12915496
submission
Tumbleweed writes:
How to make Steve Jobs your mortal enemy:
Smokescreen, a 175kB, 8,000-line javascript-based Flash
player. To be open-sourced "in the near future". From Simon's blog: "It runs entirely in the browser, reads in SWF binaries, unzips them (in native JS), extracts images and embedded audio and turns them in to base64 encoded data:uris, then stitches the vector graphics back together as animated SVG." Badass! (Via Simon Willison's blog)
6358
submission
Tumbleweed writes:
Joanna Rutkowska, of Blue Pill fame , writes in her blog that Vista RC1 (Build 5600, x64 edition) is still vulnerable to the pagefile attack she demonstrated at the SyScan conference nearly 2 months ago.
"As I described during my talk, it's just enough to... disable kernel mode memory paging. Surly, it would cause a little waste of memory, but according to some Microsoft engineers I spoke to, it would be only around 80MB. This seems very little these days, doesn't it?", she writes.
Well, no, 80MB is not 'very little' by my standards, but nevertheless, I don't see how this can be considered a 'Release Candidate' by anyone other than Microsoft, with such a high-profile vulnerability left in place.