions of the original game's 28 weapons. It was created using Valve's Source engine, the same set of tools used to create Counter Strike and Half-Life games. So it's a massive step up in both visuals and performance for one of the more drastically dated gaming masterpieces of the last 20 years...
GoldenEye 007, the beloved N64 first-person shooter, has been recreated in high-definition glory by a team of dedicated fans over the course of 10 years...the attention to detail and the amount of effort that went into GoldenEye: Source make it one of the most polished HD remakes of a N64 classic.
With 8 million copies sold, Wikipedia calls it the third best-selling Nintendo 64 game of all-time (although this version doesn't recreate its single-player campaigns). Anyone have fond memories of playing Goldeneye 007?Read Replies (0)
By EditorDavid from Slashdot's another-Android-exploit department
Trailrunner7 quotes a report from OnTheWire:
: Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor's TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. The techniques are similar to some used against Intel x86 processor-based systems, but the team from Graz University of Technology in Austria shows that they can be used on ARM-based systems, such as Android phones, as well. "Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen," the researchers wrote in their paper, which was presented at the USENIX Security Symposium this week.
It's a proof-of-concept attack. But interestingly, another recently-discovered Android vulnerability also required the user to install a malicious app -- and then allowed attackers to take full control of the device.Read Replies (0)
By EditorDavid from Slashdot's bookkeepers-know-all department
Skully raised $2.4 million on Indiegogo in 2014 to manufacture motorcycle helmets with built-in Augmented Reality. Now they're filing for bankruptcy, and informing customers that refunds are unlikely on their $1,500 pre-ordered helmets. But a lawsuit filed by Skully bookkeeper Isabelle Faithhauer "claims the Wellers used the funds raised by the Indiegogo campaign and a secondary $11 million round of funding in 2015 as their personal 'piggy banks' to buy several motorcycles, two Dodge Vipers, groceries, and so on," according to a Digital Trends article shared by KingGypsy:
The Wellers took trips to Bermuda and Hawaii using company funds, she said, went to strip clubs, rented a Lamborghini, and paid for personal housekeeping services on the company credit card, as well as paying out funds ranging from $500 to $80,000. Lastly, she claims that the Wellers asked her to fudge the books to obscure the expenses. Faithhauer claims that when accountants came calling with questions about the expenses, she was up front about what was going on. She says that when she took a pre-approved vacation to Disneyland in December of 2015, she was fired upon her return and offered a severance package, which the suit calls "hush money." She declined the offer.
"Following her termination at Skully, Faithhauer claims that when she found a new job, her new employer contacted the Wellers at Skully and were told she could not be trusted with confidential information. She was fired from that job as well."Read Replies (0)