Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Programming

+ - Hardware hack: building a physical CPU load meter ->

Submitted by Anonymous Coward
An anonymous reader writes "A Ksplice developer published step by step instructions plus Arduino code for building a physical CPU load meter. It's a good introduction to embedded electronics or a nice afternoon project for the veteran hardware hacker. I'm glad to hear that the venerable MIT Swapfest from which the electronics were sourced is still alive and well after 25 years of "All Things Nerdly"."
Link to Original Source
Security

+ - Plumber Injection Attack in Bowser’s Castle-> 1

Submitted by Anonymous Coward
An anonymous reader writes "Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser’s Castle

Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.

This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available."

Link to Original Source
Programming

+ - Linux process states, signals, and job control->

Submitted by Anonymous Coward
An anonymous reader writes "How does disown let a remote job continue running even after you kill the shell that spawned it? Where do zombie processes come from? What is an ``uninterruptible sleep'', and how can we use it to temporarily fake a load average of 1500? Ksplice gives us a hands-on introduction to Linux process states, a fundamental concept in the Linux kernel."
Link to Original Source
Security

+ - One year of rebootless kernel updates on Linux->

Submitted by Anonymous Coward
An anonymous reader writes "One year ago, nobody believed you could update your kernel without rebooting.

It's been a year since we reported on the launch of Ksplice Uptrack, a subscription service for rebootless kernel updates on Linux. In that time they've deployed on 100,000 production servers, shipped 2 million rebootless kernel updates, and seen adoption on all 7 continents. I'm personally holding out until there are rebootless updates IN SPACE."

Link to Original Source
Security

Hiding Backdoors In Hardware 206

Posted by Soulskill
from the hamster-escape-route dept.
quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."
Security

+ - Why the NSA builds its own hardware->

Submitted by sdasher
sdasher (1586493) writes "Remember Reflections on Trusting Trust, the seminal paper describing how to hide a nearly undetectable backdoor inside the C compiler? Well, here's how to hide a nearly undetectable backdoor in a PCI card. The mechanism is to install some code in the PCI expansion ROM, which is run as part of BIOS initialization, which patches the BIOS to patch grub to patch the kernel to insert a remote backdoor. With China's dominance of the computer assembly industry, you have to wonder whether this method has already been used as part of their espionage efforts. I guess that makes clear why the NSA has its own chip fabrication plant."
Link to Original Source
Security

+ - Analysis of a hardware backdoor->

Submitted by Anonymous Coward
An anonymous reader writes "Remember Reflections on Trusting Trust? We know we can't trust our compilers, or our operating systems, or our userspace software. Now even our hardware might be out to get us. This post describes how to install a backdoor in the "expansion ROM" of a PCI card, which patches the BIOS to patch GRUB to patch the Linux kernel to give the controller remote root access. The upshot is that even if the compromise is detected and the victim reinstalls the operating from CD, the backdoor will still be there. Now you know why the NSA builds all its own hardware!"
Link to Original Source
Security

+ - Linux kernel exploit aggressively rooting machines->

Submitted by Anonymous Coward
An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch."
Link to Original Source
Security

+ - Second major hole in Linux being exploited in wild

Submitted by quartertime
quartertime (1764250) writes "CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel has been quite a doozy! The bug affects all 64-bit kernels going back to 2.6.26 (and was also backported into RHEL 5's 2.6.18 kernel) and wasn't fixed until last week — shortly before "Ac1db1tch3z" published code to let any local user become root. The exploit works on most versions of Red Hat, Debian and Ubuntu. Several vendors, including Ubuntu and Debian but not Red Hat, have rushed out new kernels to address this bug over the last 2 days. Red Hat's recommended workaround, it turns out, didn't actually close the hole — it just makes the published exploit not work. And Ac1db1tch3z's exploit is more malicious than your typical demo exploit: it leaves a backdoor behind for itself to exploit later even if the hole is patched. Hot-updates vendor Ksplice wrote a tool to see if your system has the backdoor installed (meaning you've been exploited) and has rushed out a "rebootless" patch to plug the hole in advance of Red Hat's own fix.

(Today's earlier article on the H-Online on CVE-2010-3301 incorrectly refers to the workaround Red Hat has recommended for CVE-2010-3081 as a workaround for CVE-2010-3301. The workaround is not effective for either vulnerability.)"

+ - Today is System Administrator Appreciation Day->

Submitted by ArbiterOne
ArbiterOne (715233) writes "The 11th Annual System Administrator Appreciation Day is today. Celebrated worldwide on the last Friday of July, this holiday honors those who fight in the digital trenches to keep the 'Net alive.

OpenDNS offers a way to remind your boss about the holiday, while another blogger shares war stories. The startup Ksplice created an homage to these heroes... in the style of Choose Your Own Adventure.

How are you celebrating Sysadmin Day?"

Link to Original Source
Unix

+ - Writing filesystems now as easy as Web apps->

Submitted by Anonymous Coward
An anonymous reader writes "Remember the old days of writing Web apps, when you had to parse the CGI arguments separately, do all the safety checks yourself and implement everything manually? Neither do I, but it looks like all the cool stuff from Web apps is making its way to writing filesystems. This guy shows how to writing an entire Linux filesystem in 50 lines of Python using "dispatch" techniques totally stolen from Ruby on Rails. Are we ready to give up the Web and go back to just using the filesystem for everything, the way Unix intended?"
Link to Original Source

"If truth is beauty, how come no one has their hair done in the library?" -- Lily Tomlin

Working...