QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

Hugh Pickens writes "NPR reports that owners of ships that ply the dangerous waters near Somalia are looking at options to repel pirates including slippery foam, lasers, electric fences, water cannons and high-intensity sound — almost anything except guns. One defense is the Force 80 squirt gun with a 3-inch nozzle that can send 1,400 gallons a minute 100 yards in any direction. 'It is a tremendous force of water that will knock over anything in its path and will also flood a pirate's ship very quickly,' says Roger Barrett James of the the Swedish company Unifire. Next is the Mobility Denial System, a slippery nontoxic foam that can be sprayed on just about any surface making it impossible to walk or climb even with the aid of a harness. The idea would be to spray the pirate's vessel as it approached, or to coat ropes, ladders, steps and the hull of the ship that's under attack. The Long Range Acoustic Device, or LRAD, a high-powered directional loudspeaker allows a ship to hail an approaching vessel more than a mile away. 'Knowing that they've lost the element of surprise is half the battle,' says Robert Putnam of American Technology Corp. The LRAD has another feature — a piercing "deterrent tone" that sounds a bit like a smoke detector alarm with enough intensity to cause extreme pain and even permanent hearing loss for anyone directly in the beam that comes from the device. But Capt. John Konrad, who blogs for the Web site Gcaptain.com, says no anti-pirate device is perfect. 'The best case scenario is that you find these vessels early enough that you can get a Navy ship detached to your location and let them handle the situation.'"

Hell Yeah! reminds us of a 2-week-old development that somehow escaped notice here. A team of Russian hackers has found a way to decipher a Yahoo CAPTCHA, thought to be one of the most difficult, with 35% accuracy. The Russian group's notice, posted by one "John Wane," is dated January 16. This site hosts a rapidshare link to what looks to be demonstration software for Windows, and quotes the Russian researchers: "It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition — one cent per one CAPTCHA."

The C|Net Crave blog has up an article exploring the history of console gaming, and wonders aloud about the pecking order of the various systems. "Gaming is so subjective that there is no single "greatest" system ever. It might sound like a cop-out, but it really depends on what standards you're using and what generation you grew up in. I loved the SNES, and would personally call it the greatest system of all time. However, the NES and PlayStation could both easily be called the best, based on the standards they set and the advances they presented to gaming." The Guardian follows up this piece, noting that the article's rose-colored recollections of the SNES days may not be entirely accurate. Subjective or not, it's a good question: which consoles have a valid place in history and which ones should be forgotten?

cranberryzero writes "The demo scene has been around for twenty years now, and it has grown by leaps and bounds. From the early days of programmers pushing the limits of Ataris and Amigas to modern landscapes with full lighting, mapping, and motion capture, demo groups have done it all and done it under 100k. To celebrate this art form, I heart Chaos takes a look at thirteen of the best demo programs on the web. Flash video links are included, but it's more fun to download them and give your processor something fun to chew on."

Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro. Groklaw carries the word from Barracuda that they intend to fight this case, and are seeking information on prior art to bring to trial. Commentary on the O'Reilly site notes (in strident terms) the strange reality of patents gone bad, while a post to the C|Net site explores the potential ramifications for open source security projects. "Barracuda has been able to leverage open source to bring down the cost of security. Early on Barracuda was blocking spam and viruses at roughly 1/10 the price of the nearest proprietary competitor (that was only selling an antivirus solution). Barracuda has helped to bring down prices across the board, and it has been able to do so because of open source. More open source equals less spam and more security. Trend Micro is effectively trying to raise the price of security." Slashdot and Linux.com are both owned by SourceForge.

HighWizard writes with word from Engadget that the iPhone SDK Key has been leaked early. "We're not exactly sure how this all went down, but we trust Erica Sadun over at TUAW when she says that it appears that the iPhone's SDK key — which will probably be required by all 'official' third-party apps — has been leaked. Two different sites currently have the key posted, but it's all just for show until next month, when the SDK hits for real — and the code is undoubtedly changed."