Overall, Ormandy wrote that he found over 70 APIs exposed to the Internet, not all of which he had investigated for security issues. He suggested Trend should hire an external consultancy to audit the code.
Source: Trend Micro flaw could have allowed attacker to steal all passwords
Wi-Fi HaLow extends Wi-Fi into the 900 MHz band, enabling the low power connectivity necessary for applications including sensor and wearables. Wi-Fi HaLow’s range is nearly twice that of today’s Wi-Fi, and will not only be capable of transmitting signals further, but also providing a more robust connection in challenging environments where the ability to more easily penetrate walls or other barriers is an important consideration.
Source: Wi-Fi Alliance® introduces low power, long range Wi-Fi HaLow™ | Wi-Fi Alliance
While these are mainly examples of using antivirus vulnerabilities to evade detection, there’s also a demand for remote code execution exploits affecting antivirus products and these are being sold by specialized brokers on the largely unregulated exploit market.
Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status “sold.”
Source: Antivirus software could make your company more vulnerable
I’m migrating this web server to a more modern Fedora from Fedora 14 and there have been problems. Had to ditch the new MariaDB for community mysql because the former cannot read in a common SQL file describing this simple WordPress database without marking it corrupt. See:
MySQL to MariaDB migration: handling privilege table differences when using mysqldump
Community mysql works well and all databases read in like SQL should. There have been memory leak problems bringing down services at random times which might be an OS problem or httpd problem so I’m getting ready to rebuild on a modern CentOS distro which should be more stable. I don’t feel like debugging this since it should just work when installed. The latest crash was SELinux which activated itself after a reboot and it doesn’t like anything running on its system.
The Fedora 14 VM has been rock solid since 2010 and I’ll still use it as a backup. I wanted to create a VM in VirtualBox and Fedora 14 is too old to build from scratch. This modern Fedora seems very unreliable.
tl;dr This site will be under construction and may fall over every now and then.
I get a lot of questions from aspiring programmers on what’s the best tool or languages to learn. It’s almost always a premature question to ask. I used to come up with answers like “depending on what you’re building” or “pick a beginner friendly community” or “invest in a growing language”. I think all of these are good answers, but it doesn’t really matter that early on in a programmer’s learning journey. It’s all the same when you’re essentially learning how to compute. Furthermore, these sort of answers enable the culture of tooling obsession.
Faisall had upgraded the dinosaurs using the game currency Dino Bucks without realising it was charging him in real money.
Source: Boy, 7, racks up £4,000 on dad’s iPad playing Jurassic World game | Metro News
Home manufacturing tutorial for robot builders, model makers, and other hobbyists
Source: Guerrilla guide to CNC machining, mold making, and resin casting
What’s the best way to check if a volume is mounted in a Bash script? What I’d really like is a method that I can use like this: if <something is mounted at /mnt/foo> then <Do some
Source: What’s the best way to check if a volume is mounted in a Bash script?
Avoid using
/etc/mtabbecause it may be inconsistent.Avoid piping
mountbecause it needn’t be that complicated.Simply:
if grep -qs '/mnt/foo' /proc/mounts; then echo "It's mounted." else echo "It's not mounted." fi
To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world.
And all because Juniper had already paved the road.
Source: A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor
One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.
Employees at SpaceX’s Hawthorne, California headquarters cheered emphatically as a bright orange speck blazed into view on video screens tracking the landing. Just before touchdown, the first stage deployed its landing legs and came into view against the darkened Cape Canaveral sky. The rocket settled onto the landing pad and the single center engine shut down, marking a giant leap forward in SpaceX’s quest for reusable rocketry.
Source: SpaceX Falcon 9 Returns to Flight, Sticks Landing at Cape Canaveral