Heap spray vulnerabilities don't require manipulating the stack at all; for an example, see iFrame exploit in IE, so this will happily exploit your NX -fstack-protector application, if you have such a vulnerability.
A program compiled with -fstack-protector is indeed more secure from stack attacks, but it doesn't prevent all such attacks: if you compile against a vulnerable library, the library will not get protection (unless it too was compiled this way), and your program could still be compromised.
There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation Asian Development Bank, established in the United States Drug Enforcement Administration, and the Palestinian territories, the International Telecommunication Union, the result of the collapse of large portions of the three provinces to have a syntax which can be found in the case of Canada and the UK, for the carriage of goods were no doubt first considered by the British, and the government, and the Soviet Union operated on the basis that they were the US Navys interpretation of the state to which he was subsequently influenced by the new government was established in 1951, when the new constitution approved it you King, he now had the higher than that the M.G.u, and soul shouters like Diane. There's a mama maggot including the major justifications that the test led to his own. This is usually prepared by the infection of the Sinai to the back and the Star Destroyers in the parliament, by the speed of these books and the revival of environmental problems of their new Arab states of the Arctic as a more and they possess power to the effort she was especially valuable as the Union and that would have said, as to note that the goods, which the night that if ever I rode after the word Father upon His Church to claim that the peace that had permitted him the city are as a hand of one into I thought of Mr. Crow and the Jews by the days of the C.Cs front garden which had first to St Cyriacus. All of a theology in the setting in a human heart as the tale of this day. I have it to friendship and the States that the way the English of the St Lawrence seven miles of an adjutant...
Now, would you have guessed that this is executable machine code (shellcode)? Honestly, it looks more like the garbage that spammers use to defeat statistical analysis (indeed, this is code generated with a similar goal).
(P.S. this particular sample is merely an amalgamation of the code which was reproduced in the paper; it is not complete, and will therefore not execute).
When the recipient is a computer system and no humans are involved, this becomes far more dangerous (and besides, these messages look like educated spam rather than total gibberish, and would probably even pass a simple spam filter).
Basically, the paper is talking about defeating signature or heuristic analysis of shellcode. Normal shellcode looks nothing like English text, whereas this code has a very similar statistical distribution to real English text, meaning that heuristics likely would not flag the code as suspicious. Once it's in the system, all it takes is an exploit of almost any form to compromise a system.
Unfortunately, this does not fully solve the problem. Say, for instance, that you've managed to get a buffer overflow on a system, and you now have control over the stack (which is marked RW, but not X). Then, you overwrite the return address of the current function to mprotect() and stick some arguments on it which change the stack protection to RX (there are good reasons for doing this in actual practice, e.g. executable compressors like UPX, or executable thunks on the stack); this type of attack is known as a "return-to-libc" attack. If you can successfully overwrite the next lower return address as well, then you can ensure that your shellcode is executed after mprotect returns.
Even if we assume that the stack is permanently fixed at RW, this does not prevent heap spray attacks which place executable code on the heap and overwrite return addresses on the stack to point at the heap. If the heap is marked RW, then we can just repeat the same process as used above to call mprotect.
Prohibiting execution on writable segments seems sensible, but in the face of functions which can change the protection bits, it is ineffective. Further, simply restricting the use of those functions is potentially too restrictive, as in the case of some runtime environments which rely on the ability to execute dynamically generated trampoline code to implement key features (for instance, GCC may generate trampoline code to call nested functions), as you mentioned with your second paragraph.
Simple capitalism: these things make money for the operators, so they have incentive to protect their assets; in the case of a botnet, this means protecting their zombie machines from being controlled by someone else, and preventing the machines from being easily cleaned.
That is, until botnet operators start using BitTorrent (or a derivative of it) to transmit commands and Comcast gets a new excuse to throttle torrents.
In all likelihood, they couldn't send commands even if they wanted to: modern botnets typically check incoming data against an internally held digital signature, and so forging commands is extremely difficult (basically impossible) without the private key which corresponds to the signature.
I don't see a general speech-to-speech translator here. The closest I can get is the "Speereo Voice Translator" which is simply an audio phrasebook, not a speech-to-speech translator like Jibbigo claims to be.
Watch the video. The app has two "textboxes" corresponding to the two languages, and a record button underneath each. After you record the message, the interpreted text shows up in the top, and the translated text in the bottom, followed by a robotic reading of the translation. So yes, it shows the English phrase, and if the video is real then this technology shows some real promise.
He got you to read his article, didn't he? I think he decided to make a bad review of 7 just because, in a sea of decent reviews, his would stand out and get more pageviews.
I refuse to read Dvorak, because I really don't think he has anything useful to add.
The only problem with this scenario is that it assumes that the user has been conned into adding some unchecked repositories, something which is not terribly easy to do (at the very least you have to go out of your way to do this, such as editing a configuration file, mucking with the settings in some GUI, etc.), and which a regular Joe would probably never do (since the system-default repositories are likely to be sufficient for him).
On the other hand, the user might end up downloading a package, self-extracting shell script, tarball or some other program containing malware off the Internet, and infect himself by executing it, regardless of how sane the package manager is. Most Linux users are, as far as I can tell, fairly well-versed in computer knowledge, and so this is an unlikely scenario. However, if Linux gets to the point where the "unwashed masses" can use it, then I would expect this sort of malware to increase in frequency.
You can still download apps off iTunes, and it is possible to create free accounts in other countries without needing a credit card (you simply need to switch stores and download a free app).
So, if you proxy iTunes, and use a foreign (e.g. American) account to purchase apps, there's not a whole lot censorship can do.
Except that in this case, the USB-IF *does* care, and has specifically stated that the vendor ID is to be used *only* by the company to whom it is assigned. In this case, that means that Palm has no right, under the contract they (presumably) entered into with the USB-IF, to use the vendor ID assigned to Apple. If Palm wants to forfeit their USB-IF membership, and the exclusive rights to their vendor ID, they can go right ahead; it's not a criminal offense to break a contract.
BlackBerry's Desktop Manager, released today for the Mac, syncs with iTunes, and it does so without having to pretend it's an iPod. Dozens of other applications for interacting with, and syncing with the iTunes library exist, most (all?) based on the "iTunes Music Library.xml" file which iTunes maintains as a readable version of its library.
In short, Palm could definitely have implemented their own sync mechanism which syncs with iTunes, but instead opted to trick iTunes, for some reason.
If you don't want that price tag, you can spring for an iPod touch instead. $199 for 8GB, $299 for 32GB, and the games are almost universally less than $20 -- Madden NFL is only $9.99. Not only does that give you a (casual) gaming device, but you get a mobile Internet browser (wherever there is WiFi), and access to the majority of the 70K+ apps on the Apple App Store.
Can I make phone calls while on the go on an XBox 360? There's something you're missing here -- an iPhone/iPod touch does more than play games.
For example, I use my iPod touch to read course notes and eBooks while away from my computer (which is most of my day). I use it to browse the Internet, check e-mail, look up useless facts on Wikipedia (:P), and, yes, play casual games like Tetris, puzzle games, and Tap Tap Revenge (3 TTR). I have about 15 games on it, all obtained for free but yet most of which are quite high-quality standalone games (only 5 of these are "Lite" apps; the other 10 are full versions which were available for free).
There's also a Chinese dictionary (and a Mandarin phrasebook), a graphing calculator, and the collected works of Shakespeare, to name a few other apps on my iPod.
So, even though I didn't purchase the iPod (it was a gift), I would have gladly spent $299 for the features I can get. For me, serious gaming is something I can get on my PC, and most anything else which ordinarily would require a computer I can do now on my iPod.
Did I mention the iPod also happens to play music and videos?
I have an iPod touch running iPhone OS 3.1.1, so I tried these two projects out.
Skulpt works, but the console does not (I had to use the quick-links to test code). This is relatively easy to fix by using a textbox instead of using keyboard events. It would be very simple to write a simple webapp which evaluates Python code in the Safari browser. However, as I see it, Skulpt is still quite immature -- it doesn't implement much of the language (e.g. classes work, but can't be instantiated because Skulpt thinks you are trying to call the type object, instead of constructing it), and it doesn't do imports at all.
Pyjamas works extremely well, though it is compiled as pure JS and thus lacks (AFAIK) an "exec" method to run arbitrary Python code.
Given that Skulpt features a decent Python parser but lacks much of the core functionality, and Pyjamas implements a lot of functionality but lacks a parser built in JS, I think the projects would be mutually beneficial.
It's basically the same version, but the iPhone edition is labeled 3.1, while the iPod edition is 3.1.1. I don't think there's a major difference in the actual software.
For those of you who are curious and have never seen the phishing warning, here it is (two images were combined to show the full height of the message).
Slashdot Mirror
Heap spray vulnerabilities don't require manipulating the stack at all; for an example, see iFrame exploit in IE, so this will happily exploit your NX -fstack-protector application, if you have such a vulnerability.
A program compiled with -fstack-protector is indeed more secure from stack attacks, but it doesn't prevent all such attacks: if you compile against a vulnerable library, the library will not get protection (unless it too was compiled this way), and your program could still be compromised.
There is a major center of economic activity, such as Star Trek, including The Ed Sullivan Show. The former Soviet Union. International organization participation Asian Development Bank, established in the United States Drug Enforcement Administration, and the Palestinian territories, the International Telecommunication Union, the result of the collapse of large portions of the three provinces to have a syntax which can be found in the case of Canada and the UK, for the carriage of goods were no doubt first considered by the British, and the government, and the Soviet Union operated on the basis that they were the US Navys interpretation of the state to which he was subsequently influenced by the new government was established in 1951, when the new constitution approved it you King, he now had the higher than that the M.G.u, and soul shouters like Diane. There's a mama maggot including the major justifications that the test led to his own. This is usually prepared by the infection of the Sinai to the back and the Star Destroyers in the parliament, by the speed of these books and the revival of environmental problems of their new Arab states of the Arctic as a more and they possess power to the effort she was especially valuable as the Union and that would have said, as to note that the goods, which the night that if ever I rode after the word Father upon His Church to claim that the peace that had permitted him the city are as a hand of one into I thought of Mr. Crow and the Jews by the days of the C.Cs front garden which had first to St Cyriacus. All of a theology in the setting in a human heart as the tale of this day. I have it to friendship and the States that the way the English of the St Lawrence seven miles of an adjutant...
Now, would you have guessed that this is executable machine code (shellcode)? Honestly, it looks more like the garbage that spammers use to defeat statistical analysis (indeed, this is code generated with a similar goal).
(P.S. this particular sample is merely an amalgamation of the code which was reproduced in the paper; it is not complete, and will therefore not execute).
When the recipient is a computer system and no humans are involved, this becomes far more dangerous (and besides, these messages look like educated spam rather than total gibberish, and would probably even pass a simple spam filter).
Basically, the paper is talking about defeating signature or heuristic analysis of shellcode. Normal shellcode looks nothing like English text, whereas this code has a very similar statistical distribution to real English text, meaning that heuristics likely would not flag the code as suspicious. Once it's in the system, all it takes is an exploit of almost any form to compromise a system.
Unfortunately, this does not fully solve the problem. Say, for instance, that you've managed to get a buffer overflow on a system, and you now have control over the stack (which is marked RW, but not X). Then, you overwrite the return address of the current function to mprotect() and stick some arguments on it which change the stack protection to RX (there are good reasons for doing this in actual practice, e.g. executable compressors like UPX, or executable thunks on the stack); this type of attack is known as a "return-to-libc" attack. If you can successfully overwrite the next lower return address as well, then you can ensure that your shellcode is executed after mprotect returns.
Even if we assume that the stack is permanently fixed at RW, this does not prevent heap spray attacks which place executable code on the heap and overwrite return addresses on the stack to point at the heap. If the heap is marked RW, then we can just repeat the same process as used above to call mprotect.
Prohibiting execution on writable segments seems sensible, but in the face of functions which can change the protection bits, it is ineffective. Further, simply restricting the use of those functions is potentially too restrictive, as in the case of some runtime environments which rely on the ability to execute dynamically generated trampoline code to implement key features (for instance, GCC may generate trampoline code to call nested functions), as you mentioned with your second paragraph.
Simple capitalism: these things make money for the operators, so they have incentive to protect their assets; in the case of a botnet, this means protecting their zombie machines from being controlled by someone else, and preventing the machines from being easily cleaned.
That is, until botnet operators start using BitTorrent (or a derivative of it) to transmit commands and Comcast gets a new excuse to throttle torrents.
In all likelihood, they couldn't send commands even if they wanted to: modern botnets typically check incoming data against an internally held digital signature, and so forging commands is extremely difficult (basically impossible) without the private key which corresponds to the signature.
In Chinese, Google Translate renders this as "Can you tell me [to go] to the next restaurant, OK?" ()
I don't see a general speech-to-speech translator here. The closest I can get is the "Speereo Voice Translator" which is simply an audio phrasebook, not a speech-to-speech translator like Jibbigo claims to be.
Watch the video. The app has two "textboxes" corresponding to the two languages, and a record button underneath each. After you record the message, the interpreted text shows up in the top, and the translated text in the bottom, followed by a robotic reading of the translation. So yes, it shows the English phrase, and if the video is real then this technology shows some real promise.
He got you to read his article, didn't he? I think he decided to make a bad review of 7 just because, in a sea of decent reviews, his would stand out and get more pageviews.
I refuse to read Dvorak, because I really don't think he has anything useful to add.
The only problem with this scenario is that it assumes that the user has been conned into adding some unchecked repositories, something which is not terribly easy to do (at the very least you have to go out of your way to do this, such as editing a configuration file, mucking with the settings in some GUI, etc.), and which a regular Joe would probably never do (since the system-default repositories are likely to be sufficient for him).
On the other hand, the user might end up downloading a package, self-extracting shell script, tarball or some other program containing malware off the Internet, and infect himself by executing it, regardless of how sane the package manager is. Most Linux users are, as far as I can tell, fairly well-versed in computer knowledge, and so this is an unlikely scenario. However, if Linux gets to the point where the "unwashed masses" can use it, then I would expect this sort of malware to increase in frequency.
You can still download apps off iTunes, and it is possible to create free accounts in other countries without needing a credit card (you simply need to switch stores and download a free app).
So, if you proxy iTunes, and use a foreign (e.g. American) account to purchase apps, there's not a whole lot censorship can do.
Verizon licensed the mark from LucasArts already, so this won't be happening.
From the website (droiddoes.com): "DROID is a trademark of Lucasfilm Ltd. and its related companies. Used under license."
Except that in this case, the USB-IF *does* care, and has specifically stated that the vendor ID is to be used *only* by the company to whom it is assigned. In this case, that means that Palm has no right, under the contract they (presumably) entered into with the USB-IF, to use the vendor ID assigned to Apple. If Palm wants to forfeit their USB-IF membership, and the exclusive rights to their vendor ID, they can go right ahead; it's not a criminal offense to break a contract.
BlackBerry's Desktop Manager, released today for the Mac, syncs with iTunes, and it does so without having to pretend it's an iPod. Dozens of other applications for interacting with, and syncing with the iTunes library exist, most (all?) based on the "iTunes Music Library.xml" file which iTunes maintains as a readable version of its library.
In short, Palm could definitely have implemented their own sync mechanism which syncs with iTunes, but instead opted to trick iTunes, for some reason.
iPod touch 8GB: 189 euro, in Germany (according to Apple's website). That should make the comparison a little more fair.
iPhone 3GS bestselling phone in Japan: I'd say that the iPhone is gaining popularity in Japan.
If you don't want that price tag, you can spring for an iPod touch instead. $199 for 8GB, $299 for 32GB, and the games are almost universally less than $20 -- Madden NFL is only $9.99. Not only does that give you a (casual) gaming device, but you get a mobile Internet browser (wherever there is WiFi), and access to the majority of the 70K+ apps on the Apple App Store.
Can I make phone calls while on the go on an XBox 360? There's something you're missing here -- an iPhone/iPod touch does more than play games.
For example, I use my iPod touch to read course notes and eBooks while away from my computer (which is most of my day). I use it to browse the Internet, check e-mail, look up useless facts on Wikipedia (:P), and, yes, play casual games like Tetris, puzzle games, and Tap Tap Revenge (3 TTR). I have about 15 games on it, all obtained for free but yet most of which are quite high-quality standalone games (only 5 of these are "Lite" apps; the other 10 are full versions which were available for free).
There's also a Chinese dictionary (and a Mandarin phrasebook), a graphing calculator, and the collected works of Shakespeare, to name a few other apps on my iPod.
So, even though I didn't purchase the iPod (it was a gift), I would have gladly spent $299 for the features I can get. For me, serious gaming is something I can get on my PC, and most anything else which ordinarily would require a computer I can do now on my iPod.
Did I mention the iPod also happens to play music and videos?
I have an iPod touch running iPhone OS 3.1.1, so I tried these two projects out.
Skulpt works, but the console does not (I had to use the quick-links to test code). This is relatively easy to fix by using a textbox instead of using keyboard events. It would be very simple to write a simple webapp which evaluates Python code in the Safari browser. However, as I see it, Skulpt is still quite immature -- it doesn't implement much of the language (e.g. classes work, but can't be instantiated because Skulpt thinks you are trying to call the type object, instead of constructing it), and it doesn't do imports at all.
Pyjamas works extremely well, though it is compiled as pure JS and thus lacks (AFAIK) an "exec" method to run arbitrary Python code.
Given that Skulpt features a decent Python parser but lacks much of the core functionality, and Pyjamas implements a lot of functionality but lacks a parser built in JS, I think the projects would be mutually beneficial.
It's basically the same version, but the iPhone edition is labeled 3.1, while the iPod edition is 3.1.1. I don't think there's a major difference in the actual software.
Still, it's quite curious that it works for me but not for you. This would explain Michael's more recent observations.
iPod touch, first generation, firmware 3.1.1 (released yesterday), WiFi.
Is it running iPhone OS 3.1, and is the Fraud Warning option enabled under Settings->Safari?
For those of you who are curious and have never seen the phishing warning, here it is (two images were combined to show the full height of the message).