Forgot your password?
typodupeerror

Comment: Re:So 64-bit ASLR on Windows is flawed as well... (Score 1) 223

by Xenoflargactian (#31619726) Attached to: IE8, Safari, iPhone All Fall At Pwn2Own Contest
The attacker used a memory corruption bug to overwrite the null terminator of a string. He then read that string, which kept going until it hit another null terminator (two consecutive 0 bytes). He read memory he wasn't supposed to have access to, which included pointers to a C++ object's member functions (vftable). With these pointers in hand, he has defeated ASLR, because he has information about the address space that he's not supposed to have.

This MS's fault for a memory corruption bug, but their ASLR implementation isn't broken (at least not by this attack).

Details if you're curious: http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf
Censorship

China Warns Google To Obey Or Leave 533

Posted by Soulskill
from the who-wears-the-pants-in-this-family dept.
suraj.sun writes with this snippet from an Associated Press report: "China's top Internet regulator insisted Friday that Google must obey its laws or 'pay the consequences,' giving no sign of a possible compromise in their dispute over censorship and hacking. 'If you want to do something that disobeys Chinese law and regulations, you are unfriendly, you are irresponsible and you will have to pay the consequences,' Li Yizhong, the minister of Industry and Information Technology, said on the sidelines of China's annual legislature. ... 'Whether they leave or not is up to them,' Li said. 'But if they leave, China's Internet market is still going to develop.' ... Li insisted the government needs to censor Internet content to protect the rights of the country and its people. 'If there is information that harms stability or the people, of course we will have to block it,' he said."
Microsoft

Anti-Piracy Windows 7 Update Phones Home Quarterly 819

Posted by kdawson
from the who-owns-your-computer dept.
Lauren Weinstein sends in news of a major and disturbing Microsoft anti-piracy initiative called Windows Activation Technologies, or WAT. Here is Microsoft's blog post giving their perspective on what WAT is for. From Lauren's blog: "The release of Windows 7 'Update for Microsoft Windows (KB71033)' will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic 'phone home' operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days. ... These automatic queries will repeatedly — apparently for as long as Windows is installed — validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft). If your system matches — again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine — then your system will be 'downgraded' to 'non-genuine' status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. ... KB971033... is scheduled to deploy to the manual downloading 'Genuine Microsoft Software' site on February 16, and start pushing out automatically through the Windows Update environment on February 23. ... [F]or Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner — declaring their systems to be non-genuine and downgrading them at any time — is rather staggering." Update: 02/12 02:08 GMT by KD : Corrected the Microsoft Knowledge Base number to include a leading 9 that had been omitted in the pre-announcement, per L. Weinstein.
Censorship

+ - Verizon DSL Throttling Access to Skype?

Submitted by Gabriel Landau
Gabriel Landau (883930) writes "I've been trying to download Skype all weekend to talk to my friend in Prague from my home Verizon DSL connection. Every time I went to http://www.skype.com/download, the page took nearly forever to load, and the connection timed out before it loaded completely. Assuming their server was under heavy load all weekend, I came into work this morning and checked the site again; it loaded very quickly through my office T1 (non-Verizon). I just checked my home computer again, and the page still times out. Is Verizon intentionally throttling all traffic to Skype servers to force customers to use their own for-pay services? Is this behavior illegal and anti-competitive?"

"Don't talk to me about disclaimers! I invented disclaimers!" -- The Censored Hacker

Working...