Forgot your password?
typodupeerror
Security

+ - Openwall Linux 3.0: no SUIDs, anti log spoofing-> 2

Submitted by solardiz
solardiz (817136) writes "Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source."
Link to Original Source

Comment: Re:Ok... (Score 4, Interesting) 230

by taviso (#34109058) Attached to: Serious Security Bugs Found In Android Kernel

Odd question.

I don't know about three days, but certainly under a week, which is completely normal in free software. Proprietary vendors generally want between six months and two years, but free software vendors and projects very rarely ask for more than a week or two delay before publication.

In fact, Linus famously tells people not to tell him about any security issue you want kept secret for more than a week, as he will just go ahead and fix it.

Comment: Re:Ok... (Score 5, Interesting) 230

by taviso (#34107090) Attached to: Serious Security Bugs Found In Android Kernel

Odd, I don't know why you're picking on me, but I assume "Android Kernel" is marketing-speak for "Linux", in which I've reported found and fixes dozens of flaws over the years.

As you're so interested, here are some from the last month or two that you can take a look at.

CVE-2010-3080, A use-after-free in snd_seq_oss_open
CVE-2010-2960, A to-userspace dereference in keyctl_session_to_parent.
CVE-2010-2954, Kernel panic and to-userspace dereference in AF_IRDA sockets.
CVE-2010-3067, Various problems with aio (things like aio_submit())

The coverity results I've seen in the past are generally very low quality with a high density of chaff. I haven't seen the report they're talking about, but would be surprised if there were any noteworthy findings with any significant security impact. The only report I've seen them publish that had any convincing vulnerabilities was in 2006, where they found a verifiable privilege escalation in XFree86 (due to a pretty horrendous typo).

I'm a little saddened that you so readily associate me with Windows security, where as I consider myself primarily a Linux security developer, but I guess I'm flattered that where I spend my time is so important to you.

(perhaps a little creepy, though).

Comment: Re:Elite (Score 3, Insightful) 134

by taviso (#32980344) Attached to: Google Up Ante For Disclosure Rules, Increases Bug Bounty

Actually, his comment was entirely accurate.

I've reported dozens of critical vulnerabilities in Microsoft software over the years, and I still have multiple open cases with Microsoft security, this particular case wasn't as simple as you have assumed. I would not be so presumptuous to explain the ethics of your work to you, but evidently you believe you're qualified to lecture me in mine.

If I were to read the sensationalised lay-press coverage of your latest publication or project, would it prepare me to write a critique of your
work?

Comment: Re:Seriously? (Score 1) 926

by pydev (#30706092) Attached to: Slovak Police Planted Explosives On Air Travelers

I assume you have examples? Because I've seen several claims of this sort, and so far they've all been rubbish.

Are you a linguist and statistician? If not, you lack the skills to make that determination.

Furthermore, there are several things described in the Book of Mormon that are quite clearly supported by history, but only discovered by scientists long after the Book of Mormon was published.

That's anecdotes not evidence. Furthermore, all major religions have those kinds of anecdotes, so they are not particularly convincing. I'm not enough of an expert on all those fields to counter every one of those anecdotes; I know enough about some fields to know that the Book of Mormon cannot be what it claims to be.

Comment: Re:OK, just a second now... (Score 4, Informative) 189

by taviso (#30060732) Attached to: Microsoft Plugs "Drive-By" and 14 Other Holes

I discovered this bug (check the credit section in the advisory), so can explain. The bug is in parsing a component of TTF files, which are handled by the GDI kernel subsystem in Windows. Anything that tries to load fonts can be used to exploit this vulnerability, as they will eventually reach this code, Internet Explorer just happens to be the easiest way to reach it remotely.

Other browsers _are_ affected, the difference is that there's only one level of indirection before the vulnerable code in Internet Explorer, and at least two in other browsers. This is because IE supports EOT files directly, which via TTLoadEmbeddedFont() are decoded and passed straight to GDI, where as other browsers take a TTF input, convert it into an EOT and then pass that to TTLoadEmbeddedFont, so you have to convince three different chunks of code your input is valid (the browser, t2embed, then gdi), instead of just two in IE.

If you use any browser that support @font-face on Windows (Safari, Firefox 3.5+), you should still patch and reboot.

Microsoft

+ - Internet Explorer Vulnerability Compromises Kernel->

Submitted by Anonymous Coward
An anonymous reader writes "Microsoft have just released patches for a critical vulnerability in Internet Explorer that allows attackers to compromise the Windows Kernel remotely — just visiting a web page is enough to completely takeover a system, even if you're an unprivileged user! This one is serious folks — Microsoft have given this bug an Exploitability Rating of 1 (the highest) and a Deployment Priority of 1 (also the highest). Don't wait, patch right now and remember to reboot!"
Link to Original Source
Security

+ - Microsoft plugs 15 holes, including drive-by bug->

Submitted by CWmike
CWmike (1292728) writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. None affect Windows 7, the company's newest operating system. Of today's 15 bugs, three were tagged "critical" by Microsoft, while the remaining 12 were labeled as "important," the next-lowest rating in the company's four-step severity scoring system. Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows with the exception of Windows 7 and its server sibling, Windows Server 2008 R2. "The Windows kernel vulnerability is going to take the cake," said Andrew Storms, director of security operations at nCircle Network Security. "The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario." Richie Lai, the director of vulnerability research at security company Qualys, agreed. "Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.""
Link to Original Source
Microsoft

+ - MS pulls Windows 7 tool after GPL violation claims 1

Submitted by Sam
Sam (666) writes "Ars Technica reports: Microsoft has pulled the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open-source code in a way that violated the GNU's General Public License (GPL). Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool (WUDT) from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. "We apologize to our customers for any inconvenience." The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers."

One possible reason that things aren't going according to plan is that there never was a plan in the first place.

Working...