I T S S
Skip to content
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Duplication
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)
  • Cryptocurrencies and Coinbase
  • Instant Messengers and Info Leaks

Slashdot

News for nerds

  • It's the Hottest Job Market in 20 Years for Tech Workers
    by EditorDavid on 01/08/2021 at 7:34 am

    Tribune News Services says we're now experiencing the "hottest job market for tech workers since dot-com era" There's an air of desperation among tech employers this summer. Software talent, it seems, is in such high demand that companies are morphing how they hire. And workers are the ones with the power. Good and experienced tech workers are being treated like local celebrities — hounded by recruiters, courted by managers and bestowed a bevy of options before choosing their next boss... The demand has been attributed to all sorts of things. During the pandemic, businesses that had been slow to adopt enterprise software began rapidly catching up. A tidal wave of productivity software, conferencing and collaboration tools, and e-commerce tech flooded the world. The same was true for consumer tech, with video game development, entertainment tech and social platforms booming. Many of these jobs are going unfilled, as competition for new hires ramps up. Simultaneously, remote work became the status quo in the tech industry. Suddenly, software talent could pick and choose from a massive pool of job opportunities... To win a bid on a quality engineer, companies are offering things like flexible hours, sign-on bonuses and permanent remote work, the last of which has become a requirement for much of the workforce. Dice, a website and staffing firm that focuses on tech talent, published a report in June that found only 17% of technologists wanted to work in an office full time, while 59% wanted remote and hybrid approaches. Read more of this story at Slashdot.

  • In Hawaii, Robot Dogs Join the Police Force
    by EditorDavid on 01/08/2021 at 3:34 am

    "If you're homeless and looking for temporary shelter in Hawaii's capital, expect a visit from a robotic police dog that will scan your eye to make sure you don't have a fever," reports the Associated Press: That's just one of the ways public safety agencies are starting to use Spot, the best-known of a new commercial category of robots that trot around with animal-like agility. The handful of police officials experimenting with the four-legged machines say they're just another tool, like existing drones and simple wheeled robots, to keep emergency responders out of harm's way as they scout for dangers. But privacy watchdogs â" the human kind â" warn that police are secretly rushing to buy the robots without setting safeguards against aggressive, invasive or dehumanizing uses. In Honolulu, the police department spent about $150,000 in federal pandemic relief money to buy their Spot from robotics firm Boston Dynamics for use at a government-run tent city near the airport. "Because these people are houseless it's considered OK to do that," said Jongwook Kim, legal director at the American Civil Liberties Union of Hawaii. "At some point it will come out again for some different use after the pandemic is over." Acting Lt. Joseph O'Neal of the Honolulu Police Department's community outreach unit defended the robot's use in a media demonstration earlier this year. He said it has protected officers, shelter staff and residents by scanning body temperatures between meal times at a shelter where homeless people could quarantine and get tested for COVID-19. The robot is also used to remotely interview individuals who have tested positive. "We have not had a single person out there that said, 'That's scary, that's worrisome,'" O'Neal said. "We don't just walk around and arbitrarily scan people." Read more of this story at Slashdot.

  • Chinese Hackers Used Mesh of Home Routers To Disguise Attacks
    by EditorDavid on 01/08/2021 at 1:34 am

    An anonymous reader quotes The Record: A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks. In a security alert, the French National Cybersecurity Agency, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), published a list of 161 IP addresses that have been hijacked by APT31 in recent attacks against French organizations. French officials said that APT31's proxy botnet was used to perform both reconnaissance operations against their targets, but also to carry out the attacks themselves. The attacks started at the beginning of 2021 and are still ongoing... The Record understands that APT31 used proxy meshes made of home routers as a way to scan the internet and then launch and disguise its attacks against Exchange email servers earlier this year; however, the technique was also used for other operations as well. Read more of this story at Slashdot.

  • Free Software Foundation Will Fund Papers on Issues Around Microsoft's 'GitHub Copilot'
    by EditorDavid on 31/07/2021 at 10:34 pm

    GitHub's new "Copilot" tool (created by Microsoft and OpenAI) shares the autocompletion suggestions of an AI trained on code repositories. But can that violate the original coder's license? Now the Free Software Foundation (FSF) is calling for a closer look at these and many other issues... "We already know that Copilot as it stands is unacceptable and unjust, from our perspective," they wrote in a blog post this week, arguing that Copilot "requires running software that is not free/libre (Visual Studio, or parts of Visual Studio Code), and Copilot is Service as a Software Substitute. These are settled questions as far as we are concerned." "However, Copilot raises many other questions which require deeper examination..." The Free Software Foundation has received numerous inquiries about our position on these questions. We can see that Copilot's use of freely licensed software has many implications for an incredibly large portion of the free software community. Developers want to know whether training a neural network on their software can really be considered fair use. Others who may be interested in using Copilot wonder if the code snippets and other elements copied from GitHub-hosted repositories could result in copyright infringement. And even if everything might be legally copacetic, activists wonder if there isn't something fundamentally unfair about a proprietary software company building a service off their work. With all these questions, many of them with legal implications that at first glance may have not been previously tested in a court of law, there aren't many simple answers. To get the answers the community needs, and to identify the best opportunities for defending user freedom in this space, the FSF is announcing a funded call for white papers to address Copilot, copyright, machine learning, and free software. We will read the submitted white papers, and we will publish ones that we think help elucidate the problem. We will provide a monetary reward of $500 for the papers we publish. They add that the following questions are of particular interest: Is Copilot's training on public repositories infringing copyright? Is it fair use? How likely is the output of Copilot to generate actionable claims of violations on GPL-licensed works? How can developers ensure that any code to which they hold the copyright is protected against violations generated by Copilot? Is there a way for developers using Copilot to comply with free software licenses like the GPL? If Copilot learns from AGPL-covered code, is Copilot infringing the AGPL? If Copilot generates code which does give rise to a violation of a free software licensed work, how can this violation be discovered by the copyright holder on the underlying work? Is a trained artificial intelligence (AI) / machine learning (ML) model resulting from machine learning a compiled version of the training data, or is it something else, like source code that users can modify by doing further training? Is the Copilot trained AI/ML model copyrighted? If so, who holds that copyright? Should ethical advocacy organizations like the FSF argue for change in copyright law relevant to these questions? Read more of this story at Slashdot.

  • US Justice Department Says Russians Hacked Its Federal Prosecutors
    by EditorDavid on 31/07/2021 at 9:34 pm

    In January America's federal Justice Department said there was no evidence that Russian hackers behind the massive SolarWinds breach had accessed classified systems, remembers the Associated Press. But today? The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee's email account compromised during the hacking campaign. The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December... Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York. "I don't remember ever having someone bring me a document instead of emailing it to me because of security concerns," she said, noting exceptions for classified materials... The Associated Press previously reported that SolarWinds hackers had gained access to email accounts belonging to the then-acting Homeland Security Secretary Chad Wolf and members of the department's cybersecurity staff... Read more of this story at Slashdot.

  • Nobel Winner Steven Weinberg, Who Unified Two of Physics' Fundamental Forces, Has Died
    by EditorDavid on 31/07/2021 at 8:34 pm

    Long-time Slashdot reader Mogster quotes : Steven Weinberg, a Nobel-prize winning physicist whose work helped link two of the four fundamental forces, has died at the age of 88, the University of Texas at Austin (UT Austin) announced Saturday (July 24). HIs work was foundational to the Standard Model, the overarching physics theory that describes how subatomic particles behave. His seminal work was a slim, three-page paper published in 1967 in the journal Physical Review Letters and entitled "A Model of Leptons." In it, he predicted how subatomic particles known as W, Z and the famous Higgs boson should behave — years before those particles were detected experimentally, according to a statement from UT Austin. The paper also helped unify the electromagnetic force and the weak force and predicted that so-called "neutral weak currents" governed how particles would interact, according to the statement. In 1979, Weinberg and physicists Sheldon Glashow and Abdus Salam earned the Nobel Prize in physics for this work. Throughout his life, Weinberg would continue his search for a unified theory that would unite all four forces, according to the statement. Weinberg also wrote a book called "The First Three Minutes: A Modern View of the Origin of the Universe" — in 1977. Read more of this story at Slashdot.

Archives

  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress