If MS hides the vulnerability info, it's gonna leak anyway and now you gonna get owned and not even know it. If you publish early advisories, at least you got the chance to take some measures preventing the attacks. Remember, a zero day is a *unpublished* vulnerability. You don't want hackers with zero days in their hands.
Sorry, but that is plain wrong: If you can access the LAN from the IPv6 Internet, you can send a MultiCast Link-Level packet (Similar to a broadcast on IPv4) that reach ALL IPv6 machines on the LAN, and trigger the attack (My PoC does that). This kind of packet can be blocked, but are needed on some Network-discovery schemes. Even if the firewall on the LAN blocks all IPv6 Packets, you can encapsulate a Multicast Link-Level packet on a 6to4 IPv4 tunnel, send it to a IPv4 machine on the LAN, and this machine will forward the IPv6 packet to all machines on the LAN. I think that some distros of linux enable the 6to4 tunnel on the kernel by default. Making the parent post +5 Informative gonna make a lot of IT people unaware of the real danger.
Hi, I was the lucky one that found the bug. Its pretty severe, not easy to exploit. As an old Slashdotter, I really apreciate the Open-Source folks and would like to have found a Windows or oracle bug. But this is my work, and Im sure that OpenBSD is even more secure now. Theo was a little reluctant to accept the severity of this bug, but its not uncommon when you found a security risk. BTW, Linux had a very similar vulnerability just yesterday, look here
Why it can't be like ddb, the OpenBSD debugger. You press Ctrl+Alt+Esc and Bam! you are debugging the kernel, with full symbols and breakpoints. Very cool kernel debugger.
How much effect did one million Brits protesting in the streets have on Blair's policy towards Iraq? The protest more, and protest better. A millon of *enraged* brits would have caused quite a impression, like when it happen here
I'm starting to work in the field of artificial vision for mi thesis and the goal on our lab is to replicate Humayun's results. This is a retinal implant (inside your eye), in constrast to a cochlear one (inside your brain). The cochear implants tends to fry you brain in the long run, but there are so many neurons that this takes a lot of time. The retinal chips are much more easy to build and implant, but the range of deseases cured are less, as not many blind people has a working retina or optic nerve. SVGA resolution may be overkill for the eye, you have a zone of very high resolution in the center of your vision, and very low on the borders. And the distribution of the "pixels" is radial rather than rectangular. And i think that a direct connection to the eye is a natural progression of computer interfaces, and a very useful one. I'm not blind and got a perfect vision but if I get the chance, I would get the implant when they become more advanced.
4 months old, no problems so far. All in all, is a excellent machine. Very quiet, and ubuntu installs perfectly, in fact it recognizes all the devices (Including the TPM chip), something that even Windows XP fails to do. I didn't realize the VT thingy, but is very important to me because i was planning on building a hypervisor myself some day. So, thanks slashdot. I was going to become crazy debugging my app:)
Yeah Come on, Slashdot too is Washing the minds of all the Americans to make they know how evil is the iranian regime!! I can not beleive how the US is preparing another invasion and making this BULLSHIT news to gain support and acceptance! Bastards, i don't swallow it. Its all bullshit and make me sick. How is that there were no news about Iran a year ago? Bullshit I say!
I dont want to make you mad, but your rant is based mostly on ignorace. I beleived the same about these bugs, but about a year ago I learnt about buffers overflows. There is no need for the data and code to be purposely embedded. There is no "feature" of putting code inside the file, but the exploit is just that: Executing bytes that were supposed to be data.
Ok, I gonna give some specs, so we can know what are we talking about: A TPM is a microcontroller that can do RSA and some hashing functions (SHA1). Its installed on most new notebooks, like all the Apple Macbooks. My HP Laptop has one, the Infineon SLB 9635. It has all kind of tampering protections, like an active random number signal shielding, etc. Specs are Here . It is not a Crypto accelerator. Typically a TPM chip is *slower* than a equivalent cipher operation realized on the CPU. Linux has drivers for It. Interestingly, my chip, the SLB9635, is flasheable... All TPM 1.2 Microcontollers have a unique internal RSA 2048 bit private key, (This is the key being hidden to the user) that inserts on the trust chain, whose root is MS, (Not sure about this). You can tamper with it, flash it, etc. If the chip detect some anomaly, it wont stop working, but only flag it with one bit. One of many things that can be done with it, is to hash all the software installed and sign it with the private key. Then some vendor can check if you have approved software with valid licenses. Sure you can put linux and forget about it, but, like the number of the beast, soon you gonna need one to buy and see things.
Nice article, but for the technical inclined, here are one product page, including datasheets, etc. From one of the datasheets: Max. acceleration supported: 3000 G for 0.5s, 10000 G for 0.1s. Good luck breaking that one.
I have a HP 9420, 17" Laptop. For me, its much better than my former 12", only 0.5 Kg more than a equivalent 15" and much better screen. The trick is to leave the battery at home. The "Massive" power source weights only 200 g. What is better for your back? supporting 3 kg of gear, or being 5+ Hours arching over a small screen?
Dude: Hi whats up?...What's that in the horizon...oh noes is Snailzilla!!!! *Snailzilla advances* Dude: It is coming!! man, its really slow, but is coming... *Snailzilla advances* Dude: I wonder whats on TV.... Dude: zzzzzz...... Dude: zzzzzz... Oh Shit!! I totally forgot about Snailzilla!....ARGGGHG!!! GULP! *Snailzilla eats Dude* *Snailzilla advances*
Slashdot Mirror
Bullshit. Core Security has some exploits for OS/X on their Impact product. Metasploit sure have some too.
Disclaimer: I do work for them.
Hi! I work atacking linux boxes, specially Ubuntu.
Is fucking hard!! fuck randomization!!!
ok i'm fine now.
bye!
but sure will run linux.
we wouldn't need the mafia!
If MS hides the vulnerability info, it's gonna leak anyway and now you gonna get owned and not even know it. If you publish early advisories, at least you got the chance to take some measures preventing the attacks.
Remember, a zero day is a *unpublished* vulnerability. You don't want hackers with zero days in their hands.
Sorry, but that is plain wrong:
If you can access the LAN from the IPv6 Internet, you can send a MultiCast Link-Level packet (Similar to a broadcast on IPv4) that reach ALL IPv6 machines on the LAN, and trigger the attack (My PoC does that). This kind of packet can be blocked, but are needed on some Network-discovery schemes.
Even if the firewall on the LAN blocks all IPv6 Packets, you can encapsulate a Multicast Link-Level packet on a 6to4 IPv4 tunnel, send it to a IPv4 machine on the LAN, and this machine will forward the IPv6 packet to all machines on the LAN.
I think that some distros of linux enable the 6to4 tunnel on the kernel by default.
Making the parent post +5 Informative gonna make a lot of IT people unaware of the real danger.
Total first post recall
Hi, I was the lucky one that found the bug.
Its pretty severe, not easy to exploit. As an old Slashdotter, I really apreciate the Open-Source folks and would like to have found a Windows or oracle bug. But this is my work, and Im sure that OpenBSD is even more secure now.
Theo was a little reluctant to accept the severity of this bug, but its not uncommon when you found a security risk.
BTW, Linux had a very similar vulnerability just yesterday, look here
Why it can't be like ddb, the OpenBSD debugger. You press Ctrl+Alt+Esc and Bam! you are debugging the kernel, with full symbols and breakpoints. Very cool kernel debugger.
A millon of *enraged* brits would have caused quite a impression, like when it happen here
Yes, don use this code.
They are exploitable bugs known as off by one overflows and Integer overflows .
I hope not, but these bugs may be there on purpose.
And programmers have a system that only serves programmers: Linux :p
I'm starting to work in the field of artificial vision for mi thesis and the goal on our lab is to replicate Humayun's results. This is a retinal implant (inside your eye), in constrast to a cochlear one (inside your brain).
The cochear implants tends to fry you brain in the long run, but there are so many neurons that this takes a lot of time. The retinal chips are much more easy to build and implant, but the range of deseases cured are less, as not many blind people has a working retina or optic nerve.
SVGA resolution may be overkill for the eye, you have a zone of very high resolution in the center of your vision, and very low on the borders. And the distribution of the "pixels" is radial rather than rectangular.
And i think that a direct connection to the eye is a natural progression of computer interfaces, and a very useful one. I'm not blind and got a perfect vision but if I get the chance, I would get the implant when they become more advanced.
You have to give credit to the bible this time...
Genesis 14:10 : DONT GET A UNIQUE MARK, ASSHOLE
(That is my way to interpret it).
As yesterday, HP has a BIOS patch for my nx9420 (F19) that adds the infamous VT on Core Duos.
:)
It already feels more powerfull,
now lets make that rootkit...
"They are 2 completely different hashing algorithms"
This is not exactly true. Take a look at the source, they are very, very similar.
Because of this they were broken almost at the same time.
4 months old, no problems so far. :)
All in all, is a excellent machine. Very quiet, and ubuntu installs perfectly, in fact it recognizes all the devices (Including the TPM chip), something that even Windows XP fails to do.
I didn't realize the VT thingy, but is very important to me because i was planning on building a hypervisor myself some day.
So, thanks slashdot. I was going to become crazy debugging my app
Yeah Come on, Slashdot too is Washing the minds of all the Americans to make they know how evil is the iranian regime!! I can not beleive how the US is preparing another invasion and making this BULLSHIT news to gain support and acceptance!
Bastards, i don't swallow it. Its all bullshit and make me sick. How is that there were no news about Iran a year ago? Bullshit I say!
Sorry about the rant.
I dont want to make you mad, but your rant is based mostly on ignorace. I beleived the same about these bugs, but about a year ago I learnt about buffers overflows. There is no need for the data and code to be purposely embedded. There is no "feature" of putting code inside the file, but the exploit is just that: Executing bytes that were supposed to be data.
Maybe not as cool as Linux, but i have made my own OS. And built a ethernet firewall with it. You learn a lot writing those things...
Ok, I gonna give some specs, so we can know what are we talking about:
A TPM is a microcontroller that can do RSA and some hashing functions (SHA1).
Its installed on most new notebooks, like all the Apple Macbooks. My HP Laptop has one, the Infineon SLB 9635. It has all kind of tampering protections, like an active random number signal shielding, etc. Specs are Here .
It is not a Crypto accelerator. Typically a TPM chip is *slower* than a equivalent cipher operation realized on the CPU.
Linux has drivers for It. Interestingly, my chip, the SLB9635, is flasheable...
All TPM 1.2 Microcontollers have a unique internal RSA 2048 bit private key, (This is the key being hidden to the user) that inserts on the trust chain, whose root is MS, (Not sure about this).
You can tamper with it, flash it, etc. If the chip detect some anomaly, it wont stop working, but only flag it with one bit.
One of many things that can be done with it, is to hash all the software installed and sign it with the private key. Then some vendor can check if you have approved software with valid licenses.
Sure you can put linux and forget about it, but, like the number of the beast, soon you gonna need one to buy and see things.
Alfred
Nice article, but for the technical inclined, here are one product page, including datasheets, etc.
From one of the datasheets: Max. acceleration supported: 3000 G for 0.5s, 10000 G for 0.1s.
Good luck breaking that one.
Funny, the Slashdot banner in this history reads "Politics for nerds. Your Vote Matters".
I have a HP 9420, 17" Laptop. For me, its much better than my former 12", only 0.5 Kg more than a equivalent 15" and much better screen.
The trick is to leave the battery at home. The "Massive" power source weights only 200 g.
What is better for your back? supporting 3 kg of gear, or being 5+ Hours arching over a small screen?
Dude: Hi whats up?...What's that in the horizon...oh noes is Snailzilla!!!! ... ...
*Snailzilla advances*
Dude: It is coming!! man, its really slow, but is coming...
*Snailzilla advances*
Dude: I wonder whats on TV.
Dude: zzzzzz...
Dude: zzzzzz... Oh Shit!! I totally forgot about Snailzilla!....ARGGGHG!!! GULP!
*Snailzilla eats Dude*
*Snailzilla advances*