QNX is amazingly efficient at doing I/O, especially when handling high interrupt rates. In 1983 I developed an application on QNX that could handle 12 dialup users at 2400 baud on a 4 Mhz 8086 CPU. And that was with one-char-per-interrupt 8250 UART chips.
An explicit copyright notice has not been required in the U.S. since it joined the Berne convention in 1989. All documents are born copyrighted and stay that way until either the copyright expires or the copyright holder explicitly releases it into the public domain. IP property cannot be released into the public domain by mere exposure.
In fact any good IP lawyer will tell you that trade secret documents like source code should not have a copyright notice, lest anyone wrongly get the idea that it is not secret material.
I would be surprised if a single copyright notice appeared anywhere in the code.
This is just great. ASN.1 is used for encoding and decoding X.509 certificates, which are used in I&A (Identification and Authentication) protocols, and in X.500 directory protocols. It is used everywhere in Windows: Active Directory, LDAP, SNMP, Exchange Server, and HTTPS protocols (SSL/TLS) for starters.
Unlike the MS Blaster bug, which had basically one exploit and one fix (the RPC service on TCP port 135), the ASN.1 protocols are used in a dozen services that are listening on TCP/UDP ports all over the place. Servers will be especially vulnerable to this.
If you hack Active Directory you own not just the computer but the whole dang enterprise.
As a practical matter nobody "governs" the Internet. Historically there was a time back in the late 1980s when it was possible that AOL or CompuServe or some other gigantic service provider might have bought out everyone else and become the de-facto monopolist on internetworking. But thankfully it never happened.
The only other genuine threat to the Internet also occured in the late 1980s, when the Europe and the ITU (International Telecommunications Union) tried to replace the Internet TCP/IP communicaton protocol standards with something called OSI/TP4/X25. Basically it was an attempt by the world PTT (Postal, Telegraph, and Telephone) monopolies to wrest control of the Internet out of the hands of the US government. The PTT monopolies are especially strong in the 3rd world countries and they dominate the ITU, which sets world telephone standards.
The ITU is a big reason why phone calls to 3rd world countries are so ridiculously expensive. The bureaucracy of the ITU is Kafka-esque: The OSI documents for TP4/X25 are written in uncomprehensible legalese and you must pay through the nose just to peek at them. (This was one reason why OSI failed - TCP/IP was evangelized through the wide distribution of the source code of BSD Unix; OSI had no equivalent.)
If the EU/ITU/UN had taken over the Internet 15-20 years ago with OSI/TP4/X25, today instead of paying $29.95/month for your megabit DSL you would be paying ten times that amount for your X25/ISDN connection at 64kps.
But this is all on the dustbin of history. The war is over and decentralization has won. The modern Internet is a concatenation of millions of independent networks that all agree to talk to each other voluntarily (the word "Internet" comes from the term "inter-network"). World connectivity happens through an untold number of independent bi-lateral contractual agreements between peering ISPs.
The only centralization on the Internet is at the root DNS nameservers. These suffer ICANN only by the grace of their respective independent owners. (The largest owner of root nameservers being the US Department of Commerce.) There is nothing to prevent them from bolting and setting up their a new root DNS, or from anyone else using an alternet root DNS.
The transnational progressives and lefty social engineers can chit-chat all they want at their UN workshops about how they want to govern the Internet. But as a practical matter it is a waste of hot air. Kind of like meeting to create World Peace or end World Hunger. The real world just doesn't work that way.
Moral of the story: Automating killing machines with just enough intelligence to distinguish between a lifeform and a rock and giving them power supplies that last for hundreds of thousands of years is a really, really, monumentally stupid idea.
Some cosmologists speculate that the reason we aren't finding any signs of intelligent life with SETI is that this may have really happened. All the alien races capable of sending radio transmissions have been hunted down and killed. And the remaining survivors (if any) are keeping their heads down.
The RHS of the MX RR refers to the A record. (It could also be a CNAME). A typo there can lie dormant for years if there are secondary MX records. The e-mail for the zone will suddenly bounce instead of going to the next MTA in the list.
This is so amazingly reckless and damaging that I don't know where to begin.
A few hours ago I was trying to troubleshoot a lame delegation to another zone. It seemed to be working which puzzled me to no end. It turns out the lame DNS server was returning 64.94.110.11.
Lame delegation is a very common phenomenon and (in the case of a typo) can often be diagnosed with NXDOMAIN being returned for the glue RR record. Never returning NXDOMAIN means that many types of lame delegation will no longer be caught.
One of my peer zones had a typo'ed MX record. Before VeriSign's sabotage (yes, sabotage) the lookup of the corresponding address record would simply fail with NXDOMAIN. The source MTA would then try to deliver to the secondary MTAs on the list of MX records in order of priority. Mail delivery would proceed normally using the secondary MTA(s).
However to my complete and utter astonishment, 64.94.110.11 has a working MTA listening on port 25 (why???). This means that any MX records with typos in the primary record will have all their e-mail redirected to VeriSign's MTA. Mail that would normally automatically be re-routed to the secondary MTA instead now gets bounced by Verisign's ''Snubby Mail Rejector Daemon v1.3''. Not returning NXDOMAIN will break mail delivery to secondary MTAs.
And what about spam filters? It will break any spam filter that tries to verify that the source MTA hostname claimed in the HELO request is resolvable (i.e. that the claimed HELO name is not fictious).
I could probably list another half dozen problems if I thought about it. I can't believe the arrogance (read: stupidity) of this act.
I can't wait to see reaction reaction from the backbone cabal on NANOG.
Use of FormFucker to spam spammers' web sites
on
Following the Spam Trail
·
· Score: 4, Interesting
The only effective way to fight back is to spam the spammers. Not via email, but via their customer databases.
There is a utility called FormFucker which spams web forms.
It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.
Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.
The original WAP11 had a notorious firmware bug that would cause it to lock up every couple days. It was fixed with firmware version 1.4g. Download the fix from the Linksys website.
In new Access database projects I still prefer to use Data Access Objects (DAO) even though it is an 'older' technology.
Here is why I generally dislike Active Data Objects (ADO):
ODBC(DAO) is well understood technology in the free software community. The internals of OLEDB(ADO) are inadequately documented in comparison.
DAO(ODBC) is more portable; making it easier to swap out the back end database. With ADO you must always use the database vendor's proprietary SQL dialect.
ADO views on joined tables are generally not updatable, whereas DAO-ODBC-SQL2K views generally are. (This is based on my experience with SQL Server 2000.)
DAO is very good at spanning queries across multiple databases. It breaks up the SQL and sends sub-queries to each data source.
ADO has crappy recovery semantics for failed UPDATEs. You have to explicitly test every update and call CancelUpdate on failure, otherwise partial updates are implicitly committed (yuk).
DAO allows you to embed Visual Basic functions and expressions into the SQL. Useful for layout and presentation.
DAO has PIVOT TRANFORMs, which are essential for 2D data (e.g. complex graphs, charts, and calendars). JET will translate to standard SQL and forward to ODBC-SQL2K. Otherwise you have to buy the hugely expensive SQL Server Enterprise Edition and install the Analysis Option to get equivalent capability.
The main disadvantage is that DAO incurs a slight performance hit for the SQL pre-processing step. It adds perhaps a couple milliseconds to start of the query. For performance-critical queries you can always write a pass-thru SQL query or use ODBCDirect. (ADO can be thought of as simply 100% pass-thru queries.)
The Visa/MC press release doesn't mention the Internet at all. It uses the words (chosen carefully) 'company that processes credit card transactions.'
The number of cards is too large for any gateway IMHO. I will bet money that a private processor network got hacked, or the central database for said network, i.e., ECHO, EFS or something on that scale.
These networks are used for dialup and leased line access for authorizations. This means your grandmother's card used at the grocery store could now be in the hand of a hax0r.
Who is going to be responsible? The Credit Card companies or the site that got hosed?
It will be the merchant who gets hosed. Those 5 million cards will be used to stiff merchants across the world. And when it comes to credit card fraud the merchant always gets the short stick.
To add insult to injury, if a merchant gets a chargeback rate of more than 1%, Visa/MC has the right to start charging the merchant up to $10000/mo for 'research fees', that is if they don't drop the merchant entirely (and thereby put them out of business -- a not uncommon event for smaller businesses).
The hacker breached the security system of a company that processes credit card transactions on behalf of merchants, Visa and MasterCard said.
Ok so which CC processor got hacked? I am assume that when Visa/MC says 'processor' it means specifically a credit card processing network that receives and authorizes charges from merchants, not a consolidator like PayPal, and not an e-commerce gateway like CyberSource or VeriSign.
Was it Nova, Wells Fargo, Vital, BankAmerica, EFS, or ECHO? These are the only big non-regional credit-card processing networks in the US (AFAIK).
<Begin speculation>
Note that there was no mention of the Internet in the press release. This leads credence to the theory it was a private processor network (not TCP/IP or a web site) that got hacked somehow.
It must be a big processor, otherwise Visa/MC would finger them (and therefore shift the blame). It obviously wasn't Amex or Novus as they both offer competing plastic. And I doubt it was a bank-level processor like US Bancorp (again because they are smaller and would have been fingered.)
The people victimized are not just e-commerce shoppers but also customers at the grocery store, the shopping mall, etc.
My worry is that it was a really big processor like Nova, which means that 2.2 million could be the tip of the iceberg.
Closing ports 137 and 138 is not sufficient to block Microsoft file sharing.
UDP 137 - NETBIOS Name Service
UDP 138 - NETBIOS Datagram Service
TCP 139 - NETBIOS Session Service
>
TCP 445 - Microsoft CIFS Session
UDP 445 - Microsoft CIFS Datagram
In addition TCP 137 is WINS, TCP/UDP 389 is LDAP (Active Directory), UDP 1443 and TCP 1444 are MSDE and SQL Server, and TCP/UDP 1801 is Microsoft Message Queue Server (MSMQ).
Windows 2000 clients will use port 445 for file sharing when talking to Windows 2000 servers, not 139.
You didn't know all that? The bottom line is unless you know every port that your computer might use, you are better off blocking all of them and only open up the ports you know you need.
Why is parent modded up? The DMCA only applies to reverse engineering to break copy restrictions.
DMCA makes it a crime to make available darn near anything that could be used to theoretically used to avoid copy protection.
Sec. 1201. Circumvention of copyright protection systems
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof..
It is so vaguely worded that litigators are citing the DMCA against anything and everything and stretching it to absurd lengths. (Think of the Felton SMDI paper.)
While you and I don't think of a reverse
compiler as a hacking tool, try explaining
that to layman.
Let sigma be the type signature of all operations F on objects O on behalf of subjects S. There exists a type database D that enumerates all valid sigmas - (S,O,F) tuples. Type Enforcement intercepts all functions F and vets them with D.
In the original patent, the TE was done in hardware by a security chip. The chip triggered on all transitions to kernel mode.
The difference between TE and say, the TCB/Orange-book model in Windows NT, is that TE is more mathematically elegant and therefore presumably more amenable to automated validation and verification.
In the real world, TE is performed in software at the kernel transition point. For example for sendmail, it enumerates all of the files and directories that sendmail is allowed to see (/etc/sendmail.cf,/usr/spool/mail, etc.) Objects can include files, directories,/dev/*, sockets, NICs, IP addresses, just about any kernel object.
TE is orthogonal to the super-user concept. So a having root on a TE system doesn't get you anywhere, and in fact will probably trigger all sorts of SACL alarms.
The introduction is irrelevant. Its the text of the bill itself that is important. For example the CFR intro makes strident claims not to inhibit 1st amendment rights, yet it does precisely that(i.e., prohibit political speech). CBDTPA will prevent casual "fair use" copying, because as a practical matter there is no other way to enforce it.
Here is a copy of the letter I sent to the Senate Judiciary Committee, which is conducting hearings on the CBDTPA. I urge everyone to write to their congresscritter on this issue.
The Honorable Sen. Patrick Leahy
Senate Judiciary Committee
United States Senate
Washington DC 20510
Honorable Senator Leahy,
I am writing in concern of the Consumer Broadband and Digital Television Promotion Act (CBDTPA), S 2048, introduced by Senator Hollings into the Senate on March 21, 2002. The CBDTPA would prohibit the sale of any kind of electronic device, unless the device has mandatory copy-protection controls built-in as set by the federal government.
I am a firm believer in protecting a copyright holder's rights, but no law should prevent copyright purchasers from exercising their ability to privately view, time-shift, and re-sell legally purchased content. The problem of copyright infringement is real, but it is being addressed successfully in the courts (Napster v. RIAA) using existing copyright law. This bill is an attempt by huge media conglomerates to impose complete control over how we can use our televisions, computers, and VCRs.
As the owner of a software development company I am in favor of strong copyright protection for my works. However if this bill is passed, small independent developers like myself will not be able to create and distribute software due to the requirements of CBDTPA and the barrier to entry for non-wealthy creators. Because Microsoft has patented the system of Digital Rights Management (DRM), the adoption of government-mandated DRM would ensure that the Microsoft monopoly will continue well into the future. Alternative computer operating systems such as Linux or the Macintosh that did not include Microsoft licensed DRM would become illegal.
This bill will revoke the basic constitutional rights granted by copyright law: fair use, principle of first sale, and limited term (because DRM never expires). In addition to raising costs and reducing competitiveness, this bill will cause incalculable damage to the high technology industry in the United States. I strongly urge you to vote against S 2048.
I think the traceroute hack is an example of freeing garbage, not a double-free(). The garbage being freed happens to be part of the command line, which is how the hacker injected his/bin/sh. The traceroute exploit description did not give full details, but I don't see how it could be possible to use modify ((int*)p)-1 using the zlib vulnerability. Remember that all mallocs are sizeof(8) aligned and have a minimum size of 16 (with overhead and internal fragmentation).
I have _never_ seen a duplicate deletion exploitation other than a simple DoS. Not to mention the fact that it requires a special series of calls from the calling program.
Yes. A double-free is very, very hard to exploit. I don't think it has ever been done in the wild against a non-trivial program. You would not only need to know the exact algorithm of the allocator but also exact layout of the heap.
The worst the bad guy can realistically do is crash the program on a bad pointer.
The claim about this vulnerability inserting arbitrary code is simply scare-mongering.
Slashdot Mirror
QNX is amazingly efficient at doing I/O, especially when handling high interrupt rates. In 1983 I developed an application on QNX that could handle 12 dialup users at 2400 baud on a 4 Mhz 8086 CPU. And that was with one-char-per-interrupt 8250 UART chips.
An explicit copyright notice has not been required in the U.S. since it joined the Berne convention in 1989. All documents are born copyrighted and stay that way until either the copyright expires or the copyright holder explicitly releases it into the public domain. IP property cannot be released into the public domain by mere exposure.
In fact any good IP lawyer will tell you that trade secret documents like source code should not have a copyright notice, lest anyone wrongly get the idea that it is not secret material.
I would be surprised if a single copyright notice appeared anywhere in the code.
Unlike the MS Blaster bug, which had basically one exploit and one fix (the RPC service on TCP port 135), the ASN.1 protocols are used in a dozen services that are listening on TCP/UDP ports all over the place. Servers will be especially vulnerable to this.
If you hack Active Directory you own not just the computer but the whole dang enterprise.
Gads this will be a nightmare to deal with.
The only other genuine threat to the Internet also occured in the late 1980s, when the Europe and the ITU (International Telecommunications Union) tried to replace the Internet TCP/IP communicaton protocol standards with something called OSI/TP4/X25. Basically it was an attempt by the world PTT (Postal, Telegraph, and Telephone) monopolies to wrest control of the Internet out of the hands of the US government. The PTT monopolies are especially strong in the 3rd world countries and they dominate the ITU, which sets world telephone standards.
The ITU is a big reason why phone calls to 3rd world countries are so ridiculously expensive. The bureaucracy of the ITU is Kafka-esque: The OSI documents for TP4/X25 are written in uncomprehensible legalese and you must pay through the nose just to peek at them. (This was one reason why OSI failed - TCP/IP was evangelized through the wide distribution of the source code of BSD Unix; OSI had no equivalent.)
If the EU/ITU/UN had taken over the Internet 15-20 years ago with OSI/TP4/X25, today instead of paying $29.95/month for your megabit DSL you would be paying ten times that amount for your X25/ISDN connection at 64kps.
But this is all on the dustbin of history. The war is over and decentralization has won. The modern Internet is a concatenation of millions of independent networks that all agree to talk to each other voluntarily (the word "Internet" comes from the term "inter-network"). World connectivity happens through an untold number of independent bi-lateral contractual agreements between peering ISPs.
The only centralization on the Internet is at the root DNS nameservers. These suffer ICANN only by the grace of their respective independent owners. (The largest owner of root nameservers being the US Department of Commerce.) There is nothing to prevent them from bolting and setting up their a new root DNS, or from anyone else using an alternet root DNS.
The transnational progressives and lefty social engineers can chit-chat all they want at their UN workshops about how they want to govern the Internet. But as a practical matter it is a waste of hot air. Kind of like meeting to create World Peace or end World Hunger. The real world just doesn't work that way.
Some cosmologists speculate that the reason we aren't finding any signs of intelligent life with SETI is that this may have really happened. All the alien races capable of sending radio transmissions have been hunted down and killed. And the remaining survivors (if any) are keeping their heads down.
The RHS of the MX RR refers to the A record. (It could also be a CNAME). A typo there can lie dormant for years if there are secondary MX records. The e-mail for the zone will suddenly bounce instead of going to the next MTA in the list.
A few hours ago I was trying to troubleshoot a lame delegation to another zone. It seemed to be working which puzzled me to no end. It turns out the lame DNS server was returning 64.94.110.11.
Lame delegation is a very common phenomenon and (in the case of a typo) can often be diagnosed with NXDOMAIN being returned for the glue RR record. Never returning NXDOMAIN means that many types of lame delegation will no longer be caught.
One of my peer zones had a typo'ed MX record. Before VeriSign's sabotage (yes, sabotage) the lookup of the corresponding address record would simply fail with NXDOMAIN. The source MTA would then try to deliver to the secondary MTAs on the list of MX records in order of priority. Mail delivery would proceed normally using the secondary MTA(s).
However to my complete and utter astonishment, 64.94.110.11 has a working MTA listening on port 25 (why???). This means that any MX records with typos in the primary record will have all their e-mail redirected to VeriSign's MTA. Mail that would normally automatically be re-routed to the secondary MTA instead now gets bounced by Verisign's ''Snubby Mail Rejector Daemon v1.3''. Not returning NXDOMAIN will break mail delivery to secondary MTAs.
And what about spam filters? It will break any spam filter that tries to verify that the source MTA hostname claimed in the HELO request is resolvable (i.e. that the claimed HELO name is not fictious).
I could probably list another half dozen problems if I thought about it. I can't believe the arrogance (read: stupidity) of this act.
I can't wait to see reaction reaction from the backbone cabal on NANOG.
There is a utility called FormFucker which spams web forms.
It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.
Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.
The original WAP11 had a notorious firmware bug that would cause it to lock up every couple days. It was fixed with firmware version 1.4g. Download the fix from the Linksys website.
For professionals (read: willing to pay $$$) I recommend the Ida Pro disassembler. The Fast Library Identification & Recognition Technology (FLIRT) combined with Parameter Identification & Tracking (PIT) make it the tool of choice for serious reverse engineering.
Yeah that 17-year old X Windows System is such a total rip off of Windows.
In new Access database projects I still prefer to use Data Access Objects (DAO) even though it is an 'older' technology.
Here is why I generally dislike Active Data Objects (ADO):
The main disadvantage is that DAO incurs a slight performance hit for the SQL pre-processing step. It adds perhaps a couple milliseconds to start of the query. For performance-critical queries you can always write a pass-thru SQL query or use ODBCDirect. (ADO can be thought of as simply 100% pass-thru queries.)
Michael Crichton in his next blockbuster movie, Prey, will also have a fat computer geek with bad personal hygiene. Except (spoiler alert)...
He's the surprise good guy.
The number of cards is too large for any gateway IMHO. I will bet money that a private processor network got hacked, or the central database for said network, i.e., ECHO, EFS or something on that scale.
These networks are used for dialup and leased line access for authorizations. This means your grandmother's card used at the grocery store could now be in the hand of a hax0r.
Reuters is reporting 5 million cards.
It will be the merchant who gets hosed. Those 5 million cards will be used to stiff merchants across the world. And when it comes to credit card fraud the merchant always gets the short stick.
To add insult to injury, if a merchant gets a chargeback rate of more than 1%, Visa/MC has the right to start charging the merchant up to $10000/mo for 'research fees', that is if they don't drop the merchant entirely (and thereby put them out of business -- a not uncommon event for smaller businesses).
Neither Visa nor MasterCard would disclose which institution were involved.
''This is not something regional, it was throughout the nation and could be any bank,'' Abrams said.
[Han Solo voice] I have a bad feeling about this..
Ok so which CC processor got hacked? I am assume that when Visa/MC says 'processor' it means specifically a credit card processing network that receives and authorizes charges from merchants, not a consolidator like PayPal, and not an e-commerce gateway like CyberSource or VeriSign.
Was it Nova, Wells Fargo, Vital, BankAmerica, EFS, or ECHO? These are the only big non-regional credit-card processing networks in the US (AFAIK).
<Begin speculation>
Note that there was no mention of the Internet in the press release. This leads credence to the theory it was a private processor network (not TCP/IP or a web site) that got hacked somehow.
It must be a big processor, otherwise Visa/MC would finger them (and therefore shift the blame). It obviously wasn't Amex or Novus as they both offer competing plastic. And I doubt it was a bank-level processor like US Bancorp (again because they are smaller and would have been fingered.)
The people victimized are not just e-commerce shoppers but also customers at the grocery store, the shopping mall, etc. My worry is that it was a really big processor like Nova, which means that 2.2 million could be the tip of the iceberg.
<End speculation>
Not true. For at least a couple years now the SonicWall firewall has the option to randomize the IP ID.
Closing ports 137 and 138 is not sufficient to block Microsoft file sharing.
In addition TCP 137 is WINS, TCP/UDP 389 is LDAP (Active Directory), UDP 1443 and TCP 1444 are MSDE and SQL Server, and TCP/UDP 1801 is Microsoft Message Queue Server (MSMQ).
Windows 2000 clients will use port 445 for file sharing when talking to Windows 2000 servers, not 139.
You didn't know all that? The bottom line is unless you know every port that your computer might use, you are better off blocking all of them and only open up the ports you know you need.
DMCA makes it a crime to make available darn near anything that could be used to theoretically used to avoid copy protection.
Sec. 1201. Circumvention of copyright protection systems ..
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof
It is so vaguely worded that litigators are citing the DMCA against anything and everything and stretching it to absurd lengths. (Think of the Felton SMDI paper.)
While you and I don't think of a reverse compiler as a hacking tool, try explaining that to layman.
In the original patent, the TE was done in hardware by a security chip. The chip triggered on all transitions to kernel mode.
The difference between TE and say, the TCB/Orange-book model in Windows NT, is that TE is more mathematically elegant and therefore presumably more amenable to automated validation and verification.
In the real world, TE is performed in software at the kernel transition point. For example for sendmail, it enumerates all of the files and directories that sendmail is allowed to see (/etc/sendmail.cf, /usr/spool/mail, etc.) Objects can include files, directories, /dev/*, sockets, NICs, IP addresses, just about any kernel object.
TE is orthogonal to the super-user concept. So a having root on a TE system doesn't get you anywhere, and in fact will probably trigger all sorts of SACL alarms.
The introduction is irrelevant. Its the text of the bill itself that is important. For example the CFR intro makes strident claims not to inhibit 1st amendment rights, yet it does precisely that(i.e., prohibit political speech). CBDTPA will prevent casual "fair use" copying, because as a practical matter there is no other way to enforce it.
The Honorable Sen. Patrick Leahy
Senate Judiciary Committee
United States Senate
Washington DC 20510
Honorable Senator Leahy,
I am writing in concern of the Consumer Broadband and Digital Television Promotion Act (CBDTPA), S 2048, introduced by Senator Hollings into the Senate on March 21, 2002. The CBDTPA would prohibit the sale of any kind of electronic device, unless the device has mandatory copy-protection controls built-in as set by the federal government.
I am a firm believer in protecting a copyright holder's rights, but no law should prevent copyright purchasers from exercising their ability to privately view, time-shift, and re-sell legally purchased content. The problem of copyright infringement is real, but it is being addressed successfully in the courts (Napster v. RIAA) using existing copyright law. This bill is an attempt by huge media conglomerates to impose complete control over how we can use our televisions, computers, and VCRs.
As the owner of a software development company I am in favor of strong copyright protection for my works. However if this bill is passed, small independent developers like myself will not be able to create and distribute software due to the requirements of CBDTPA and the barrier to entry for non-wealthy creators. Because Microsoft has patented the system of Digital Rights Management (DRM), the adoption of government-mandated DRM would ensure that the Microsoft monopoly will continue well into the future. Alternative computer operating systems such as Linux or the Macintosh that did not include Microsoft licensed DRM would become illegal.
This bill will revoke the basic constitutional rights granted by copyright law: fair use, principle of first sale, and limited term (because DRM never expires). In addition to raising costs and reducing competitiveness, this bill will cause incalculable damage to the high technology industry in the United States. I strongly urge you to vote against S 2048.
Sincerely, etc.
I think the traceroute hack is an example of freeing garbage, not a double-free(). The garbage being freed happens to be part of the command line, which is how the hacker injected his /bin/sh. The traceroute exploit description did not give full details, but I don't see how it could be possible to use modify ((int*)p)-1 using the zlib vulnerability. Remember that all mallocs are sizeof(8) aligned and have a minimum size of 16 (with overhead and internal fragmentation).
Yes. A double-free is very, very hard to exploit. I don't think it has ever been done in the wild against a non-trivial program. You would not only need to know the exact algorithm of the allocator but also exact layout of the heap.
The worst the bad guy can realistically do is crash the program on a bad pointer. The claim about this vulnerability inserting arbitrary code is simply scare-mongering.