Forgot your password?

Close
typodupeerror
Security

Plumber Injection Attack in Bowser’s Castle-> 1

Submitted by Anonymous Coward
An anonymous reader writes "Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser’s Castle

Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.

This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available."
Link to Original Source
Security

Analysis of a hardware backdoor->

Submitted by Anonymous Coward
An anonymous reader writes "Remember Reflections on Trusting Trust? We know we can't trust our compilers, or our operating systems, or our userspace software. Now even our hardware might be out to get us. This post describes how to install a backdoor in the "expansion ROM" of a PCI card, which patches the BIOS to patch GRUB to patch the Linux kernel to give the controller remote root access. The upshot is that even if the compromise is detected and the victim reinstalls the operating from CD, the backdoor will still be there. Now you know why the NSA builds all its own hardware!"
Link to Original Source
Security

Linux kernel exploit aggressively rooting machines->

Submitted by Anonymous Coward
An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch."
Link to Original Source
Open Source

Is Twitter screwing over open-source developers?

Submitted by
An anonymous reader writes "A developer of a small open-source Twitter client has posted a vicious critique of Twitter's new OAuth authentication scheme, alleging that they are making life difficult for small and open-source developers, while applying double standards to themselves and their large corporate partners. He even describes a back-door in Twitter's API that allows Twitter's own applications to bypass the requirements Twitter places on other developers. Have other open-source Twitter developers had similar problems, or is he just venting because he doesn't want to follow Twitter's rules?"
Red Hat Software

No More Need To Reboot Fedora w/ Ksplice 262

Posted by CmdrTaco
from the stacking-your-nines dept.
An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"
Unix

Writing filesystems now as easy as Web apps->

Submitted by Anonymous Coward
An anonymous reader writes "Remember the old days of writing Web apps, when you had to parse the CGI arguments separately, do all the safety checks yourself and implement everything manually? Neither do I, but it looks like all the cool stuff from Web apps is making its way to writing filesystems. This guy shows how to writing an entire Linux filesystem in 50 lines of Python using "dispatch" techniques totally stolen from Ruby on Rails. Are we ready to give up the Web and go back to just using the filesystem for everything, the way Unix intended?"
Link to Original Source

Blogger shows that cosmic rays are a real problem

Submitted by Hanji
Hanji writes "We have discussed the potential effects of and protections against cosmic ray radiation here before, but for the average computer user, it's an obscure threat that doesn't affect them in any real way. Well here's a blog post that describes a strange segfault and, after extensive debugging, traces it down to a single bit flip, probably caused by a stray a cosmic ray. Lots of helpful descriptions of Linux debugging techniques in this one, and a pretty clear demonstration that this can be a real problem. I know I'm never buying a desktop without ECC RAM ever again!"
Patents

MPEG-LA Considering Patent Pool For VP8/WebM 399

Posted by kdawson
from the who-you-callin'-unencumbered dept.
An anonymous reader writes "Well, that didn't take long. Larry Horn, CEO of MPEG-LA, the consortium that controls the AVC/H.264 video standard, says the group is looking at creating a patent pool license for VP8 and WebM, Google's new open source, royalty-free HTML5 video format... So much for a Web video standard unencumbered by patent issues." We talked about VP8/WebM a couple of days ago when Google open sourced it. Reader Stoobalou points out another late-night email from Steve Jobs, who was asked to comment on VP8 vs. H.264. Jobs laconically sent a pointer to the technical analysis we linked before, where the poster says "VP8 copies way too much from H.264 for anyone sane to be comfortable with it, no matter whose word is behind the claim of being patent-free."
Java

IEEE Introduces Mario Level-Generation Competition 114

Posted by timothy
from the so-they-hate-employment dept.
bgweber writes "Last year, the IEEE conference on Computational Intelligence and Games hosted a competition to determine who could write the best AI for playing Mario levels (YouTube video). This year, the conference has expanded the competition to include a track on level generation as well, where the goal is to generate new levels online procedurally. Submitting an entry is as easy as implementing a Java interface that performs procedural content generation. The implications of this competition are techniques for greatly increasing the replayability of games, since each gameplay session could present new levels to the player."

International Longest Tweet Contest seeks entries->

Submitted by Anonymous Coward
An anonymous reader writes "The 1st International Longest Tweet Contest is open for submissions until April 12. It looks to be a take-off of the famous Obfuscated C Contest. So far the record is 4.2 kilobits encoded per tweet, based on exploiting the fact that Twitter actually passes the full 31 bits of ISO 10646 (the international standard that Unicode is based on), not the roughly 20.08 bits/character of Unicode itself."
Link to Original Source

To understand a program you must become both the machine and the program.