Submission + - Plumber Injection Attack in Bowser’s Castle (ksplice.com) 1
An anonymous reader writes: Security Advisory SMB-1985-0001: Plumber Injection Attack in Bowser’s Castle
Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.
This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available.
Ksplice, working in conjunction with Lakitu Cloud Security, has released a high-severity advisory about a Plumber Injection attack in multiple versions of Bowser's Castle. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact.
This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2". Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. A patch has been made available.
Submission + - Linux kernel exploit aggressively rooting machines (seclists.org)
An anonymous reader writes: Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and "Ac1db1tch3z" (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a "rebootless" version of the patch.
No More Need To Reboot Fedora w/ Ksplice 262
An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"
Submission + - Let's Play Security Vulnerability Bingo! (ksplice.com)
An anonymous reader writes: Ben Bitdiddle of MIT fame sends an open letter to system administrators encouraging them to stop patching their systems so they can play "Security Vulnerability Bingo".
Submission + - Blogger shows that cosmic rays are a real problem
Hanji writes: We have discussed the potential effects of and protections against cosmic ray radiation here before, but for the average computer user, it's an obscure threat that doesn't affect them in any real way. Well here's a blog post that describes a strange segfault and, after extensive debugging, traces it down to a single bit flip, probably caused by a stray a cosmic ray. Lots of helpful descriptions of Linux debugging techniques in this one, and a pretty clear demonstration that this can be a real problem. I know I'm never buying a desktop without ECC RAM ever again!
Submission + - Kernel prog shows how to exploit NULL pointers (ksplice.com)
An anonymous reader writes: Ever wondered what was so bad about NULL pointer exceptions? An MIT Linux kernel programmer explains how to turn any NULL pointer into a root exploit on Linux. (There was also a previous installment about virtual memory and how to make NULL pointers benign.)
Submission + - International Longest Tweet Contest seeks entries (ksplice.com)
An anonymous reader writes: The 1st International Longest Tweet Contest is open for submissions until April 12. It looks to be a take-off of the famous Obfuscated C Contest. So far the record is 4.2 kilobits encoded per tweet, based on exploiting the fact that Twitter actually passes the full 31 bits of ISO 10646 (the international standard that Unicode is based on), not the roughly 20.08 bits/character of Unicode itself.
Simpler "Hello World" Demonstrated In C 582
An anonymous reader writes "Wondering where all that bloat comes from, causing even the classic 'Hello world' to weigh in at 11 KB? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found that gcc was including libc even when you don't ask for it. The blog shows how to compile a much simpler 'Hello world,' using no libraries at all. This takes me back to the days of programming bare-metal on DOS!"
Submission + - Simpler "Hello World" demonstrated in C (ksplice.com)
An anonymous reader writes: Wondering where all that bloat comes from so even the classic "Hello world" now takes 11k? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found gcc was including libc even when you don't ask for it, and shows how to compile a much simpler "Hello world" — using no libraries at all. This takes me back to the days of programming bare-metal on DOS!
Submission + - "Mythical Man-Month" supposedly busted by MIT firm (ksplice.com) 2
An anonymous reader writes: We all know about the Mythical Man-Month, the argument that adding more programmers to a software project just makes it later and later. A Linux startup out of MIT claims to have busted the myth of the myth, using an MIT holiday month to hire 20 college student interns to get all their work done in a month and quadrupling its productivity. This picture shows the interns jammed in like sardines to a tiny room. We've written about them previously, but is this really who you want working on your kernel?
The Guardian Shifts To Twitter After 188 Years of Ink 211
teflon_king writes with news that renowned British newspaper The Guardian will be abandoning its paper-and-ink distribution scheme and publishing all articles and news as Tweets. Quoting:
"A mammoth project is also under way to rewrite the whole of the newspaper's archive, stretching back to 1821, in the form of tweets. Major stories already completed include '1832 Reform Act gives voting rights to one in five adult males yay!!!;' 'OMG Hitler invades Poland, allies declare war see tinyurl.com/b5x6e for more;' and 'JFK assassin8d @ Dallas, def. heard second gunshot from grassy knoll WTF?' Sceptics have expressed concerns that 140 characters may be insufficient to capture the full breadth of meaningful human activity, but social media experts say the spread of Twitter encourages brevity, and that it ought to be possible to convey the gist of any message in a tweet. For example, Martin Luther King's legendary 1963 speech on the steps of the Lincoln memorial appears in the Guardian's Twitterised archive as 'I have a dream that my four little children will one day live in a nation where they will not be judged by the colour of their skin but by,' eliminating the waffle and bluster of the original."
Submission + - MIT hacks XKCD talk with AACS key
Hanji writes: During a talk by popular webcomic author XKCD author Randall Munroe, MIT hackers
dropped hundreds
of labelled playpen balls onto the audience from hatches in the
ceiling. The labels bore XKCD's logo as well as the recently
discovered 16-byte AACS processing key.
Feed An S O S for 911 Systems in Age of High-Tech (nytimes.com)
The 911 system has not kept pace with the nation’s rapidly changing communication habits.
Feed Caption Contest: NYC taxis turn 100, have midlife crisis (engadget.com)
Filed under: Transportation
Apparently the New York taxi cab, a staple for fare-based "horseless carriage" rides, turns 100 this year. To celebrate, the NY International Auto Show is holding the Taxi 07 Exhibit, a showcase of radical re-conceptions of what the yellow and checkers can look like and do. Take, for example, the Standard, a natural gas powered vehicle with extended range; or Antenna Design's interactive signage, which offers up destinations and ride-sharing availability; or, possibly our favorite, Rides Magazine's Crown Vic (above). CNET's got the full scoop, check it out. Or, you know, leave a funny caption. As always we won't pick a winner, but perhaps your Engadget-reading peers will raise you on their shoulders, raise you high enough to get in that pimped out cab you see above.
Peter: "I can't take you to JFK, but we could go cruising for a couple of hours"
Ryan: "See BigFoot, this is what happens when you get freaky with the taxi groupies after the monster truck rally."
Evan: "After 20 thankless years on the job, Joe finally got cut off one too many times and decided to take action."
Paul: "Look out pedestrians... oh wait, it's a taxi, you already do."
Peter: "I can't take you to JFK, but we could go cruising for a couple of hours"
Ryan: "See BigFoot, this is what happens when you get freaky with the taxi groupies after the monster truck rally."
Evan: "After 20 thankless years on the job, Joe finally got cut off one too many times and decided to take action."
Paul: "Look out pedestrians... oh wait, it's a taxi, you already do."
Read | Permalink | Email this | Comments
BOLD MOVES: THE FUTURE OF FORD A new documentary series. Be part of the transformation as it happens in real-time
Office Depot Featured Gadget: Xbox 360 Platinum System Packs the power to bring games to life!
Slashdot Top Deals
"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison
