Welcome Guest.   Make a donation to an author on the site August 30, 2014, 03:26:09 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the full one-year retrospective report on DonationCoder.com.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Tech News Weekly: Edition 12-09  (Read 4273 times)
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« on: March 22, 2009, 04:52:11 AM »

The Weekly Tech News
Hi all.
Sorry for the short one this week folks, there just wasn't enough stuff to fill the usual 10 slots but I hope you like the choices this week smiley
As usual, you can find last week's news here.


1. New DNS Trojan Taints Entire LAN from Single Box

2. Air France Trials Biometric Boarding Cards

3.  Intel CPU-level Exploit Could Be Tempest in a Teapot

4. EFF Shines Sunlight On Docs It Has "pried" from the Feds

5. First Rule of Internet Censorship: Hide the Block List

6. Browsers Bashed First in Hacking Contest

7. What IBM Might Gain by Buying Sun Microsystems (Thanks 40hz)

8. Boffins Sniff Keystrokes With Lasers, Oscilloscopes


Ehtyar.
« Last Edit: March 30, 2009, 03:55:15 AM by Ehtyar » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: March 22, 2009, 05:29:56 AM »

#3 is interesting - theoretically, being able to run your code in SMM means you have 100% control over the machine; one of the interesting features of SMM is that you can trap port I/O... so, basically, if you could inject malware into the flash BIOS and use this SMM hack, you could trap the port I/O necessary to reflash the BIOS, and thus make the malware resilient to removal. This would be coupled with a custom hypervisor to avoid detection, and *b00m* - game over.

In practice, though, there's so much machine-specific stuff needed that this won't be a general threat. And it's not exactly a simple task being undetectable, even when you have a hypervisor... there's so many possible detection vectors.
Logged

- carpe noctem
tomos
Charter Member
***
Posts: 8,475



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: March 22, 2009, 06:49:15 AM »


thanks Ethyar

a good few interesting reads this week, even for non-techies like me (2,3,5,6,8)
Laugh of the week supplied by the title "First Rule of Internet Censorship: Hide the Block List" smiley
Logged

Tom
allen
Charter Member
***
Posts: 1,166



Powered by Beard

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: March 22, 2009, 11:18:15 AM »

I was just about to post a thread on #6, glad I ran a search for pwn2own -- saved me from redundancy.

I was surprised Chrome survived while Safari did not -- I was honestly starting to wonder if there was that much difference under the hood between the two.  Guess so?

Quote
A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during the Pwn2Own competition that took place at the conference. Google’s Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.
Source: ars technica
Logged
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: March 22, 2009, 12:06:25 PM »

I'm very worried about the direction Pwn2Own took this year, with statements like this:

Quote
These contests contribute to the growing culture of commercialism that surrounds the art of exploitation. In an interview with ZDNet, Miller said that the vulnerability he used in the contest was one that he had originally found while preparing for the contest last year. Instead of disclosing it at that time, he decided to save it for the contest this year, because the contest only pays for one bug per year. This is part of his new philosophy, he says, which is that bugs shouldn't be disclosed to vendors for free.

"I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away," Miller told ZDNet. "Apple pays people to do the same job so we know there's value to this work."

Be glad nobody found a way to exploit the vulnerability during a whole year Angry
Logged
allen
Charter Member
***
Posts: 1,166



Powered by Beard

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: March 22, 2009, 12:18:06 PM »

That is a bit disconcerting.  I'd lump it in with taking performance enhancing drugs, 'morally'.

I've never considered bug reports to be donating anything to the company -- if it gets fixed, then I benefit.  And the rest of the end users do, too.  Of course, I've never been sitting on a bug I could call a real gold winner.  I might sit on that, too Wink
Logged
ewemoa
Honorary Member
**
Posts: 2,413



View Profile Give some DonationCredits to this forum member
« Reply #6 on: March 30, 2009, 01:46:09 AM »

Thanks again, Ehtyar smiley

Re: 1  Sigh...

Re: 6  Good point Lashiec.

Re: 7  s/IMB/IBM/ ?

Re: 8  Memories of Sun Sparc Station 20s with microphones and eavesdropping...
Logged
Ehtyar
Supporting Member
**
Posts: 1,236



That News Guy

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: March 30, 2009, 03:56:20 AM »

Woohoo, retardedness on the roll. Thanks again ewe.

Ehtyar.
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.116s | Server load: 0.17 ]