×
Security

Ex-NSA Researcher Claims That DLL-Style Attacks Work Just Fine On OS X 93

Posted by timothy from the it's-a-feature dept.
An anonymous reader writes Ex-NSA and NASA researcher Patrick Wardle claims to have developed a reliable technique of Shared Library replacement which renders Apple's OSX operating system just as vulnerable to exploitation as Windows has been (via its 'DLL' shared libraries) for years. Speaking at CanSecWest, Wardle explained that Apple's refusal to encrypt software downloads via its App Store allows an attacker on the same network to inject a malicious 'dylib' (shared library) without altering the hash of the legitimate-but-vulnerable software, thereby leaving the Developer ID signature intact. Wardle ran a crafted Python script on a typical Mac and discovered 150 dylib-dependent applications, including Apple's own Xcode developer environment — revealed last week by Edward Snowden to be a priority target for the NSA due to its ability to propagate compromised software.
Businesses

Ask Slashdot - Breaking Into Penetration Testing At 30 205

Posted by samzenpus from the braking-in dept.
An anonymous reader writes I currently work for a small IT MPS in the Southern USA. Recently, my boss approached me about offering security evaluation and penetration testing to customers in our area due to the increasing number of regulations companies area are having to meet. My role in the company is that of a proactive systems administrator. I have strong troubleshooting skills, a moderate knowledge of Linux, and a strong grasp on Windows systems. My working knowledge of networks is a bit rusty, but I've started working on my CCNA again, and skill/knowledge of any kind of programming language is extremely lacking as I have slacked off in that department. However, I've been working with Powershell scripting, and have picked up some resources on Python. Where would a guy like me start? What can I do, as far as personal development, to give me a shot at building this "new department" within my company? Am I beyond hope?
Communications

Developers Disclose Schematics For 50-1000 MHz Software-Defined Transceiver 135

Posted by samzenpus from the fire-up-the-boat-anchor dept.
Bruce Perens writes Chris Testa KD2BMH and I have been working for years on a software-defined transceiver that would be FCC-legal and could communicate using essentially any mode and protocol up to 1 MHz wide on frequencies between 50 and 1000 MHz. It's been discussed here before, most recently when Chris taught gate-array programming in Python. We are about to submit the third generation of the design for PCB fabrication, and hope that this version will be salable as a "developer board" and later as a packaged walkie-talkie, mobile, and base station. This radio is unique in that it uses your smartphone for the GUI, uses apps to provide communication modes, contains an on-board FLASH-based gate-array and a ucLinux system. We intend to go for FSF "Respects Your Freedom" certification for the device. My slide show contains 20 pages of schematics and is full of ham jargon ("HT" means "handi-talkie", an old Motorola product name and the hams word for "walkie talkie") but many non-hams should be able to parse it with some help from search engines. Bruce Perens K6BP
Programming

Nim Programming Language Gaining Traction 520

Posted by Soulskill from the jack-be-nimble dept.
An anonymous reader writes: Nim is a young, statically typed programming language that has been getting more attention recently. See these articles for an introduction: What is special about Nim?, What makes Nim practical? and How I Start: Nim. The language offers a syntax inspired by Python and Pascal, great performance and C interfacing, and powerful metaprogramming capabilities. The author of "Unix in Rust" just abandoned Rust in favor of Nim and some early-adopter companies are starting to use it as well.
Programming

JavaScript, PHP Top Most Popular Languages, With Apple's Swift Rising Fast 192

Posted by samzenpus from the king-of-the-hill dept.
Nerval's Lobster writes Developers assume that Swift, Apple's newish programming language for iOS and Mac OS X apps, will become extremely popular over the next few years. According to new data from RedMonk, a tech-industry analyst firm, Swift could reach that apex of popularity sooner rather than later. While the usual stalwarts—including JavaScript, Java, PHP, Python, C#, C++, and Ruby—top RedMonk's list of the most-used languages, Swift has, well, swiftly ascended 46 spots in the six months since the firm's last update, from 68th to 22nd. RedMonk pulls data from GitHub and Stack Overflow to create its rankings, due to those sites' respective sizes and the public nature of their data. While its top-ranked languages don't trade positions much between reports, there's a fair amount of churn at the lower end of the rankings. Among those "smaller" languages, R has enjoyed stable popularity over the past six months, Rust and Julia continue to climb, and Go has exploded upwards—although CoffeeScript, often cited as a language to watch, has seen its support crumble a bit.
Software

Lab Samples Database "JuliaBase" Published As Open Source 27

Posted by samzenpus from the open-it-up dept.
First time accepted submitter bronger writes After six years of closed-source development, the Research Centre Jülich published its database solution for laboratory samples and processes as open source, while continuing maintaining it. JuliaBase is a framework written in Python/Django that enables research institution or research group to set up browser-based samples tracking and measurement management easily. Next to Bika and LabLey, this is one of the very few open source LIMS systems, and in contrast to the others, not specialized in biomedicine or service labs.
The Military

US Army Releases Code For Internal Forensics Framework 37

Posted by Soulskill from the see-what-kind-of-code-your-tax-dollars-can-buy dept.
An anonymous reader writes: The U.S. Army Research Laboratory in Maryland has released on GitHub a version of a Python-based internal forensics tool which the army itself has been using for five years. Dshell is a Linux-based framework designed to help investigators identify and examine compromised IT environments. One of the intentions of the open-sourcing of the project is to involve community developers in the creation of new modules for the framework. The official release indicates that the version of Dshell released to Github is not necessarily the same one that the Army uses, or at least that the module package might be pared down from the Army-issued software.
Programming

Justified: Visual Basic Over Python For an Intro To Programming 648

Posted by timothy from the I-know-let's-centralize-such-decisions dept.
theodp writes ICT/Computing teacher Ben Gristwood justifies his choice of Visual Basic as a programming language (as a gateway to other languages), sharing an email he sent to a parent who suggested VB was not as 'useful' as Python. "I understand the popularity at the moment of the Python," Gristwood wrote, "however this language is also based on the C language. When it comes to more complex constructs Python cannot do them and I would be forced to rely on C (which is incredibly complex for a junior developer) VB acts as the transition between the two and introduces the concepts without the difficult conventions required. Students in Python are not required to do things such as declare variables, which is something that is required for GCSE and A-Level exams." Since AP Computer Science debuted in 1984, it has transitioned from Pascal to C++ to Java. For the new AP Computer Science Principles course, which will debut in 2016, the College Board is leaving the choice of programming language(s) up to the teachers. So, if it was your call, what would be your choice for the Best Programming Language for High School?
Programming

Learn Gate-Array Programming In Python and Software-Defined Radio 51

Posted by samzenpus from the watch-and-learn dept.
Bruce Perens writes Chris Testa KB2BMH taught a class on gate-array programming the SmartFusion chip, a Linux system and programmable gate-array on a single chip, using MyHDL, the Python Hardware Design Language to implement a software-defined radio transceiver. Watch all 4 sessions: 1, 2, 3, 4. And get the slides and code. Chris's Whitebox hardware design implementing an FCC-legal 50-1000 MHz software-defined transceiver in Open Hardware and Open Source, will be available in a few months. Here's an Overview of Whitebox and HT of the Future. Slashdot readers funded this video and videos of the entire TAPR conference. Thanks!"
China

What Language Will the World Speak In 2115? 578

Posted by Soulskill from the hopefully-one-that-doesn't-include-the-word-twerk dept.
An anonymous reader writes: Throughout human history, different languages have emerged and died, waxed and waned in relative importance, evolved, and spread to new locales. An article in the Wall Street Journal considers what languages the world will speak a hundred years from now. Quoting: "Science fiction often presents us with whole planets that speak a single language, but that fantasy seems more menacing here in real life on this planet we call home—that is, in a world where some worry that English might eradicate every other language. That humans can express themselves in several thousand languages is a delight in countless ways; few would welcome the loss of this variety.

Some may protest that it is not English but Mandarin Chinese that will eventually become the world's language, because of the size of the Chinese population and the increasing economic might of their nation. But that's unlikely. For one, English happens to have gotten there first. It is now so deeply entrenched in print, education and media that switching to anything else would entail an enormous effort. We retain the QWERTY keyboard and AC current for similar reasons. ... Yet more to the point, by 2115, it's possible that only about 600 languages will be left on the planet as opposed to today's 6,000. Japanese will be fine, but languages spoken by smaller groups will have a hard time of it."
Encryption

Unofficial WhatsApp Library Gets End To End Encryption Before Official Clients 29

Posted by timothy from the keep-it-secret-keep-it-safe dept.
An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.
Television

Proposed Theme Park Would Put BBC Shows On Display 80

Posted by timothy from the holy-grail-and-life-of-brian-sections-would-suffice dept.
According to the Guardian, a "developing deal" for a theme park located in Kent could transform various BBC shows into Disney-style in-person experiences. Says the article: BBC Worldwide, the commercial arm of the BBC, has struck a deal with a Kuwait-backed property developer to allow a range of its programmes and characters to be “brought to life” at a new £2bn theme park and holiday resort to be built by the Thames estuary in north Kent, in partnership with Paramount Pictures. London Resort Company Holdings has signed a development agreement with BBC Worldwide to feature the corporation’s intellectual property at the London Paramount Entertainment Resort, which promises to “combine the glamour of Hollywood with the best of British culture." Shows named include Top Gear, Sherlock, and Dr. Who; I think I'd rather visit a theme park that was entirely based on Monty Python's Flying Circus, but a Top Gear racetrack or simulator would be fun.
Programming

How Relevant is C in 2014? 641

Posted by Soulskill from the don't-ask-netcraft dept.
Nerval's Lobster writes: Many programming languages have come and gone since Dennis Ritchie devised C in 1972, and yet C has not only survived three major revisions, but continues to thrive. But aside from this incredible legacy, what keeps C atop the Tiobe Index? The number of jobs available for C programmers is not huge, and many of those also include C++ and Objective-C. On Reddit, the C community, while one of the ten most popular programming communities, is half the size of the C++ group. In a new column, David Bolton argues that C remains extremely relevant due to a number of factors including newer C compiler support, the Internet ("basically driven by C applications"), an immense amount of active software written in C that's still used, and its ease in learning. "Knowing C provides a handy insight into higher-level languages — C++, Objective-C, Perl, Python, Java, PHP, C#, D and Go all have block syntax that's derived from C." Do you agree?
Python

Which Programming Language Pays the Best? Probably Python 277

Posted by Soulskill from the from-employer-import-dollars dept.
Nerval's Lobster writes: What programming language will earn you the biggest salary over the long run? According to Quartz, which relied partially on data compiled by employment-analytics firm Burning Glass and a Brookings Institution economist, Ruby on Rails, Objective-C, and Python are all programming skills that will earn you more than $100,000 per year. But salary doesn't necessarily correlate with popularity. Earlier this year, for example, tech-industry analyst firm RedMonk produced its latest ranking of the most-used languages, and Java/JavaScript topped the list, followed by PHP, Python, C#, and C++/Ruby. Meanwhile, Python was the one programming language to appear on Dice's recent list of the fastest-growing tech skills, which is assembled from mentions in Dice job postings. Python is a staple language in college-level computer-science courses, and has repeatedly topped the lists of popular programming languages as compiled by TIOBE Software and others. Should someone learn a language just because it could come with a six-figure salary, or are there better reasons to learn a particular language and not others?
Python

The Life of an ATLAS Physicist At CERN 34

Posted by Soulskill from the smashing-particles-for-fun-and-profit dept.
An anonymous reader writes: Anyone with even a passing interest in the sciences must have wondered what it's like to work at the European Organization for Nuclear Research, better known as CERN. What's it like working in the midst of such concentrated brain power? South African physicist Claire Lee, who works right on ATLAS – one of the two elements of the LHC project that confirmed the existence of the Higgs boson in 2012 — explains what a day in the life of a CERN worker entails. She says, "My standard day is usually comprised of some mix of coding and attending meetings ... There are many different types of work one can do, since I am mostly on analysis this means coding, in C++ or Python — for example, to select a particular subset of events that I am interested in from the full set of data. This usually takes a couple of iterations, where we slim down the dataset at each step and calculate extra quantities we may want to use for our selections.

The amount of data we have is huge – petabytes of data per year stored around the world at various high performance computing centers and clusters. It’s impossible to have anything but the smallest subset available locally – hence the iterations – and so we use the LHC Computing Grid (a specialized worldwide computer network) to send our analysis code to where the data is, and the code runs at these different clusters worldwide (most often in a number of different places, for different datasets and depending on which clusters are the least busy at the time)."
Software

Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94 67

Posted by samzenpus from the brand-new dept.
kxra writes With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35,000 € goal to pay for full-time development and has entered "beta" status for version 1.0. They've released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release.
The Media

2600 Profiled: "A Print Magazine For Hackers" 71

Posted by Soulskill from the not-the-atari-2600 dept.
HughPickens.com writes: Nicolas Niarchos has a profile of 2600 in The New Yorker that is well worth reading. Some excerpts: "2600 — named for the frequency that allowed early hackers and "phreakers" to gain control of land-line phones — is the photocopier to Snowden's microprocessor. Its articles aren't pasted up on a flashy Web site but, rather, come out in print. The magazine—which started as a three-page leaflet sent out in the mail, and became a digest-sized publication in the late nineteen-eighties — just celebrated its thirtieth anniversary. It still arrives with the turning of the seasons, in brown envelopes just a bit smaller than a 401k mailer."

"There's been now, by any stretch of the imagination, three generations of hackers who have read 2600 magazine," Jason Scott, a historian and Web archivist who recently reorganized a set of 2600's legal files, said. Referring to Goldstein, whose real name is Eric Corley, he continued: "Eric really believes in the power of print, words on paper. It's obvious for him that his heart is in the paper."

"2600 provides an important forum for hackers to discuss the most pressing issues of the day — whether it be surveillance, Internet freedom, or the security of the nation's nuclear weapons—while sharing new code in languages like Python and C.* For example, the most recent issue of the magazine addresses how the hacking community can approach Snowden's disclosures. After lampooning one of the leaked N.S.A. PowerPoint slides ("whoever wrote this clearly didn't know that there are no zombies in '1984' ") and discussing how U.S. government is eroding civil rights, the piece points out the contradictions that everyone in the hacking community currently faces. "Hackers are the ones who reveal the inconvenient truths, point out security holes, and offer solutions," it concludes. "And this is why hackers are the enemy in a world where surveillance and the status quo are the keys to power."
Programming

The One App You Need On Your Resume If You Want a Job At Google 205

Posted by timothy from the surprisingly-it's-not-I-am-Rich dept.
HughPickens.com writes Jim Edwards writes at Business Insider that Google is so large and has such a massive need for talent that if you have the right skills, Google is really enthusiastic to hear from you — especially if you know how to use MatLab, a fourth-generation programming language that allows matrix manipulations, plotting of functions and data, implementation of algorithms, creation of user interfaces, and interfacing with programs written in other languages, including C, C++, Java, Fortran and Python. The key is that data is produced visually or graphically, rather than in a spreadsheet. According to Jonathan Rosenberg , Google's former senior vice president for product management, being a master of statistics is probably your best way into Google right now and if you want to work at Google, make sure you can use MatLab. Big data — how to create it, manipulate it, and put it to good use — is one of those areas in which Google is really enthusiastic about. The sexy job in the next ten years will be statisticians. When every business has free and ubiquitous data, the ability to understand it and extract value from it becomes the complimentary scarce factor. It leads to intelligence, and the intelligent business is the successful business, regardless of its size. Rosenberg says that "my quote about statistics that I didn't use but often do is, 'Data is the sword of the 21st century, those who wield it the samurai.'"
Databases

Python-LMDB In a High-Performance Environment 98

Posted by Soulskill from the fast-enough-to-cause-drama dept.
lkcl writes: In an open letter to the core developers behind OpenLDAP (Howard Chu) and Python-LMDB (David Wilson) is a story of a successful creation of a high-performance task scheduling engine written (perplexingly) in Python. With only partial optimization allowing tasks to be executed in parallel at a phenomenal rate of 240,000 per second, the choice to use Python-LMDB for the per-task database store based on its benchmarks, as well as its well-researched design criteria, turned out to be the right decision. Part of the success was also due to earlier architectural advice gratefully received here on Slashdot. What is puzzling, though, is that LMDB on Wikipedia is being constantly deleted, despite its "notability" by way of being used in a seriously-long list of prominent software libre projects, which has been, in part, motivated by the Oracle-driven BerkeleyDB license change. It would appear that the original complaint about notability came from an Oracle employee as well.
The Internet

BitHammer, the BitTorrent Banhammer 429

Posted by Soulskill from the taking-back-your-bandwidth dept.
michaelcole writes: Its name is BitHammer. It searches out and bans BitTorrent users on your local sub-net.

I'm a digital nomad. That means I travel and work, often using shared Wi-Fi. Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.

These users clog up the residential routers' connection tables, and make it impossible to use tools like SSH, or sometimes even web browsing. Stuck for a day, bullied from the Wi-Fi, I wrote BitHammer as a research project. It worked rather well. It's my first Python program. I hope you find it useful.

Slashdot Top Deals