Your security, networking, programming, and application news source.
Google

Saturday, November 29, 2008

Ubuntu Linux Kernel Vulnerabilities Advisory

Ubuntu


Ubuntu has released a security advisory (below), detailing 9 potential kernel vulnerabilities. The advisory appears to encompass all Ubuntu's and suggests a kernel image upgrade. This will require a reboot and require a reinstall of all third party kernel modules that are installed.

<Ubuntu: USN-679-1: Linux kernel vulnerabilities> (Nov 27, 2008)



Wednesday, November 26, 2008

Assembly Programming in Python!

CorePy


CorePy 1.0 Officially Released! (Nov 17, 2008)

  <CorePy> is a <Python> package that allows executing assembly instructions for x86, Cell BE, and PowerPC processors (32 and 64 bit) from within Python. It is an open source project available under a BSD license

  CorePy's usage is comparable to inline assembly in other languages, but provides much more control than most provide.

"high-performance applications that take advantage of advanced processor features, including multiple cores and vector instruction sets (SSE, VMX, SPU), usually inaccessible from high-level languages."

  CorePy works by using an ISA, a library of architecture instruction sets, to build a list of instructions in a InstructionStream. This is called a synthetic program and is converted to a stream of reusable processor instructions. These synthetic programs can be executed by the processor synchronously or asynchronously, passing parameters to and from other synthetic programs.

  A print function is built in that supports plugins for printing the instruction stream out to assembly. Nasm seems to be ready, but GAS-compatible output seems to be incomplete.

A simple example from the website:

# Load the x86_64 instructions and environment
>>> import corepy.arch.x86_64.isa as x86
>>> import corepy.arch.x86_64.platform as x86_env
Platform: linux.spre_linux_x86_64_64

# Create a simple synthetic program
>>> code = x86_env.InstructionStream()
>>> code.add(x86.mov(code.gp_return, 12))

# Execute the synthetic program
>>> proc = x86_env.Processor()
>>> result = proc.execute(code, mode='int')
>>> print result
12



<CorePy>

<Download Page>

Tuesday, November 25, 2008

Fedora 10 is Here!



Fedora 10 is here!


<Get Fedora KDE> <Get Fedora GNOME>

<Fedora Torrents>

Major new features at a glance:
  • Wireless connection sharing enables ad hoc network sharing

  • Better setup and use of printers

  • Virtualization storage simplified

  • SecTool intrusion detection system

  • RPM 4.6 is a major update

  • Rewrite of the PulseAudio sound server

  • Improved webcam support

  • Better support for infrared remote controls

<Full release notes>

Thursday, November 20, 2008

Tired of Stupid Questions People Should Have Googled?

Let Me Google That For You [dot] Com


<LetMeGoogleThatForYou.Com>

Tired of people asking stupid questions they could have easily Google'd themselves? This website generates a link for you like so:

http://letmegooglethatforyou.com/?q=turn+power+on

This link you can share with your local lazy fool. The link will show an informative animation showing how to enter their particular query into Google, click search, declare "Was that so hard?", and then show the results. Try it above!

(Requires JavaScript access to letmegooglethatforyou.com and googleapis.com)

[Link] The 7 Deadly Linux Commands

Tech Source From Bohol (Nov 20, 2008)

<Tech Source From Bohol - The 7 Deadly Linux Commands>

Wednesday, November 19, 2008

[Link] ASCII Mandelbrot Created With Single SQL Statement

This is a single T-SQL statement that is less than 50 lines, with source code. A screen shot of the resulting ASCII Mandelbrot is included.

The Daily WTF (Nov 19, 2008)

<Stupid Coding Tricks: The T-SQL Mandelbrot>

Thursday, November 13, 2008

[Link] USB 3.0 is Blazing Fast

The Future of Things has put together a great collection of information about USB 3.0, saying,


"Devices employing USB 3.0 specifications are planned to be available to consumers in 2009 or 2010 and would be backwards compatible with USB 2.0 and USB 1.1."

The most mouth-watering is the speed; 25GB should take 70 seconds!

(Nov 11, 2008)

<The Future of Things - 25GB in 70 seconds with USB 3.0>

Tuesday, November 11, 2008

[Link] Windows 7 is , You Guessed it, Vista Rebranded

Kernel process profiling shows it looks like a Vista; performance testing shows is walks like a Vista; claims of being a high performing Linux-laptop-killer falling flat on it's face, make it sound like a just another disappointing Vista.

InfoWorld 5 pages (Nov 10, 2008)

<InfoWorld - Test Center benchmarks: Windows 7 unmasked>

Thursday, November 6, 2008

Adobe Reader Exploite Using Java Script

ADOBE READER 8

  Core Security Technologies reported a critical vulnerability to Adobe about it's Adobe Reader. Adobe has already released an update to address the vulnerability in version 8.1.2. The vulnerability was found in Foxit Reader (CVE-2008-1104) and later successfully tried in Adobe Reader. Adobe Reader and Foxit Reader both have different security approaches that lead people to think Adobe Reader wouldn't be affected.

Foxit Reader 2.3 build 2825 security bulletin from Secunia Research details the following:

"The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
"util.printf()" JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file."
(Secunia Research, May 20, 2008)

Help Net Security's coverage of the Adobe Reader vulnerability added that the util.printf() function "converts the argument it receives to a String, using only the first 16 digits of the argument and padding the rest with a fixed value of “0” (0x30). By passing an overly long and properly formatted command to the function, it is possible to overwrite the program’s memory and control its execution flow."(Help Net Security)

Help Net Security - Critical vulnerability in Adobe Reader (Nov 4, 2008)
<http://www.net-security.org/secworld.php?id=6715>

Security Focus - Secunia Research: Foxit Reader "util.printf()" Buffer Overflow.
(May 20 2008)
<http://www.securityfocus.com/archive/1/archive/1/492289/100/0/threaded>

Wednesday, November 5, 2008

[Link] Windows 3.x Still Dying


Microsoft ended support for Windows 3.x at the end of 2001, but 3.x continued on as an embedded operating system. Windows 3.x continued to power cash registers, ticket systems, and even in-flight entertainment systems.

"On 1 November Microsoft stopped issuing
licences [for Windows3.x]"
(Ward)


BBC News (Mark Ward) (Nov 5, 2008)

<BBC News - The end of an era - Windows 3.x>

Will iPwn for Food

Will iPwn for Food


  Forbes reports on <(blog)Piergiorgio Zambrini>, 38 year old Italian systems engineer who created the first popular iPhone carrier break application named <Ziphone>. Zambrini is reported to be "revealing a bug that can crash the iPhone and, he says, other devices including iPods and Apple computers."(Buley)

  Zambrini is holding the details for Apple. Forbes reported this bug to be in the audio portion of Apple's video format, that able to crash Apple iPod and latest generation iPhone. Forbes says this bug is in a shared library used in most Apple operating systems(i.e., Mac) and has confirmed this claim on iPhones.

  Zambrini goes on in the interview with Forbes about wanting a job in the Apple security department and wanting to talk to Steve Jobs. Yeah, it got weird, but apparently Zambrini made a nice chunk off Ziphone already.

Forbes.com (Taylor Buley), Crashing The iPhone
[Feed]<http://www.forbes.com/technology/2008/11/03/apple-iphone-bug-tech-security-cz_tb_1103iphone.html?feed=rss_popstories> (Nov 3, 2008)

Sunday, November 2, 2008

[Release] OpenBSD 4.4 Released


OpenBSD

Free, Functional & Secure

"Only two remote holes in the default install, in more than 10 years!"



OpenBSD 4.4 released Nov 1, 2008:

<(Wiki)OpenBSD>

<OpenBSD 4.4 Release Details>

<OpenBSD Download Page>