Smartango

Sniper223 notes a PC World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is said to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: "Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking."

Read more of this story at Slashdot.

An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.

Read more of this story at Slashdot.

billybob2 writes "VIA has released 16,434 Lines Of Free & Open Source code that enables Linux natively to use the framebuffer on VIA's graphics chipsets. This comes a month after VIA announced that it will provide Open-Source drivers and documentation on its Web site so that its hardware will work out of the box with Linux distributions. This gives VIA-powered systems that come pre-installed with Linux — such as the gPC, 15.4" gBook, CloudBook, and Zonbu — the ability to output graphics through digital connections such as HDMI, and probably makes them the best-supported framebuffers Linux has ever had. Look forward to documentation and X.org drivers from VIA as well in the near future."

Read more of this story at Slashdot.

Consul writes "What is the oldest piece of code that is still in use today, that has not actually been retyped or reimplemented in some way? By 'piece of code,' I'm of course referring to a complete algorithm, and not just a single line." The question would have a different answer if emulation, in multiple layers, is allowed.

Read more of this story at Slashdot.

Das Capitolin sends us to Benchmark Reviews for an in-depth feature on DDR3 memory that begins: "These are uncertain financial times we live in today, and the rise and fall of our economy has had [a] direct [effect] on consumer spending. It has already been one full year now that DDR3 has been patiently waiting for the enthusiast community to give it proper consideration, yet [its] success is still undermined by misconceptions and high price. Benchmark Reviews has been testing DDR3 more actively than anyone... Sadly, it might take an article like this to open the eyes of my fellow hardware enthusiast[s] and overclocker[s], because it seems like DDR3 is the technology nobody wants [badly] enough to learn about. Pity, because overclocking is what it's all about."

Read more of this story at Slashdot.

Scientists at the European Space Agency are using techniques inspired by their experience with outer space to make new and better products here on Earth. Certain compounds and alloys which are not normally viable can be made in different ways once forces such as gravity are removed from the equation. From BBC News: "The near absence of gravity (microgravity) has a profound influence on the way molten metals come together to form intermetallics and 'standard' alloys. With no 'up' and 'down' in the space environment, a melt doesn't rise and sink as it would at the planet's surface and that means solidification can turn out very differently. 'Gravity induces a lot of segregation of the elements,' explains IMPRESS scientist Dr Guillaume Reinhart. 'For instance, tantalum and niobium are heavy atoms and in doing the solidification process on the ground, they will segregate in different places and produce a very heterogeneous material. If you do this in microgravity, you obtain a very homogenous material because you prevent separation; and you have a much more efficient material, mechanically.'"

Read more of this story at Slashdot.

An anonymous reader brings us IBM Developerworks' recent analysis of how the NSA built SELinux to withstand attacks. The article shows us some of the relevant kernel architecture and compares SELinux to a few other approaches. We've discussed SELinux in the past. Quoting: "If you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system. That way, if the program is exploited in some way, its access is explicitly minimized. This type of control is called mandatory access control (MAC). Another approach to controlling access is role-based access control (RBAC). In RBAC, permissions are provided based on roles that are granted by the security system. The concept of a role differs from that of a traditional group in that a group represents one or more users. A role can represent multiple users, but it also represents the permissions that a set of users can perform. SELinux adds both MAC and RBAC to the GNU/Linux operating system."

Read more of this story at Slashdot.

sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer's comments and a technical description of the bug. "This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more."

Read more of this story at Slashdot.

Roland Piquepaille writes "According to a Michigan State University (MSU) news release, 'Made-to-order isotopes hold promise on science's frontier,' nuclear physicists can now start a new career as isotope designers. These scientists can build specific rare isotopes to solve scientific problems and open doors to new technologies. The lead researcher says this approach has already given us the Positron Emission Tomography (PET) scan technology. He's now going further, saying that he wants to build objects 100,000 times smaller than the atomic nucleus. He calls this 'femtotechnology.' Also available are additional details and pictures of the tools used for this kind of research, picked from a 415-page design paper." Update: 05/11 14:30 GMT by SS: Readers have noted that the summary inaccurately portrays the scale of the 'femtotechnology.' The MSU researcher refers to "the capacity to construct objects on an even more minute scale, that of the atomic nucleus 100,000 times smaller."

Read more of this story at Slashdot.

Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army's network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting: "Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. 'One of the challenges was when they see a scan, deciding if this is it, or if it's a cover,' says [instructor Eric] Dean. Spotting 'cover' attacks meant thinking like the NSA -- something Dean says the cadets did quite well. 'I was surprised at their creativity.' Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools' networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network."

Read more of this story at Slashdot.

or_is_it writes "The company I work for has been growing dramatically and I've been charged with the task of being the gatekeeper for our GFI Spam filters. This involves manually inspecting the subject line/to/from for all caught messages in each filter rule folder. For a company of about 50 people, in one day the number of spam messages can exceed 2,000. Neglect it for a day and you end up with quite a task on your hands. I've made the rules lax enough so important messages can go through, along with a few stray spams, for which I get bitched at. Tighten the rules up and then maybe an important time-sensitive email never gets to its intended recipient, and I get bitched at. Manually reading through all those subject lines is supposed to prevent that, but I'm only human and genuine messages can easily get overlooked. How do larger organizations deal with the spam issue? I can't imagine having one centralized person manually inspecting everyone's junk-mail header is the optimal solution. Purchasing a different commercial mail filter product is a possibility, but I'd like to hear some anecdotal evidence before jumping ship."

Read more of this story at Slashdot.

It seems that Sky Captain and the World of Tomorrow may not have been completely off the mark. According to Venture Beat, Airship Ventures has raised capital sufficient to build their first Zeppelin NT (Microsoft Windows reference purely coincidental). The airship will offer rides for up to 12 passengers out of the old Navy Blimp hangars at Moffett Field in Silicon Valley. Airship Ventures notes that airships are already flying safely in Japan and Germany, so now the US will have its chance. Rides will cost from $250 to $500 per person. Esther Dyson is one of the investors.

Read more of this story at Slashdot.

The Discovery Channel has done a deal with NASA to enhance old film footage from the space program up to the standards of HD. Discovery will air, in HD, a 6-part special called "When We Left Earth," beginning June 8. Judging by the trailer it should be pretty spectacular, a good introduction to the wonders of space exploration for a new generation. After the show airs, NASA gets the improved footage for their archives.

Read more of this story at Slashdot.

robipilot writes "Mac stolen, Mac comes online, owner connects using 'Back to My Mac,' owner takes picture of culprit, and voila, criminal caught. OK, it wasn't quite that simple, but here's an interesting story of using some built-in technology on the Mac to recover a stolen laptop."

Read more of this story at Slashdot.

sveard writes of a little problem Google is having that has Gmail acting like an open relay. Compounding the issue is the fact that services such as Hotmail and Yahoo trust Gmail as a source of mail. "A recently-discovered flaw in Gmail is capable of turning Google's e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google's SMTP service without fear of detection. This attack bypasses both Google's identity fraud protection mechanisms and the current 500-address limit on bulk e-mail."

Read more of this story at Slashdot.

theodp writes "Bill Gates and Ray Ozzie are listed as inventors of the Guardian Angel, which is described in a most unusual Microsoft patent application that should intrigue privacy advocates. In addition to protecting you from possibly diseased people, by detecting body temperatures, the Guardian Angel's 'monitoring component can take note of the number of conversations occurring in a room (and more specifically, a breakdown of the types of people in the room accompanied by a warning for dangerous persons, based on sex offender registration, FBI most wanted, etc.).' The versatile Guardian Angel, Microsoft notes, can also recommend restaurants, advise you on the appropriateness of your jokes, detect that your heartbeat has stopped, display targeted ads on billboards, and block spam."

Read more of this story at Slashdot.

The Future of Things covered the introduction last month of HP's DreamColor display, with 30 bits/pixel, developed in conjunction with DreamWorks Animation. The display is aimed at the video production, animation, and graphic arts industries. HP promises blacker blacks and whiter whites — though TFoT quotes one source who notes that if they deliver this, it will be due to the back-lighting and not to the number of bits/pixel. No word on the size of the displays that will actually be delivered, or on the price.

Read more of this story at Slashdot.

An anonymous reader writes "A Seattle Times editorial notes that the British Columbia Human Rights Tribunal will put author Mark Steyn on trial for his book 'America Alone,' which has angered Muslims in Canada. Steyn is a columnist for the Canadian magazine Maclean's. According to the editorial, British Columbia bans all words and images 'likely to expose a person... to hatred or contempt because of race, religion, age, disability, sex, marital status or sexual orientation.' Steyn is unapologetic, and is advertising his book as a 'Canadian Hate Crime' and daring the tribunal to 'pronounce him bad.'" The Canadian tabloid the National Post has coverage of what it calls "a media storm."

Read more of this story at Slashdot.

Science News reports on recent research indicating that any kind of multitasking while driving is dangerous. Not just the obvious distraction of juggling a cell phone, but even talking to a passenger or listening to a book on tape. The researchers used a driving simulator inside an MRI machine to measure brain activations. "Attending to what someone says galvanizes language-related brain areas while simultaneously reducing activity in spatial regions that coordinate driving behavior. This finding suggests that people who combine relatively automatic tasks, such as speech comprehension and car driving, exceed a biological limit on the amount of systematic brain activity they can accommodate at one time, the researchers propose. As a result, the less-ingrained skill — in this case, driving, which is learned long after a person grasps a native language — takes a neural hit."

Read more of this story at Slashdot.

A number of readers are sending word that the blogosphere and Twittersphere are alight with reports of Microsoft's new block on messages containing YouTube URLs. Both MSN Messenger and Windows Live Messenger reportedly implement the block. One blogger sniffed the network to discover that such messages receive a NAK from Microsoft's servers. Microsoft has been blocking messages by keyword, as an anti-phishing measure, for some time, but *.youtube.com would not seem to provoke much worry about phishing. Instead, as B.E.T.A Daily speculates, "This block seems to be related to the recent launch of Messenger TV in 20 countries which allows for sharing video clips from MSN Video on messenger." Hard to get away with in an arena where you don't enjoy a monopoly.

Read more of this story at Slashdot.