Now, I don't say it's longer than the Golden Gate or the Japanese one, but here in Europe french people brag quite a lot about this bridge, which I've seen and is for sure very impressive...
Damn, I was going to register spreadopera.com and start competing with a certain other browser, but a whois shows that Opera already registered that domain!
a car that brakes when...
on
VW Goes USB
·
· Score: 0, Offtopic
a car that brakes when you push on the brakes pedal.
I'm all for devices that helps to drive the car, but only as long as, in last resort, you've got physical control on the car. In France we've seen several cars where the "cruise control" when berzerk and the car wouldn't decelerate anymore, people getting locked in their car (usually there's a manual procedure to open the windows/sunroof but not everybody is aware of this, etc.), etc. To summarize, lots of stupid, dumb "electronic failures" (really software failures 99% of the time).
Can you trust such a manufacturer to safely implement USB support?
Recently I had a Land Rover that wouldn't want to pass the 2nd gear and whose 1st gear was "hi" only when I was selecting "low 4wd" (got "fixed" by a reset of the device at the dealer). So this Land Rover has an nearly bullet-proof engine, but is f*scked up by stupid electronics. Sad. Really.
All I can say is "What The F*cking F*ck?" (I didn't coined that question).
I, for one, don't welcome our new "let's build cars full of gizmos that needs to be rebooted as often as certain mainstream OSes" overlords.
I may be part of a small minority, but there *are* people who wants a car that simply brakes when you hit the brakes pedal (I accept a device, like ABS, that helps, but only as long as if it fails the pedal still acts on the brake). Even if it's a niche market there are people, today, who buys, says, a Lotus Elise... A car that brakes when you push on the brakes pedal.
By the way, I'd like a car where all primary functions (moving, switching gears, braking, turning, etc.) were on an completely independant system than the gizmos. But it's not the way it is for the moment: "oh, you activated the wipers three seconds after switching to 3rd gear, that causes an IllegalStateException!".
So, well... consumer, have fun with your gizmo'ed VW TDIxtv-USB 2.0 "please reboot me", I'll stick with my late 80's 911 carrera (where the only piece of electronic controls the injection)...
And I hope you don't forget to ph34r 3133t h4x0rs for they'll be "own0r1ng y0ur piece-of-consumer-crap by Bluetooth" at the traffic light.
On a positive note: don't worry, that's just the beginning. Soon you'll get spam and "automatic updates" even if you didn't ask for it!
I know where to find the Java island in Indonesia, so I understand their swith to Java, but I don't seem to find any island named Linux, how comes they switch to that too ?
Today on/. I learned that text processing already existed 20 years ago (on the thread about Masachussetts choosing an open file format) and now... Now I learn that MS didn't invent the spreadsheet concept either !?
I didn't mean to say "the exploit won't allow access to any file".
What I specifically said, though, is that there's a huge difference between being able to access every single file of the harddisk and being able to access every file being accessible to the user running the browser.
The files you are worried about being read are your personal files (bank data passwords etc) which are in your normal user account anyway.
No, I've got a specific user account only for browsing (as a side note, my bank provides every single of its customer with an hardware security token, but that is another matter).
Do an ls -l on your home directory and see how many interesting files are world readable enabled.
You clearly don't get it. If it's a remote exploit giving access to the user's files, then the exploit can read all the file the user has access to (it doesn't matter if they're world readable or not). But then, that local exploit can read zero files from other user accounts, no matter if they're world readable or not: now you do an ls -l on the/home/ dir and you tell me what are are the permissions set on every user account's main dir.
So your point is moot.
Now you re-read this post, you re-read my original post, and you'll see that I get it. You may get it too, but it's not entirely clear when reading your somewhat confusing post.
It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest.
Only if the browser has all the rights, which is a very dumb thing to do no matter the platform.
On my main Un*x box, Firefox was installed in a normal user account (using the.tar.gz) and there's no way that a "Firefox expl0it" can access any file on my hard disk (and btw the risk for this particular exploit is zero: I don't use GM;)
I'm pretty sure that Firefox/GM installed in a non-privileged user account under Win2000/XP doesn't allow to access any file from the hard disk either.
I'm not trying to defend poor coding/security practice made by people who certainly should know better, but it's simply misinformation to say that access to the files accessible from a user account is equivalent to "all the files on the harddisk".
strange definitions of warez, xss, etc.
on
Anatomy of a Hack
·
· Score: 5, Interesting
I just read the whole FA (yup, I'm new here as my user ID can tell;) and I'm not sure what to think about it.
The metodology used is not extraordinary: setting up a purposedly insecure network then hacking (sic) it themselves using the known holes is kind of cheesy. It helps to show how it works, but I prefer the honeynet approach: setting up boxes with known (or not) security holes, then analysing how a real intruder creates havoc.
Then there's some strange (re)definition of words.
For example, straight from TFA:
There are several techniques for getting our tools (often called "warez") onto the database server.
Then, as a side note:
Warez is a hacker/attacker colloquialism. It comes from the term "software," but is now used varyingly to mean either "attack tools" or "bootlegged software." In this chapter, we use it in the former context.
I think it's the first time I see the term "warez" used to describe "attack tools" (sic). I used to live in ancient times where "warez" weren't yet called "warez", then "warez" became "warez". Now what? "warez" aren't "warez" anymore? As it changed? (then a great many online dictionaries definition should be updated btw.).
The definition of XSS is also interesting:
In Figure 2-5, we see that not only do we get logged on, but the application also displayed the fake username we sent it on the home page. This latter artifact is actually a separate type of vulnerability known as a cross-site scripting (XSS) vulnerability, where the user input is echoed directly to the screen without sanitizing it first. We will not use it in the following attack, but it is interesting to note that it is there.
This definition of XSS is wrong: it's not because we see what was typed that the input weren't sanitized (sic). And it's certainly not because we see what was entered that this could lead to code being executed on another user's computer. Moreover I find the last sentence of this paragraph misleading: We will not use it in the following attack, but it is interesting to note that is is there. Of course they're not using it: they're "hacking" the server(s), not joe random visitor's box.
Then there are quite a lot half-truth, that can also be misleading:
A fully compromised system cannot be trusted to tell you the truth. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it.
If by "fully compromised" it means that the BIOS has been flashed and now lies about the files it reports, I then more or less agree. However such a tool is improbable (not enough room in the BIOS memory and not all BIOS can be flashed at will). So by "fully compromised" that's probably not what they meant. How would then an attacker lie when booting from a CD and running the scan from the CD? Or when hooking the compromised HD as a second HD on a clean system? It's not like everybody run their virus/trojans/rootkits scanners from the suspicious host.
Then at the end of TFLA (the 'L' stands for "Long") they explain, in a very windowish style, how to recover from a "hack": reinstall everything, because there's nothing you can trust (besides Windows's installation medium?)
So is it about the anatomy of a "hack" or how to recover from a "hack"? Both? Then why not a single word about how to configure an IDS?
Speaking of IDS, from TFA:
Once we took over an entire network through an intrusion detection system.
WTF? I'm not sure if by their definition Snort qualifies as an IDS, but I run Snort in a passive way: no IP, not a single packet emitting from the box, etc. If an IDS becomes an entry point for intruders, then it's not an IDS but an IAS: Intrusion Automation System;)
The article could be summarized like this (like others already pointed out i
Of the thousands of security holes that exists, on every OS, how many are due to buffer overflow (buffer overrun)?
There are other attacks, but most of the "exploits" are due to a buffer overflow (90% of all exploits? 95%?). Heck, if I'm am not mistaken it was a buffer overflow that put an end to the "x years without a hole in the default OpenBSD install" slogan:(
Now how many buffer overflow did happen in the JVM in the last 10 years?
I think the answer is zero. And if it's not zero, it's only some implementation of the JVM that was at fault.
For me it's all about the sandbox. Java, Jython, Groovy, you-name-it... I don't care. As long as it targets the JVM. It's tried, lean, mean, rock solid technology. You just ain't escaping it.
In TFA (yup, I did read it), Gosling says that "The only serious divide is they (C# /.Net) have this unsafe mode which they use a lot. One of the principles I believe in is there shouldn't be an unsafe mode."
From the article, when comparing their sort to previous GPU sort: "These algorithms also implement Bitonic Sort on the GPU for 16/32-bit floats using the programmable pipeline of GPUs."
So as I understand it they made a very fast implementation (using the GPU) of an old algorithm suited to parallel processing: bitonic sort was published in 1968 (hey, where were the fast parallel processors in the late sixties;)
One year ago or so some XP serial number generating numbers that apparently cannot be dissociated from legit ones appeared. There is at least one.exe, called mskey4in1.exe or something like that, that can generate serial numbers that are recognized as legal by WGA.
Why would a pirate take the pain to use a temporary hack based on a legit copy of XP when he can directly generate a S/N that is recognized as legit and hence directly passes the WGA test?
Slashdot Mirror
No, it's not what you think.
The Japanese one got finished in 1998. But the "viaduc de Millau" opened to the public late 2004 and claims 2.440 meters.
French Wikipedia article: http://fr.wikipedia.org/wiki/Viaduc_de_Millau/
Or "Google image" on : "viaduc de Millau"
Now, I don't say it's longer than the Golden Gate or the Japanese one, but here in Europe french people brag quite a lot about this bridge, which I've seen and is for sure very impressive...
Damn, I was going to register spreadopera.com and start competing with a certain other browser, but a whois shows that Opera already registered that domain!
a car that brakes when you push on the brakes pedal.
:)
I'm all for devices that helps to drive the car, but only as long as, in last resort, you've got physical control on the car. In France we've seen several cars where the "cruise control" when berzerk and the car wouldn't decelerate anymore, people getting locked in their car (usually there's a manual procedure to open the windows/sunroof but not everybody is aware of this, etc.), etc. To summarize, lots of stupid, dumb "electronic failures" (really software failures 99% of the time).
Can you trust such a manufacturer to safely implement USB support?
Recently I had a Land Rover that wouldn't want to pass the 2nd gear and whose 1st gear was "hi" only when I was selecting "low 4wd" (got "fixed" by a reset of the device at the dealer). So this Land Rover has an nearly bullet-proof engine, but is f*scked up by stupid electronics. Sad. Really.
All I can say is "What The F*cking F*ck?" (I didn't coined that question).
I, for one, don't welcome our new "let's build cars full of gizmos that needs to be rebooted as often as certain mainstream OSes" overlords.
I may be part of a small minority, but there *are* people who wants a car that simply brakes when you hit the brakes pedal (I accept a device, like ABS, that helps, but only as long as if it fails the pedal still acts on the brake). Even if it's a niche market there are people, today, who buys, says, a Lotus Elise... A car that brakes when you push on the brakes pedal.
By the way, I'd like a car where all primary functions (moving, switching gears, braking, turning, etc.) were on an completely independant system than the gizmos. But it's not the way it is for the moment: "oh, you activated the wipers three seconds after switching to 3rd gear, that causes an IllegalStateException!".
So, well... consumer, have fun with your gizmo'ed VW TDIxtv-USB 2.0 "please reboot me", I'll stick with my late 80's 911 carrera (where the only piece of electronic controls the injection)...
And I hope you don't forget to ph34r 3133t h4x0rs for they'll be "own0r1ng y0ur piece-of-consumer-crap by Bluetooth" at the traffic light.
On a positive note: don't worry, that's just the beginning. Soon you'll get spam and "automatic updates" even if you didn't ask for it!
I know where to find the Java island in Indonesia, so I understand their swith to Java, but I don't seem to find any island named Linux, how comes they switch to that too ?
Today on /. I learned that text processing already existed 20 years ago (on the thread about Masachussetts choosing an open file format) and now... Now I learn that MS didn't invent the spreadsheet concept either !?
If I don't get it, then you don't get it either
I didn't mean to say "the exploit won't allow access to any file".
What I specifically said, though, is that there's a huge difference between being able to access every single file of the harddisk and being able to access every file being accessible to the user running the browser.
The files you are worried about being read are your personal files (bank data passwords etc) which are in your normal user account anyway.
No, I've got a specific user account only for browsing (as a side note, my bank provides every single of its customer with an hardware security token, but that is another matter).
Do an ls -l on your home directory and see how many interesting files are world readable enabled.
You clearly don't get it. If it's a remote exploit giving access to the user's files, then the exploit can read all the file the user has access to (it doesn't matter if they're world readable or not). But then, that local exploit can read zero files from other user accounts, no matter if they're world readable or not: now you do an ls -l on the
So your point is moot.
Now you re-read this post, you re-read my original post, and you'll see that I get it. You may get it too, but it's not entirely clear when reading your somewhat confusing post.
It seems rogue pages can read any file from your disk and send it to any site, using an XmlHttpRequest.
Only if the browser has all the rights, which is a very dumb thing to do no matter the platform.
On my main Un*x box, Firefox was installed in a normal user account (using the
I'm pretty sure that Firefox/GM installed in a non-privileged user account under Win2000/XP doesn't allow to access any file from the hard disk either.
I'm not trying to defend poor coding/security practice made by people who certainly should know better, but it's simply misinformation to say that access to the files accessible from a user account is equivalent to "all the files on the harddisk".
I just read the whole FA (yup, I'm new here as my user ID can tell ;) and I'm not sure what to think about it.
;)
The metodology used is not extraordinary: setting up a purposedly insecure network then hacking (sic) it themselves using the known holes is kind of cheesy. It helps to show how it works, but I prefer the honeynet approach: setting up boxes with known (or not) security holes, then analysing how a real intruder creates havoc.
Then there's some strange (re)definition of words.
For example, straight from TFA:
There are several techniques for getting our tools (often called "warez") onto the database server.
Then, as a side note:
Warez is a hacker/attacker colloquialism. It comes from the term "software," but is now used varyingly to mean either "attack tools" or "bootlegged software." In this chapter, we use it in the former context.
I think it's the first time I see the term "warez" used to describe "attack tools" (sic). I used to live in ancient times where "warez" weren't yet called "warez", then "warez" became "warez". Now what? "warez" aren't "warez" anymore? As it changed? (then a great many online dictionaries definition should be updated btw.).
The definition of XSS is also interesting:
In Figure 2-5, we see that not only do we get logged on, but the application also displayed the fake username we sent it on the home page. This latter artifact is actually a separate type of vulnerability known as a cross-site scripting (XSS) vulnerability, where the user input is echoed directly to the screen without sanitizing it first. We will not use it in the following attack, but it is interesting to note that it is there.
This definition of XSS is wrong: it's not because we see what was typed that the input weren't sanitized (sic). And it's certainly not because we see what was entered that this could lead to code being executed on another user's computer. Moreover I find the last sentence of this paragraph misleading: We will not use it in the following attack, but it is interesting to note that is is there. Of course they're not using it: they're "hacking" the server(s), not joe random visitor's box.
Then there are quite a lot half-truth, that can also be misleading:
A fully compromised system cannot be trusted to tell you the truth. Even virus scanners must at some level rely on the system to not lie to them. If they ask whether a particular file is present, the attacker may simply have a tool in place that lies about it.
If by "fully compromised" it means that the BIOS has been flashed and now lies about the files it reports, I then more or less agree. However such a tool is improbable (not enough room in the BIOS memory and not all BIOS can be flashed at will). So by "fully compromised" that's probably not what they meant. How would then an attacker lie when booting from a CD and running the scan from the CD? Or when hooking the compromised HD as a second HD on a clean system? It's not like everybody run their virus/trojans/rootkits scanners from the suspicious host.
Then at the end of TFLA (the 'L' stands for "Long") they explain, in a very windowish style, how to recover from a "hack": reinstall everything, because there's nothing you can trust (besides Windows's installation medium?)
So is it about the anatomy of a "hack" or how to recover from a "hack"? Both? Then why not a single word about how to configure an IDS?
Speaking of IDS, from TFA: Once we took over an entire network through an intrusion detection system.
WTF? I'm not sure if by their definition Snort qualifies as an IDS, but I run Snort in a passive way: no IP, not a single packet emitting from the box, etc. If an IDS becomes an entry point for intruders, then it's not an IDS but an IAS: Intrusion Automation System
The article could be summarized like this (like others already pointed out i
There are other attacks, but most of the "exploits" are due to a buffer overflow (90% of all exploits? 95%?). Heck, if I'm am not mistaken it was a buffer overflow that put an end to the "x years without a hole in the default OpenBSD install" slogan :(
Now how many buffer overflow did happen in the JVM in the last 10 years?
I think the answer is zero. And if it's not zero, it's only some implementation of the JVM that was at fault.
For me it's all about the sandbox. Java, Jython, Groovy, you-name-it... I don't care. As long as it targets the JVM. It's tried, lean, mean, rock solid technology. You just ain't escaping it.
In TFA (yup, I did read it), Gosling says that "The only serious divide is they (C# / .Net) have this unsafe mode which they use a lot. One of the principles I believe in is there shouldn't be an unsafe mode."
That's a good principle to believe in.
This is an implementation of the Bitonic sort.
;)
From the article, when comparing their sort to previous GPU sort: "These algorithms also implement Bitonic Sort on the GPU for 16/32-bit floats using the programmable pipeline of GPUs."
So as I understand it they made a very fast implementation (using the GPU) of an old algorithm suited to parallel processing: bitonic sort was published in 1968 (hey, where were the fast parallel processors in the late sixties
One year ago or so some XP serial number generating numbers that apparently cannot be dissociated from legit ones appeared. There is at least one .exe, called mskey4in1.exe or something like that, that can generate serial numbers that are recognized as legal by WGA.
Why would a pirate take the pain to use a temporary hack based on a legit copy of XP when he can directly generate a S/N that is recognized as legit and hence directly passes the WGA test?
they used a 6-bit counter :(