Slashdot Mirror

The Narrative Fallacy writes "John Markoff has a story at the NY Times speculating about what will happen on April 1 when the Conficker worm is scheduled to activate. Already on an estimated 12 million machines, conjectures about Conficker's purpose ranges from the benign — an April Fool's Day prank — to far darker notions. Some say the program will be used in the 'rent-a-computer-crook' business, something that has been tried previously by the computer underground. 'The most intriguing clue about the purpose of Conficker lies in the intricate design of the peer-to-peer logic of the latest version of the program, which security researchers are still trying to completely decode,' writes Markoff. According to a paper by researchers at SRI International, in the Conficker C version of the program, infected computers can act both as clients and servers and share files in both directions. With these capabilities, Conficker's authors could be planning to create a scheme like Freenet, the peer-to-peer system that was intended to make Internet censorship of documents impossible. On a darker note, Stefan Savage, a computer scientist at the University of California at San Diego, has suggested the possibility of a 'Dark Google.' 'What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers,' writes Markoff. 'That would be a dragnet — and a genuine horror story.'"

nandemoari writes "A new variant of the Conficker/Downadup worm has been detected. The worm opens a backdoor on an infected machine and allows hackers remote control of infected PCs. Dubbed Conficker B++ (and not to be confused with Conficker B), the new variant of the worm opens a backdoor with auto-update functionality, allowing a hacker to distribute malware to infected machines. It's difficult to know exactly how long Conficker B++ has been circulating, but researchers first noticed it on February 6 of this year." If this seems familiar to you, it probably is.

CWmike writes "Criminals behind the widespread Conficker worm have released a new version that could signal a major shift in the way the malware operates. The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines."

Dynamoo writes "The good news is that Microsoft have announced free anti-virus software for consumers, dubbed Morro, available late next year. The bad news is ... well, exactly the same. Although Microsoft's anti-malware products are pretty good, this move could drive many competitors out of business and create a dangerous security monoculture; major rivals will be lawyering up already. On the other hand, many malware infections could be prevented even by basic software. So is this going to be a good or bad thing overall?"

An anonymous reader writes "There are lots of multi-robot designs out there. Most are either research platforms well over $2K (often $10K or more), or are hobbyist bots under $400 with tiny brains and few sensors. But George Mason University's new FlockBots wiki is interesting. They're trying to pack as much functionality as possible into a roughly $800, 7" mobile swarmbot, and publish the design and software as a free and open spec. So far their design includes a wireless 200MHz Gumstix Linux computer, a camera, range and bump sensors, wheel encoders, a can gripper, and lots more. It's a great-looking design and I think the cost could drop to $500 with vendors doing consolidation."

prostoalex writes "James Fallows, in a New York Times article, notices that search engines are getting pretty good at providing information for simple keyword-based queries. However, when it comes to the actual information, such as finding the necessary data and statistics, they're not doing a great job. The article talks about the NSA- and CIA-sponsored Aquaint project that aims to deliver answers to questions that might be expressed with a variety of keywords, and need to be 'understood' by the search engine before providing the answer."

dev_alac writes "The BBC is reporting that C-3PO has been inducted into Carnegie Mellon's Robot Hall of Fame, along with Asimo, Shakeyboy -- "the first mobile robot to reason about its actions," Astroboy, and of course, Robby the Robot of Forbidden Planet fame. There, he joins such other legendary mechanical beings as Hal 9000, R2-D2, and Sojourner." Update: 06/20 08:27 GMT by T : Yep, it's a near-dupe of the Pittsburgh Post-Gazette story linked the other day.

An anonymous reader writes "Extremetech.com reports that: 'Computer scientists from think tank SRI will present a novel take on distributed computing at LinuxWorld, all in a search for a little lost penguin.' For more information on Centibots, head over to the Centibots Project homepage." ReadthePaper writes "I just read a great interview with Jon "Maddog" Hall of Linux International." And finally, Hawkxor writes "Sun Microsystems VP Jonathon Schwartz demoed Sun's new desktop-oriented Linux distro 'Mad Hatter' and 3-D Desktop Environment 'Looking Glass' at LinuxWorld. Sounds pretty cool."

phil reed writes "Given the latest fiasco in Florida's continuing attempts to implement a decent voting system, I thought it would be appropriate to alert Slashdot readers to the work of Dr. Rebecca Mercuri. She's been studying voting systems for many years, and has developed well-considered positions on what makes a good electronic voting system (and what makes a bad one). Her comments on the Florida 2002 election can be found in the current Risks Digest. And, if you think that creating a computer-based voting system is easy, she provides a suggested list of questions that should be answered by any developer." Mercuri's statement in Risks is well worth reading. With all due respect, she is wrong in some respects: it is possible to create a fully-verified electronic system. Start with completely open code and thoroughly examined hardware, create an audited system for installing the code on the hardware, and make it tamper-evident so that you know the same code is still there when the machine reaches the voting booths. Bootable, hologrammed, serial-numbered CD-ROMs with individual private keys would do the trick. Mercuri is thinking in terms of vendors selling proprietary "solutions", where she's absolutely right: there's no way to verify that what people punch in is what is actually recorded.

Mr. Slippery writes: "While catching up on the RISKS Digest (ought to be mandatory reading), I leaned about the new Union for Representative International Internet Cooperation and Analysis, started by Peter G. Neumann, Lauren Weinstein, and David J. Farber, names of some significance. Their goal: "The Internet should be dedicated to the needs and well-being of people all over the world, in a truly representative and fair manner.""

Max Entropy writes: "This article in The New York Times (free reg. req'd) discusses new research into the atmosphere of the planet Venus. First scientists believed it was electromagnetically active--lightning storms, etc.--and now they're not so sure. Also, the scientists at SRI International have discovered a green glow on the nighttime side of the planet that is attributable to the presence of a concentration of excited oxygen atoms, whereas Russian spacecraft detected no such atoms 25 years ago. The sun is theorized as a possible culprit-- its high point in its 11-year cycle might be responsible for charging the atoms and making them glow green."

Mojo Jojo writes "There's a story on developerWorks about DARPA-funded work being done at Stanford Research Institute (aka SRI International) to develop soemthing called Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD) -- software components that are capable of providing anomaly and misuse detection for networks. EMERALD components monitor local activity, then work in conjunction with analysis engines for visualization, response, correlation, and data logging to provide a global picture of what's occurring throughout the network. Sort of like having beat cops and police call boxes throughout your network (or something)."

Mojo Jojo writes "There's a story on developerWorks about DARPA-funded work being done at Stanford Research Institute (aka SRI International) to develop soemthing called Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD) -- software components that are capable of providing anomaly and misuse detection for networks. EMERALD components monitor local activity, then work in conjunction with analysis engines for visualization, response, correlation, and data logging to provide a global picture of what's occurring throughout the network. Sort of like having beat cops and police call boxes throughout your network (or something)."

pinglej writes "According to this story on MSNBC, Scientists at SRI have made some advances in muscles made using strained plastic that are more responsive than natural muscles. Has lots of neat applications from speakers to artificial limbs. " I think the best idea is to make me the strongest man alive - it'll be better than cybernetic body armor!

Will Johnston sent us a link to a wired story about a new mp3 chipset that manufacturers can slap into cases and use to sell set top MP3 players. It's only a matter of time now.