Submission + - Gitionary: the git party game (ksplice.com)

Submitted by sdasher on Friday May 06, 2011 @02:25PM

sdasher writes: Finally, a chance to combine your love of version control and parties, with Gitionary. The brainchild of two MIT alums, it's a party game where you try to illustrate git commands. Personally, I'm still holding out for the Debugging Python RPG.

Submission + - Plumber Injection Attack in Bowser’s Castle (ksplice.com) 1

Submitted by Anonymous Coward on Friday April 01, 2011 @10:12AM

An anonymous reader writes: Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser’s Castle

Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.

This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available.

Hiding Backdoors In Hardware 206

Posted by Soulskill on Friday October 29, 2010 @12:12PM from the hamster-escape-route dept.

quartertime writes "Remember Reflections on Trusting Trust, the classic paper describing how to hide a nearly undetectable backdoor inside the C compiler? Here's an interesting piece about how to hide a nearly undetectable backdoor inside hardware. The post describes how to install a backdoor in the expansion ROM of a PCI card, which during the boot process patches the BIOS to patch grub to patch the kernel to give the controller remote root access. Because the backdoor is actually housed in the hardware, even if the victim reinstalls the operating system from a CD, they won't clear out the backdoor. I wonder whether China, with its dominant position in the computer hardware assembly business, has already used this technique for espionage. This perhaps explains why the NSA has its own chip fabrication plant."

Comment Re:slashdvertisement ... and full of crap. (Score 2, Insightful) 488

by sdasher on Sunday September 19, 2010 @11:53PM (#33632282) Attached to: Linux Kernel Exploit Busily Rooting 64-Bit Machines

Actually, RHEL and CentOS have still yet to release a fix. So for your average Linux sysadmin out there, there still isn't an easy-to-use fix. Well, besides Ksplice anyway.

Submission + - Linux kernel exploit aggressively rooting machines (seclists.org)

Submitted by Anonymous Coward on Sunday September 19, 2010 @09:53PM

An anonymous reader writes: Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch.

Submission + - Today is System Administrator Appreciation Day (sysadminday.com)

Submitted by ArbiterOne on Friday July 30, 2010 @12:09AM

ArbiterOne writes: The 11th Annual System Administrator Appreciation Day is today. Celebrated worldwide on the last Friday of July, this holiday honors those who fight in the digital trenches to keep the 'Net alive.

OpenDNS offers a way to remind your boss about the holiday, while another blogger shares war stories. The startup Ksplice created an homage to these heroes... in the style of Choose Your Own Adventure.

How are you celebrating Sysadmin Day?

Security Vulnerability Bingo 21

Posted by samzenpus on Friday July 02, 2010 @02:28PM from the fun-and-games dept.

An anonymous reader writes "Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play 'Security Vulnerability Bingo.'"

Submission + - Let's Play Security Vulnerability Bingo! (ksplice.com)

Submitted by Anonymous Coward on Thursday July 01, 2010 @01:19PM

An anonymous reader writes: Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play "Security Vulnerability Bingo".

Sniffing the Wireless Traffic of MIT Students 218

Posted by CmdrTaco on Thursday May 20, 2010 @12:56PM from the guess-who's-back dept.

An anonymous reader writes "Someone got permission to sniff the wireless traffic during an MIT class. The professor: none other than Robert Morris, creator of the first Internet worm! The lecture: computer security! I love it."

Submission + - Sniffing the wireless traffic of MIT students (ksplice.com)

Submitted by Anonymous Coward on Thursday May 20, 2010 @12:18PM

An anonymous reader writes: Someone got permission to sniff the wireless traffic during an MIT class. The professor: none other than Robert Morris, creator of the first internet worm! The lecture: computer security! I love it.

Submission + - Diskless Booting Making a Comeback? (ksplice.com)

Submitted by Anonymous Coward on Thursday May 06, 2010 @03:07PM

An anonymous reader writes: Ever wonder what happened to PXE? Intel's popular standard for diskless booting hasn't been updated since 1999, and has missed out on such revolutions as wireless Ethernet, cloud computing and iSCSI. An open-source project called Etherboot has been trying to drag PXE into the 21st century. One of their programmers explains how to set up diskless booting for your cloud, using copy-on-write to save space.

Submission + - Kernel prog shows how to exploit NULL pointers (ksplice.com)

Submitted by Anonymous Coward on Tuesday April 13, 2010 @02:10PM

An anonymous reader writes: Ever wondered what was so bad about NULL pointer exceptions? An MIT Linux kernel programmer explains how to turn any NULL pointer into a root exploit on Linux. (There was also a previous installment about virtual memory and how to make NULL pointers benign.)

Submission + - International Longest Tweet Contest seeks entries (ksplice.com)

Submitted by Anonymous Coward on Thursday March 25, 2010 @02:25PM

An anonymous reader writes: The 1st International Longest Tweet Contest is open for submissions until April 12. It looks to be a take-off of the famous Obfuscated C Contest. So far the record is 4.2 kilobits encoded per tweet, based on exploiting the fact that Twitter actually passes the full 31 bits of ISO 10646 (the international standard that Unicode is based on), not the roughly 20.08 bits/character of Unicode itself.

Submission + - Ubuntu Ksplice rebootless updates now available (ksplice.com)

Submitted by sdasher on Saturday June 27, 2009 @09:32AM

sdasher writes: Ksplice has started offering Ksplice Uptrack for Ubuntu Jaunty, a free service that delivers rebootless versions of all the latest Ubuntu kernel security updates. It's currently available for both the 32 and 64-bit generic kernel, and they plan to add support for the virtual and server kernels by the end of the month, according to their FAQ. This makes Ubuntu the first OS that doesn't need to be rebooted for security updates. (We covered Ksplice's underlying technology when it was first announced a year ago.)