quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

justin.foell writes "The Electronic Frontier Foundation (EFF) has created a Surveillance Self-Defense site. Created with the help of the Open Society Institute, the site intends to serve as a how-to guide for protecting your private data against government spying. From their press release, they 'aim to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands.'"

Kelly writes "Google is now urging Gmail users to drop Internet Explorer 6 (IE6) in favor of Firefox or Chrome. Google recently removed Firefox from the Google Pack bundle, replaced it with Chrome, then added a direct download link for Chrome on Google and YouTube. Google's decision to list IE6 as an unsupported Gmail browser does not affect just consumers: Tens of thousands of small- and mid-sized businesses that run Google Apps hosted services may dump IE6 as well. What's especially interesting is the fact that Mozilla is picking up two out of three browser users that Microsoft surrenders."

Ste sends along the cheery little story of Otto Moerbeek, one of the OpenBSD developers, who recently found and fixed a 33-year-old buffer overflow bug in Yacc. "But if the stack is at maximum size, this will overflow if an entry on the stack is larger than the 16 bytes leeway my malloc allows. In the case of of C++ it is 24 bytes, so a SEGV occurred. Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975."

An anonymous reader writes "By using the Earth's vast underground caverns to store compressed air generated by wind farms at night, several U.S. municipalities will be 'going green' by using that stored energy to generate daytime electricity on the cheap. Engineers at a National Lab think compressed air stored in underground caverns could cut in half the cost of electricity."