Forgot your password?
typodupeerror
Security

+ - Plumber Injection Attack in Bowser’s Castle-> 1

Submitted by Anonymous Coward
An anonymous reader writes "Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser’s Castle

Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.

This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available."

Link to Original Source
Security

+ - Analysis of a hardware backdoor->

Submitted by Anonymous Coward
An anonymous reader writes "Remember Reflections on Trusting Trust? We know we can't trust our compilers, or our operating systems, or our userspace software. Now even our hardware might be out to get us. This post describes how to install a backdoor in the "expansion ROM" of a PCI card, which patches the BIOS to patch GRUB to patch the Linux kernel to give the controller remote root access. The upshot is that even if the compromise is detected and the victim reinstalls the operating from CD, the backdoor will still be there. Now you know why the NSA builds all its own hardware!"
Link to Original Source
Security

+ - Linux kernel exploit aggressively rooting machines->

Submitted by Anonymous Coward
An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch."
Link to Original Source
Open Source

+ - Is Twitter screwing over open-source developers?

Submitted by
An anonymous reader writes "A developer of a small open-source Twitter client has posted a vicious critique of Twitter's new OAuth authentication scheme, alleging that they are making life difficult for small and open-source developers, while applying double standards to themselves and their large corporate partners. He even describes a back-door in Twitter's API that allows Twitter's own applications to bypass the requirements Twitter places on other developers. Have other open-source Twitter developers had similar problems, or is he just venting because he doesn't want to follow Twitter's rules?"
Red Hat Software

No More Need To Reboot Fedora w/ Ksplice 262

Posted by CmdrTaco
from the stacking-your-nines dept.
An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"
Unix

+ - Writing filesystems now as easy as Web apps->

Submitted by Anonymous Coward
An anonymous reader writes "Remember the old days of writing Web apps, when you had to parse the CGI arguments separately, do all the safety checks yourself and implement everything manually? Neither do I, but it looks like all the cool stuff from Web apps is making its way to writing filesystems. This guy shows how to writing an entire Linux filesystem in 50 lines of Python using "dispatch" techniques totally stolen from Ruby on Rails. Are we ready to give up the Web and go back to just using the filesystem for everything, the way Unix intended?"
Link to Original Source

+ - Blogger shows that cosmic rays are a real problem

Submitted by Hanji
Hanji (626246) writes "We have discussed the potential effects of and protections against cosmic ray radiation here before, but for the average computer user, it's an obscure threat that doesn't affect them in any real way. Well here's a blog post that describes a strange segfault and, after extensive debugging, traces it down to a single bit flip, probably caused by a stray a cosmic ray. Lots of helpful descriptions of Linux debugging techniques in this one, and a pretty clear demonstration that this can be a real problem. I know I'm never buying a desktop without ECC RAM ever again!"

+ - International Longest Tweet Contest seeks entries->

Submitted by Anonymous Coward
An anonymous reader writes "The 1st International Longest Tweet Contest is open for submissions until April 12. It looks to be a take-off of the famous Obfuscated C Contest. So far the record is 4.2 kilobits encoded per tweet, based on exploiting the fact that Twitter actually passes the full 31 bits of ISO 10646 (the international standard that Unicode is based on), not the roughly 20.08 bits/character of Unicode itself."
Link to Original Source
Programming

Simpler "Hello World" Demonstrated In C 582

Posted by kdawson
from the non-obfuscated dept.
An anonymous reader writes "Wondering where all that bloat comes from, causing even the classic 'Hello world' to weigh in at 11 KB? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found that gcc was including libc even when you don't ask for it. The blog shows how to compile a much simpler 'Hello world,' using no libraries at all. This takes me back to the days of programming bare-metal on DOS!"
Programming

+ - Simpler "Hello World" demonstrated in C->

Submitted by Anonymous Coward
An anonymous reader writes "Wondering where all that bloat comes from so even the classic "Hello world" now takes 11k? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found gcc was including libc even when you don't ask for it, and shows how to compile a much simpler "Hello world" — using no libraries at all. This takes me back to the days of programming bare-metal on DOS!"
Link to Original Source

Never put off till run-time what you can do at compile-time. -- D. Gries

Working...