Security

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 201

Posted by samzenpus
from the watch-what-you-watch dept.
MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
Bug

Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug 46

Posted by Soulskill
from the nobody's-perfect dept.
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.
Bug

NVIDIA GTX 970 Specifications Corrected, Memory Pools Explained 113

Posted by samzenpus
from the under-the-hood dept.
Vigile writes Over the weekend NVIDIA sent out its first official response to the claims of hampered performance on the GTX 970 and a potential lack of access to 1/8th of the on-board memory. Today NVIDIA has clarified the situation again, this time with some important changes to the specifications of the GPU. First, the ROP count and L2 cache capacity of the GTX 970 were incorrectly reported at launch (last September). The GTX 970 has 52 ROPs and 1792 KB of L2 cache compared to the GTX 980 that has 64 ROPs and 2048 KB of L2 cache; previously both GPUs claimed to have identical specs. Because of this change, one of the 32-bit memory channels is accessed differently, forcing NVIDIA to create 3.5GB and 0.5GB pools of memory to improve overall performance for the majority of use cases. The smaller, 500MB pool operates at 1/7th the speed of the 3.5GB pool and thus will lower total graphics system performance by 4-6% when added into the memory system. That occurs when games request MORE than 3.5GB of memory allocation though, which happens only in extreme cases and combinations of resolution and anti-aliasing. Still, the jury is out on whether NVIDIA has answered enough questions to temper the fire from consumers.
Bug

NVIDIA Responds To GTX 970 Memory Bug 145

Posted by timothy
from the can't-remeber-why-you'upset dept.
Vigile writes Over the past week or so, owners of the GeForce GTX 970 have found several instances where the GPU was unable or unwilling to address memory capacities over 3.5GB despite having 4GB of on-board frame buffer. Specific benchmarks were written to demonstrate the issue and users even found ways to configure games to utilize more than 3.5GB of memory using DSR and high levels of MSAA. While the GTX 980 can access 4GB of its memory, the GTX 970 appeared to be less likely to do so and would see a dramatic performance hit when it did. NVIDIA responded today saying that the GTX 970 has "fewer crossbar resources to the memory system" as a result of disabled groups of cores called SMMs. NVIDIA states that "to optimally manage memory traffic in this configuration, we segment graphics memory into a 3.5GB section and a 0.5GB section" and that the GPU has "higher priority" to the larger pool. The question that remains is should this affect gamers' view of the GTX 970? If performance metrics already take the different memory configuration into account, then I don't see the GTX 970 declining in popularity.
Bug

Linus Fixes Kernel Regression Breaking Witcher 2 126

Posted by timothy
from the where-is-your-itch? dept.
jones_supa writes There has been quite a debate around the Linux version of The Witcher 2: Assassins of Kings and the fact that it wasn't really a port. A special kind of wrapper was used to make the Windows version of the game run on Linux systems, similar to Wine. The performance on Linux systems took a hit and users felt betrayed because they thought that they would get a native port. However, after the game stopped launching properly at some point, the reason was actually found to be a Linux regression. Linus quickly took care of the issue on an unofficial Witcher 2 issue tracker on GitHub: "It looks like LDT_empty is buggy on 64-bit kernels. I suspect that the behavior was inconsistent before the tightening change and that it's now broken as a result. I'll write a patch. Serves me right for not digging all the way down the mess of macros." This one goes to the bin "don't break userspace". Linus also reminds of QA: "And maybe this is an excuse for somebody in the x86 maintainer team to try a few games on steam. They *are* likely good tests of odd behavior.."
Security

Adobe Patches One Flash Zero Day, Another Still Unfixed 47

Posted by timothy
from the cross-platform dept.
Trailrunner7 writes Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks. The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn't being used against Chrome or Firefox. On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.
Internet Explorer

Time For Microsoft To Open Source Internet Explorer? 165

Posted by Soulskill
from the if-you-can't-beat-'em dept.
An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."
Chrome

With Community Help, Chrome Could Support Side Tabs Extension 117

Posted by timothy
from the thinking-along-different-axes dept.
jones_supa writes The lack of a vertical tab strip (or "Tree Style Tab" as the Firefox extension is called) has been under a lot of discussion under Chrome/Chromium bug tracker. Some years ago, vertical tabs existed as an experimental feature enabled with a "secret" command line parameter, but that feature was eventually removed from the browser. Since then, Google has been rather quiet about whether such feature is still on the roadmap. Now, a Google engineer casts some light on the issue. He says that a tree-style interface for tabs would be overly complex as a native implementation, but Google would back the idea of improving the extensions interface to support a sidebar-like surface to render the tab UI on, if someone from the open source community would step forward to do the work to drive the feature to completion.
Google

Google Releases More Windows Bugs 263

Posted by Soulskill
from the speak-softly-and-carry-a-big-bugtracker dept.
An anonymous reader writes: Just days after Google angered Microsoft by releasing information about a Windows security flaw, they've now released two more. "The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched." Microsoft says there's no evidence these flaws have been successfully exploited.
Bug

Steam For Linux Bug Wipes Out All of a User's Files 329

Posted by Soulskill
from the big-oops dept.
An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.
Games

Is 'SimCity' Homelessness a Bug Or a Feature? 393

Posted by Soulskill
from the get-the-guiliani-addon dept.
sarahnaomi writes: SimCity players have discussed a variety of creative strategies for their virtual homelessness problem. They've suggested waiting for natural disasters like tornadoes to blow the vagrants away, bulldozing parks where they congregate, or creating such a woefully insufficient city infrastructure that the homeless would leave on their own.

You can read all of these proposed final solutions in Matteo Bittanti's How to Get Rid of Homelessness, "a 600-page epic split in two volumes documenting the so-called 'homeless scandal' that affected 2013's SimCity." Bittanti collected, selected, and transcribed thousands of these messages exchanged by players on publisher Electronic Arts' official forums, Reddit, and the largest online SimCity community Simtropolis, who experienced and then tried to "eradicate" the phenomenon of homelessness that "plagued" SimCity."
Security

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw 629

Posted by timothy
from the well-that's-one-way-to-view-it dept.
An anonymous reader writes Last month, Google took the bold steps to release the details of a security vulnerability ahead of Microsoft. Microsoft responded and said that there was a patch in works which was set to be released two days after Google went live with the details. Microsoft accuses Google for refusing to wait an extra 48 hours so that the patch would have been released along with the details of the exploit. Now, let's see what is happening on the Google side of software development. Recently, an exploit has been uncovered in the WebView component of Android 4.3 — estimated to cover roughly 60% of Android install base — and Google is saying that they will not patch the flaw. Google's only reasoning seems to be that they are not fixing vulnerabilities in 4.3 (introduced in June 2012) anymore, as they have moved focus to newer releases. It would appear that over 930 million Android phones in use are out of official Google security patch support.
Chrome

Chrome For OS X Catches Up With Safari's Emoji Support 104

Posted by timothy
from the luckily-only-words-here dept.
According to The Next Web, Emoji support has landed in the latest developer builds of Chrome for OS X, meaning that emoji can be seen on websites and be entered into text fields for the first time without issues. ... Users on Safari on OS X could already see emoji on the Web without issue, since Apple built that in. The bug in Chrome was fixed on December 11, which went into testing on Chrome’s Canary track recently. From there, we can expect it to move to the consumer version of Chrome in coming weeks.
Bug

Closure On the Linux Lockup Bug 115

Posted by Soulskill
from the it-was-dead-the-whole-time dept.
jones_supa writes: Dave Jones from Red Hat has written a wrap-up of the strange bug that has made some machines running Linux to freeze. (Previous discussion.) Right down to his final week at Red Hat before Dave gave all his hardware back, Linus Torvalds managed to reproduce similar symptoms, by scribbling directly to the HPET timer. He came up with a hack that at least made the kernel survive for him. When Dave tried the same patch, the machine ran for three days before he interrupted it, which was a promising result. The question remains, what was scribbling over the HPET in his case? The only two plausible scenarios Dave could think of were that Trinity generated 0xFED000F0 as a random address and passed that to a syscall which wrote to it, or a hardware bug. That's where the story ends for now. Linus' hacky workaround didn't get committed, but him and John Stultz continue to back and forth on hardening the clock management code in the face of screwed up hardware, so maybe soon we'll see something real get committed on that area.
Security

Asus Wireless Routers Can Be Exploited By Anyone Inside the Network 68

Posted by timothy
from the coming-from-inside-the-building dept.
An anonymous reader writes A currently unpatched bug in ASUS wireless routers has been discovered whereby users inside a network can gain full administrative control, according to recent research conducted by security firm Accuvant. Although the flaw does not allow access to external hackers, anyone within the network can take administrative control and reroute users to malicious websites, as well as holding the ability to install malicious software. The vulnerability stems from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr runs with root privileges and contains an unauthenticated command execution vulnerability, in turn permitting anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router. In relevant part: The block starts off by excluding a couple of OpCode values, which presumably do not require authentication by design. Then, it calls the memcpy and suspiciously checks the return value against zero. This is highly indicative that the author intended to use memcmp instead. That said, even if this check was implemented properly, knowing the device’s MAC address is hardly sufficient authentication,” said Drake. Here are the technical details at GitHub.
Technology

Four Facepalm Bugs In USPS Label-Printing Site 182

Posted by timothy
from the will-immediately-sell-my-stock-in-usps dept.
"The United States Postal Service "Click-N-Ship" site suffered no outages or slowdowns during Christmas rush," writes Bennett Haselton. "It just has bugs that make the process more annoying than just standing in line at the post office, which defeats the purpose. The most frustrating part is that most of these bugs could have been fixed, just by having some testers run through the ordering process and make a note of anything that seems confusing or wrong. (Although I've included notes on how to work around all the bugs, so you really can print your own labels and skip the line.)" Read on for the rest; what other gripes do you have about the current package delivery regime, and how would you resolve them?
Encryption

Tips For Securing Your Secure Shell 148

Posted by Soulskill
from the locking-your-locks dept.
jones_supa writes: As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don't install what you don't need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.
NASA

NASA's Robonaut 2 Can't Use Its Space Legs Upgrade 58

Posted by Soulskill
from the safety-mechanism-to-prevent-it-from-killing-all-humans dept.
BarbaraHudson writes: Robonaut 2, now in orbit on board the International Space Station, has run into problems with the software controlling its new legs. From the article: "The machine ran into a few technical errors. According to NASA, the ground teams deployed Robonaut's software and received telemetry from the robot, but were unable to obtain the correct commands for the leg movement, which are vital to performing every day tasks aboard the International Space Station. Ground teams have begun assessing how to move forward with this issue, though it is unclear if they currently have a fix in mind."
Software

Extra Leap Second To Be Added To Clocks On June 30 289

Posted by Soulskill
from the enjoy-the-extra-sleep dept.
hcs_$reboot writes: On June 30 this year, the day will last a tad longer — one second longer, to be precise — as a leap second is to be added to clocks worldwide. The time UTC will go from 23:59:59 to 23:59:60 in order to cope with Earth's rotation slowing down a bit. So, what do you intend to do during that extra second added to that day? Well, you may want to fix your systems. The last time a leap second was added, in 2012, a number of websites, Java and even Linux experienced some troubles. Leap seconds can be disruptive to precision systems used for navigation and communication. Is there a better way of dealing with the need for leap seconds?
Bug

2014: The Year We Learned How Vulnerable Third-Party Code Libraries Are 255

Posted by timothy
from the creative-misinterpretation dept.
jfruh writes Heartbleed, Shellshock, Poodle — all high-profile vulnerabilities in widely used libraries that rocked the software industry in 2014. Sadly, experts are now beginning to believe that these aren't the only bugs lurking out there in widely used open source code, just the ones that grabbed the most attention. It's beginning to look like one of the foundation concepts of open source — that with enough eyes, all bugs are shallow — is a myth. Of course, probably no one believes that all bugs are instantly shallow, no matter how open is the source, or that open source software is immune from bugs -- particularly ESR, coiner of the phrase.