Forgot your password?
typodupeerror

Comment: Re:Matlab and a few games (Score 1) 222

by moyix (#44731713) Attached to: What percentage of the software you use regularly is open source?

What about your wireless router? The firmware in your car? Your smartphone? Hell, even MicroSD cards run an embedded OS on an ARM processor to handle bad block remapping and to make it easier to test the cards before they leave the factory.

If you want to stick strictly to your desktop PC, let's talk about the software running on your network card, GPU, SSD, hard drive (some hard drives even have serial ports that you can connect to and see terminal output!).

I guarantee you that you use a *lot* more computers every day than you realize, and the vast majority of them run proprietary software.

Comment: Re:That was rather pretty (Score 1) 291

by moyix (#30216422) Attached to: English Shell Code Could Make Security Harder

I also had a paper at this year's CCS conference, so perhaps I can shed some light on the process. The publisher had some fairly picky requirements for the PDFs, and warned that most PDFs created by (for example) pdflatex would probably not pass muster. So along with a PDF we had to submit a Postscript file so that they could distill it into a PDF that met their requirements if necessary. That's likely what happened here--the final Acrobat Distiller step was probably done by the publisher to make everything fit their publishing requirements.

Comment: Re:Vendor B ancient IOS (Score 1) 196

by moyix (#26951141) Attached to: How a Router's Missed Range Check Nearly Crashed the Internet

I believe this has been shown incorrect; from the article:

As it turns out, the reason for all those routing resets and general instability was due to a previously unknown Cisco bug involving AS paths close to 255 in length.

(emphasis mine). More info:

http://blog.ioshints.info/2009/02/oversized-as-paths-cisco-ios-bug.html

And the Cisco description (the bug ID, CSCsx73770, is linked in there, but you need a login to access it):

http://tools.cisco.com/security/center/viewAlert.x?alertId=17670

Comment: Re:This seems abrupt (Score 1) 856

by moyix (#26688951) Attached to: Windows 7 To Skip Straight To a Release Candidate

Last time I installed Ubuntu it still asked for a password for the normal user account. It asked for that same password when it needed to elevate privileges and perform some configuration command as root (via sudo).

So, you have a password, and if you need to you can get root-level privs, but the random everyday stuff you do doesn't have the potential to wipe out the whole OS.

Seems like a win-win to me, really.

Security

+ - Damn Vulnerable Linux

Submitted by
Scott Ainslie Sutton
Scott Ainslie Sutton writes "Enterprise GNU/Linux Resource Linux.com have highlighted a newly created GNU/Linux distribution named Damn Vulnerable Linux, built upon Damn Small Linux. The distribution, headed by Thorsten Schneider, aims to deliver the Operating System in such a way that it allows Security Students first hand insight and hands on experience with Security issues within GNU/Linux in order to teach them protection and mitigation techniques The project's website describes the distribution as 'the most vulnerable, exploitable Operating System ever' and it's true, the developers have ensured that it contains outdated, ill-configured, flawed code and contains GNU/Linux 2.4 Kernel which is known to have many exploitable avenues in itself. Damn Vulnerable Linux's website can be viewed here."
Encryption

+ - Final AACS key found

Submitted by julie-h
julie-h (530222) writes "The PowerDVD AACS private key for playing Blu-Ray and HD-DVD's have been found. This was the last key needed. What does this mean? We don't have to sniff/snoop Volume IDs anymore. We can create a program that can decrypt (or play if you will) a disc without any need for WinDVD or PowerDVD. So no sniffing/extracting of keys anymore. And more over: it can work on all platforms... In other words: we can make our own independent, user friendly player (or decrypter)."
Security

+ - Released Wordpress source code included hack

Submitted by
Slinky Sausage
Slinky Sausage writes "Thousands of servers running the Wordpress blogging software are at tremendous risk after it was revealed that a cracker had hacked into the Wordpress download servers and modified the software's source code. The hack was done shortly after the new version 2.1.1 was released, and the hack was undetected for several days, meaning that thousands of people who have upgraded to the latest 'security release' version of Wordpress have unintentionally installed what amounts to a trojan horse on their web server."

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Working...