11
05
2008
Archive for May 11th, 2008
Stony Stevenson alerts us to new information on the XP SP3-induced crashes that we discussed a few days back. Jesper Johansson, a former program manager for security policy at Microsoft, is maintaining an ongoing log and support site for users affected by any of several problems triggered by XP3. Machines using AMD hardware, particularly HP desktops, seem to have several modes of failure; others affect Intel machines. Read more of this story at Slashdot. thermian writes “I’ve been developing my open source project for several years now, and I’ve never found a solution to one fairly important issue. How can a small-scale project attract new members? My project is pretty specialist, (no URL, sorry, I can’t afford to get my server nuked) and I find that while it gets a fair bit of use, most users come to my software out of a need to solve their problem, or use my tutorials to learn about the subject, and none seem inclined to stick around and help make the product better. This is a fairly serious problem for me now, because my software has recently been adopted by a university, and I’m just not in a position to manage the entire set of applications and update everything on my own. Just preparing a version for release to students has been especially hard. The open source maxim ‘Many eyes make all bugs shallow’ only works if those ‘many eyes’ are available. So do you have any recommendations as to how, and where, to find people who fancy joining open source projects?” Read more of this story at Slashdot. Sniper223 notes a Personal computer World article on a new kind of rootkit recently developed by researchers, which will be demoed at Black Hat in August. The rootkit runs in System Management Mode, a longtime feature of x86 architecture that allows for code to run in a locked part of memory. It is stated to be harder to detect, potentially, than VM-based rootkits. The article notes that the technique is unlikely to lead to widespread expoitation: “Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.” Read more of this story at Slashdot. An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed. Read more of this story at Slashdot. Consul writes “What is the oldest piece of code that’s still in use this day, that has not actually been retyped or reimplemented in some way? By ‘piece of code,’ I’m of course referring to a complete algorithm, and not just a single line.” The question would have a different answer if emulation, in multiple layers, is granted. Read more of this story at Slashdot. An anonymous reader brings us IBM Developerworks’ recent analysis of how the NSA built SELinux to withstand attacks. The article shows us some of the relevant kernel architecture and compares SELinux to a few other approaches. We’ve discussed SELinux in the past. Quoting: “If you have a program that responds to socket requests but doesn’t need to access the file system, then that program should be able to listen on a given socket but not have access to the file system. That way, if the program is exploited in some way, its access is explicitly minimized. This type of control is called mandatory access control (MAC). Another approach to controlling access is role-based access control (RBAC). In RBAC, permissions are provided based on roles that are granted by the security system. The concept of a role differs from that of a traditional group in that a group represents one or more users. A role can represent multiple users, but it also represents the permissions that a set of users can perform. SELinux adds both MAC and RBAC to the GNU/Linux operating system.” Read more of this story at Slashdot. sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer’s comments and a technical description of the bug. “This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more.” Read more of this story at Slashdot. Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army’s network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting: “Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. ‘One of the challenges was when they see a scan, deciding if this is it, or if it’s a cover,’ says [instructor Eric] Dean. Spotting ‘cover’ attacks meant thinking like the NSA — something Dean says the cadets did quite well. ‘I was surprised at their creativity.’ Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be granted to attack other schools’ networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network.” Read more of this story at Slashdot. or_is_it writes “The company I work for has been growing dramatically and I’ve been charged with the task of being the gatekeeper for our GFI Spam filters. This involves manually inspecting the subject line/to/from for all caught messages in each filter rule folder. For a company of about 50 people, in one day the number of spam messages can exceed 2,000. Neglect it for a day and you end up with quite a task on your hands. I’ve made the rules lax enough so important messages can go through, along with a few stray spams, for which I get bitched at. Tighten the rules up and then maybe an important time-sensitive email never gets to its intended recipient, and I get bitched at. Manually reading through all those subject lines is supposed to prevent that, but I’m only human and genuine messages can easily get overlooked. How do larger organizations deal with the spam issue? I can’t imagine having one centralized person manually inspecting everyone’s junk-mail header is the optimal solution. Purchasing a different commercial mail filter product is a possibility, but I’d like to hear some anecdotal evidence before jumping ship.” Read more of this story at Slashdot. |
Entries (RSS)