Shared posts

27 Jul 07:43

Backdoor.Win32.Nbdd.bgz / Remote Stack Buffer Overflow

Posted by malvuln on Jul 26

Discovery / credits: Malvuln - (c) 2021
Original source:
Contact: malvuln13 () gmail com

Threat: Backdoor.Win32.Nbdd.bgz
Vulnerability: Remote Stack Buffer Overflow
Description: NetBot_Attacker VIP 5.9 on initial startup listens on port
8080 and on subsequent restarts port 80. Third-party attackers who can
reach an infected system can send...
10 Mar 08:49

Amazon Expands Its Palm Recognition Payment Tech To More of Its Stores

by BeauHD
An anonymous reader quotes a report from The Verge: Amazon One, the technology that lets customers pay in shops by scanning their palm, is expanding to more stores in the greater Seattle area. The company says it's available starting today in its 4-star store in Lynnwood, and in the coming weeks, Amazon One is also coming to its Amazon Books store in Bellevue and its 4-star and Pop Up stores in South Lake Union. In total, 12 of Amazon's physical stores will soon feature the technology. The e-commerce giant announced its palm recognition Amazon One system last year. It works by scanning your hand and identifying its unique characteristics like surface area details and vein patterns. Palm scanning technology has been around for a few years, and it's pretty secure as biometric security methods go, though there are concerns about how Amazon might use the data gathered as part of the system. So far, Amazon has made Amazon One available as a payment option across a number of its own-branded physical stores around Seattle. But in the longer term, the company hopes the convenience factor of being able to confirm your identity using just your hand will convince third-party businesses to use the service, too.

Read more of this story at Slashdot.

27 Feb 14:20

Nvidia Made $5 Billion During a GPU Shortage and Expects To Do It Again in Q1

by msmash
Nvidia has shared its Q4 2021 earnings, and despite the company's GPUs being in extremely low supply, it didn't seem to hurt how much money the company made. From a report: In fact, it reported a record $5 billion in revenue, which is up 61 percent year-over-year. What's more impressive is that Nvidia expects to make another $5 billion in revenue during Q1 2022. This positive outlook is surprising given that Q1 is generally slower than other quarters, even for the biggest tech companies, as it follows the rush of people buying lots of products during the holiday period. It's generally a slower period in general for product releases across tech and gaming. Also, let's not forget the GPU shortage is still happening. Nvidia reiterated that sparse supply will continue through the next quarter, but that's likely factored into its rosy revenue prediction. Nvidia says it expects most of that $5 billion revenue estimate in Q1 2022 to come from the gaming market, despite being the segment it's currently having the toughest time serving. Since the launch of the RTX 30-series desktop graphics cards, leading with the RTX 3080, 3090, 3070, and followed by other products, Nvidia hasn't been able to meet the demand -- though it's not the only company affected. AMD has also struggled, perhaps more than Nvidia, to keep a steady stock of graphics cards heading to retailers.

Read more of this story at Slashdot.

23 Aug 09:55

Tercera semana de agosto 2020. Héroes

by Ernesto Rodera


Domingo 23 de agosto 2020
Cuando se oye hablar de héroes, de sacrificios, de extenuantes esfuerzos y de futuras apuestas... malo. La política, la sociedad, la economía, la educación y la sanidad nada tienen que ver con excepciones, ni deben apoyarse en ellas. Un mecanismo debe funcionar sin milagros.

Sábado 22 de agosto 2020
Nuestro presidente, el ínclito Mañueco, ha desaparecido (o se ha invisibilizado) definitivamente. Ha pasado de no tomar ninguna decisión a no... estar.

Viernes 21 de agosto 2020
Las circunstancias cambian cada día (a peor). Nuestros políticos parecen esperar a que las circunstancias... se detengan. Eso no va a ocurrir.

Jueves 20 de agosto 2020
Pues lo mismo de antes. ¿Qué pensaba la gente que los votó que iban a resolver estas personas? En situación de alarma o en cualquier otra.

Miércoles 19 de agosto 2020
El consejero de Economía y Hacienda Javier Fernández Carriedo sigue flotando en nuestros autonómicos lodos, como un Rey Leño especialmente... tarugo. 

Martes 18 de agosto 2020
Parece que en la campaña de rebajas de... ahora (nunca sé cuándo hay rebajas) no se vendió tanto como otras veces en la misma época. En el momento en que se prohíben cosas perfectamente razonables (no echar humo de la boca a la jeta de otras personas) a la ciudadanía, aparecen adalides de LA LIBERTAD que, es curioso, dejan, han dejado y dejarán pasar enormes atropellos reales sin levantar jamás la voz.

Lunes 17 de agosto 2020
Problemático se presenta el comienzo del curso escolar. ¿Qué harán curas y monjas, por ejemplo? ¿Tienen personal, sitio, protocolos...? Mmmm... quizá no hagan nada. O sí: poner pegas. Ya ha pasado antes.

15 Jul 12:22

IBM Job Ad Calls For a Minimum 12 Years' Experience With Kubernetes -- Which is Six Years Old

by msmash
IBM's Global Technology Services has posted a job ad calling for candidates with a "minimum 12+ years' experience in Kubernetes administration and management." From a report: Which is a little odd because the first GitHub commit for the project was made on June 7, 2014. And the feature freeze for version 1.0 was announced on May 22, 2015. Sharp-minded Reg readers will have recognised that -- absent time travel -- it is therefore not possible for anyone to have 12 years' experience with Kubernetes. The ad is sadly silent on just how IBM expects candidates will have found the time to accumulate a dozen years' experience in a six-year-old project.

Read more of this story at Slashdot.

12 Jul 10:21

Newly-Discovered Comet Neowise: Now Visible at Dawn and Dusk

by EditorDavid
"A newly-discovered comet is giving skywatchers quite the show during the month of July," reports CBS News: Astronomers discovered the comet, known as Comet C2020 F3 NEOWISE, back in March. It was named for the NASA mission that spotted it, for the Near-Earth Object Wide-field Infrared Survey Explorer... But astronomers knew they found something unique when they spotted Neowise. On July 3, Neowise was closer to the sun than the orbit of Mercury, coming dangerously close to breaking apart. The sun heated up much of the comet's icy makeup, erupting in a large debris trail of gas and dust. Measuring about 3 miles across, Neowise is considered a fairly large comet — providing skywatchers with a spectacular view from Earth. The comet, which has a bright opulent tail, has been putting on a stunning show in the early hours before sunrise in the Northern Hemisphere... But late sleepers need not worry — the comet will start appearing in the evening, just after sunset, starting Saturday. To view it, people in the Northern Hemisphere can look to the northwestern sky, just below Ursa Major, commonly known as the Big Dipper constellation. Scientists say the comet will be visible across the Northern Hemisphere for about another month. The comet is made up of material dating back 4.6 billion years, to the origins of our solar system, according to the article. "The event is truly a once-in-a-lifetime experience — the comet takes about 6,800 years to complete its path around the sun, according to NASA..." "NASA says it will be one of the brightest comets this century."

Read more of this story at Slashdot.

20 Jun 17:55

Samsung Blu-Ray Players Suddenly Stop Working Worldwide

by BeauHD
New submitter wb9syn7 writes: The last two days have seen a variety of Samsung Blu-ray players worldwide suddenly cease working. The symptom is that they turn on when power is applied, whereupon they reboot themselves every few seconds endlessly. The power and eject buttons are ignored and all attempts at resetting them fail. After many owners contacted Samsung support and were told they needed to send their players in for hardware repair, Samsung appears to have admitted there is a common problem, not individual player failure. As they are all out of warranty and the reboot cycle precludes the normal software update process, we are awaiting a solution from them. A community post has hundreds of users confirming the issue across various models. We've reached out to Samsung but they have yet to comment on the matter.

Read more of this story at Slashdot.

19 Nov 16:02

India Says Law Permits Agencies To Snoop on Citizens' Devices

by msmash
The Indian government said on Tuesday that it is "empowered" to intercept, monitor, or decrypt any digital communication "generated, transmitted, received, or stored" on a citizen's device in the country in the interest of national security or to maintain friendly relations with foreign states. From a report: Citing section 69 of the Information Technology Act, 2000, and section 5 of the Telegraph Act, 1885, Minister of State for Home Affairs G. Kishan Reddy said local law empowers federal and state government to "intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence." Reddy's remarks were in response to the parliament, where a lawmaker had asked if the government had snooped on citizens' WhatsApp, Messenger, Viber, and Google calls and messages.

Share on Google+

Read more of this story at Slashdot.

27 Oct 08:20

Man Kept Getting Drunk Without Drinking. Docs Found Brewer's Yeast In His Guts

by BeauHD
An anonymous reader quotes a report from Ars Technica: After years of inexplicably getting drunk without drinking alcohol, having mood swings and bouts of aggression, landing a DWI charge on the way to work one morning, and suffering a head injury in a drunken fall, an otherwise healthy 46-year-old North Carolina man finally got confirmation of having alcohol-fermenting yeasts overrunning his innards, getting him sloshed any time he ate carbohydrate-laden meals. Through the years, medical professionals and police officers refused to believe he hadn't been drinking. They assumed the man was lying to hide an alcohol problem. Meanwhile, he went to an untold number of psychiatrists, internists, neurologists, and gastroenterologists searching for answers. Those answers only came after he sought help from a support group online and then contacted a group of researchers at Richmond University Medical Center in Staten Island, New York. By then, it was September of 2017 -- more than seven years after his saga began. The New York researchers finally confirmed that he had a rarely diagnosed condition called "auto-brewery syndrome." From there, the researchers started him on powerful anti-fungal medications to try to clear the boozy germs from his system. But he relapsed just weeks later after sneaking some forbidden pizza and soda. The researchers tried again, giving him an even stronger round of anti-fungal drugs, this time through a tube directly into his veins (central catheter). By February of 2018, tests indicated he was free of the fermenting fungi. He went back to eating his normal diet and passed his daily breathalyzer tests. He has stayed that way since, the researchers report.

Share on Google+

Read more of this story at Slashdot.

28 Jun 13:03

Good News

I finally managed to build LibreOffice for armv7 and I have LibreOfficeDev on my TV screen right now. There’s a link to build instructions above and I’ll update it with the autogen flags I used. They’re somewhat arbitrary but yeah.

Now the stage is set for this week’s/ next week’s work of controlling LibreOffice from Python, and also the additions needed in LO’s source code to actually make things work properly.


P.S. I am aware that this site is incredibly ugly, I’ll fix it soon.

08 Dec 02:22

Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016

by BeauHD
Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says.

Share on Google+

Read more of this story at Slashdot.

25 Nov 18:45

VLC Media Player Previews 360-degree Video Support

by msmash
VideoLAN has released a technical preview of VLC Media Player 3.0 with 360-degree video support. The new build handles videos following the Spatial Video format, and photos and panoramas following the Spherical spec (the official test page has sample files). From an article on SoftwareCrew:The files play back just like any other video, but you can now left-click and drag within the screen or use the numeric keypad arrows to look around. VideoLAN says there are multiple display modes -- Zoom, Little Planet and Reverse Little Planet -- although we couldn't immediately see how they were activated. This initial release is only available for Windows and Mac, but eventually 360-degree support will arrive for Android, iOS and Xbox One, with VR headset support likely to arrive in 2017.

Share on Google+

Read more of this story at Slashdot.

03 Mar 00:49

Google-Backed SSD Endurance Research Shows MLC Flash As Reliable As SLC

by timothy
MojoKid writes: Even for mainstream users, it's easy to feel the differences between using a PC that has an OS installed on a solid state drive versus a mechanical hard drive. Also, with SSD pricing where it is right now, it's also easy to justify including one in a new configuration for the speed boost. And there's obvious benefit in the enterprise and data center for both performance and durability. As you might expect, Google has chewed through a healthy pile of SSDs in its data centers over the years and the company appears to have been one of the first to deploy SSDs in production at scale. New research results Google is sharing via a joint research project now encompasses SSD use over a six year span at one of Google's data centers. Looking over the results led to some expected and unexpected findings. One of the biggest discoveries is that SLC-based SSDs are not necessarily more reliable than MLC-based drives. This is surprising, as SLC SSDs carry a price premium with the promise of higher durability (specifically in write operations) as one of their selling points. It will come as no surprise that there are trade-offs of both SSDs and mechanical drives, but ultimately, the benefits SSDs offer often far outweigh the benefits of mechanical HDDs.

Share on Google+

Read more of this story at Slashdot.

25 Mar 16:11

25 de marzo, Día del Documento Libre

by nettizen
ignacio.agullo nos cuenta: «Como todos los años desde 2008 a finales de marzo, la Fundación para la Programación Libre de Europa convoca el Día del Documento Libre. Se organizan eventos por todo el mundo para promover los estándares abiertos para la codificación de datos, permitiendo que cualquier programador pueda crear sus propias herramientas para trabajar con los datos o para convertirlos de formato. Es una celebración relacionada con la compatibilidad, pues lo que se trata de evitar es perder los datos que están codificados de forma indocumentada cuando el formato se queda sin soporte. Para los seguidores de las Celebraciones TIC Internacionales, la Asociación de Técnicos de Informática mantiene un Calendario de celebraciones internacionales dedicadas a las Tecnologías de la Información y las Comunicaciones.»
06 Jun 15:33

Vodafone Reveals Warrantless Wiretapping

by Soulskill
Charliemopps writes "According to Vodafone, multiple governments have installed equipment that collects data on its customers without a warrant. This includes metadata, location data, and voice. They say, "In a small number of countries, agencies and authorities have direct access to communications data stored within an operator’s network. In those countries, Vodafone will not receive any form of demand for communications data access as the relevant agencies and authorities already have permanent access to customer communications via their own direct link." It's a rather long, and very interesting report. Vodafone also criticized the transparency process: "In our view, it is governments – not communications operators – who hold the primary duty to provide greater transparency on the number of agency and authority demands issued to operators. We believe this for two reasons."'

Share on Google+

Read more of this story at Slashdot.

10 Apr 14:34

New French Law Prohibits After-Hours Work Emails

by timothy
Hugh Pickens DOT Com (2995471) writes "Lucy Mangan reports at The Guardian that a new labor agreement in France means that employees must ignore their bosses' work emails once they are out of the office and relaxing at home – even on their smartphones. Under the deal, which affects a million employees in the technology and consultancy sectors (including the French arms of Google, Facebook, and Deloitte), employees will also have to resist the temptation to look at work-related material on their computers or smartphones – or any other kind of malevolent intrusion into the time they have been nationally mandated to spend on whatever the French call la dolce vita. "We must also measure digital working time," says Michel De La Force, chairman of the General Confederation of Managers. "We can admit extra work in exceptional circumstances but we must always come back to what is normal, which is to unplug, to stop being permanently at work." However critics say it will impose further red tape on French businesses, which already face some of the world's tightest labor laws." (Continues)

Share on Google+

Read more of this story at Slashdot.

10 Mar 09:09

Unique Date

If our current civilization lasts another 8,000 years, it's probably fair to assume the Long Now Foundation got things right, and at some point we started listening to them and switched to five-digit years.
03 Nov 00:15

Inmates Program Logistics App For Prison

by Soulskill
schweini writes "Inmates in an Oklahoma prison developed software that attempts to streamline the prison's food logistics. A state representative found out, and he's trying to get every other prison in Oklahoma to use it, too. According to the Washington Post, 'The program tracks inmates as they proceed through food lines, to make sure they don’t go through the lines twice... It can help the prison track how popular a particular meal is, so purchasers know how much food to buy in the future. And it can track tools an inmate checks out to perform their jobs.' The program also tracks supply shipments into the system, and it showed that food supplier Sysco had been charging different prices for the same food depending on which facility it was going to. Another state representative was impressed, but realized the need for oversight: 'If they build on what they’ve done here, they actually have to script it out. If you have inmates writing code, there has to be a continual auditing process. Food in prison is a commodity. It’s currency.'"

Share on Google+

Read more of this story at Slashdot.