Intel Cache Poisoning Is Dangerously Easy On Linux
Julie188 writes “A researcher recently released proof-of-concept code for an exploit that allows a hacker to overrun an Intel CPU cache and plant a rootkit. A second, independent researcher has examined the exploit and noted that it is so simple and so stealthy that it is likely out in the wild now, unbeknownst to its victims. The attack works best on a Linux system with an Intel DQ35 motherboard with 2GB of memory. It turns out that Linux allows the root user to access MTR registers incredibly easily. With Windows this exploit can be used, but requires much more work and skill and so while the Linux exploit code is readily available now, no Windows exploit code has, so far, been released or seen. This attack is hardware specific, but unfortunately, it is specific to Intel’s popular DQ35 motherboards.”
Read more of this story at Slashdot.
Predator C Avenger Makes First Flights
stoolpigeon writes “General Atomics’ new unmanned combat aerial vehicle, the Predator C Avenger, has been making test flights. This new Predator has a stealthy design, 20-hour endurance, is jet powered and has an internal weapons bay. A number of photos have just become available. ‘The aircraft was designed so the wings can be folded for storage in hangars or aircraft carrier operations if a naval customer is found. Cassidy, a retired admiral, has talked about a possible Navy role for Predator C since 2002. The Navy was interested in the Predator B’s capabilities, but didn’t want to introduce any new propeller-driven aircraft onto carrier decks. The UAV also comes with a tailhook, suggesting that carrier-related trials are planned. The inner section of the cranked wing is deep, providing structural strength for carrier landings and generous fuel volume while maintaining a dry, folding outer wing. Right now, the US Air Force and Royal Air Force are considered the most likely users.'”
Read more of this story at Slashdot.
Netscape Alums Tackle Cloud Storage
BobB-nw writes “A new cloud storage vendor is entering the market, promising an enterprise-class file system with snapshots, replication, and other features designed to simplify adoption for existing users and applications. Zetta, founded in 2007 by veterans of Netscape, has million in funding and is coming out of stealth mode Monday with Enterprise Cloud Storage, a Web-based storage platform that will compete against Amazon’s Simple Storage Service and a growing number of cloud vendors. Zetta’s goal was to build a Web-based storage system that would be accepted by enterprise IT professionals for storing primary data. ‘Data growth rates are staggering. In businesses you see growth rates of 40 to 60 percent year over year,’ says CEO Jeff Treuhaft, a Zetta cofounder and formerly one of Netscape’s first employees. Another Zetta cofounder is Lou Montulli, an early Netscape employee who invented Web cookies.”
Read more of this story at Slashdot.
Linux : Psyb0t Attacks Linux Routers (Update)
Quick Boot Linux Hopes To Win Over Windows Users
Al writes “A company called Presto hopes to exploit the painful amount of time it takes for Windows computers to start up by offering a streamlined version of Linux that boots in just seconds. Presto’s distro comes with Firefox, Skype and other goodies pre-installed and the company has also created an app store so that users can install only what they really need. The software was demonstrated at this years’s Demo conference in Palm Desert, CA. Interestingly, the company barely mentions the name Linux on its website. Is this a clever stealth-marketing ploy for converting Windows users to Linux?”
Read more of this story at Slashdot.
New, Stealthy Conficker B++ Worm Discovered
nandemoari writes “A new variant of the Conficker/Downadup worm has been detected. The worm opens a backdoor on an infected machine and allows hackers remote control of infected PCs. Dubbed Conficker B++ (and not to be confused with Conficker B), the new variant of the worm opens a backdoor with auto-update functionality, allowing a hacker to distribute malware to infected machines. It’s difficult to know exactly how long Conficker B++ has been circulating, but researchers first noticed it on February 6 of this year.” If this seems familiar to you, it probably is.
Read more of this story at Slashdot.
Casinos Warn iPhone Card-Counting App is Illegal
An anonymous reader writes “Gaming commissions in Nevada are informing casinos that a new card counting program has made its way to the Apple iPhone, called Hi Lo. This program can be used in the Stealth Mode. When the program is used in the Stealth Mode the screen of the phone will remain shut off, and as long as the user knows where the keys are located the program can be run effortlessly without detection. Randall Sayre, of the Nevada Gaming Commission says ‘Use of this type of program or possession of a device with this type of program on it (with the intent to use it), in a licensed gaming establishment, is a violation of NRS 465.075.'”
Read more of this story at Slashdot.
Reverse Engineering a Missile Launcher Toy’s Interface
nitro writes “A fairly in-depth technical report by the security researchers at TippingPoint was released on how to reverse engineer the proprietary protocol for controlling a USB missile-launching toy system. They develop an iPhone application to control the device. ‘The hardware is coupled with a simple GUI controller written in Delphi (MissileLauncher.exe) and a USB Human Interface Device (HID) interface written in C++ (USBHID.dll). The toys lost their allure within minutes of harassing my team with a barrage of soft missile shots. That same night I thought I would be able to extend the fun factor by coding up a programmatic interface to the launchers in Python. … One interesting thing is that we have a lot more granular control of the turret movement now than we did with the original GUI. I wrote two simple loops to count the number of possible horizontal and vertical ticks and the results were 947 horizontal and 91 vertical versus 54 and 10 from the original GUI respectively. Granular control allows you to slowly and quietly reposition the turret for stealthy attacks.'”
Read more of this story at Slashdot.
APOD: Globular Cluster NGC 2419
Of three objects prominent in this thoughtful telescopic image, a view toward the stealthy constellation Lynx, two (the spiky ones) are nearby stars. The third is the remote globular star cluster NGC 2419, at distance of nearly 300,000 light-years. NGC 2419 is sometimes called “the Intergalactic Wanderer”, an appropriate title considering that…