I T S S
Skip to content
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Duplication
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Computer-Driven Hedge Funds Surge Ahead Amid Chaotic Markets
    by msmash on 05/10/2022 at 5:21 pm

    A $200 billion corner of the hedge funds industry dominated by computer-driven algorithms has been making the most of wild swings in global markets, putting many of those funds on course for a record year of gains. From a report: Aspect Capital's Diversified Programme returned 5.2% last month to bolster its gains for this year to nearly 44%, according to an investor document. Tulip Trend Fund rose more than 58% through September, while the Lynx fund was up in excess of 45%, according to updates on their websites. The funds, which use computing power to analyze vast amounts of data to predict the direction of stocks, bonds, currency and commodities markets, are emerging as one of the biggest winners among hedge fund strategies this year as soaring inflation and rising interest rate spark the volatility they thrive on. Read more of this story at Slashdot.

  • Former Amazon Worker Gets Probation For Massive Capital One Hack
    by msmash on 05/10/2022 at 4:41 pm

    A former Seattle tech worker convicted of several charges related to a massive hack of Capital One bank and other companies in 2019 was sentenced Tuesday to time served and five years of probation. From a report: U.S. District Judge Robert S. Lasnik said sentencing former Amazon software engineer Paige Thompson to time in prison would have been particularly difficult on her "because of her mental health and transgender status," the Department of Justice said in a statement. U.S. Attorney Nick Brown said his office was "very disappointed" with the sentencing decision, adding prosecutors had asked for Thompson to serve seven years in prison. "This is not what justice looks like," Brown said in the statement. In June, a Seattle jury found her guilty of wire fraud, unauthorized access to a protected computer and damaging a protected computer. The jury acquitted her of other charges, including access device fraud and aggravated identity theft. Read more of this story at Slashdot.

  • Intel Laptop Users Should Avoid Linux 5.19.12 To Avoid Potentially Damaging The Display
    by msmash on 05/10/2022 at 4:00 pm

    Intel laptop users running Linux are being advised to avoid running the latest Linux 5.19.12 stable kernel point release as it can potentially damage the display. From a report: Intel Linux laptop users on Linux 5.19.12 have begun reporting "white flashing" display issues with one user describing it as "[the] laptop display starts to blink like lights in a 90's rave party." Intel Linux kernel engineer Ville Syrjal posted this week on the kernel mailing list: "After looking at some logs we do end up with potentially bogus panel power sequencing delays, which may harm the LCD panel." Read more of this story at Slashdot.

  • Election Software Executive Arrested on Suspicion of Theft
    by msmash on 05/10/2022 at 3:21 pm

    The top executive of an elections technology company that has been the focus of attention among election deniers was arrested by Los Angeles County officials in connection with an investigation into the text, the county said on Tuesday. From a report: Eugene Yu, the founder and chief executive of Konnech, the technology company, was taken into custody on suspicion of theft, the Los Angeles County district attorney, George Gascon, said in a statement. Konnech, which is based in Michigan, develops software to manage election logistics, like scheduling poll workers. Los Angeles County is among its customers. The company has been accused by groups challenging the validity of the 2020 presidential election with storing information about poll workers on servers in China. The company has repeatedly denied keeping data outside the United States, including in recent statements to The New York Times. Mr. Gascon's office said its investigators had found data stored in China. Holding the data there would violate Konnech's contract with the county. Read more of this story at Slashdot.

  • Fraud, Scam Cases Increasing on P2P Payment Service Zelle, Senate Report Finds
    by msmash on 05/10/2022 at 2:40 pm

    Incidents of fraud and scams are occurring more often on the popular peer-to-peer payment service Zelle, according to a report issued Monday by the office of Sen. Elizabeth Warren, giving the public its first glimpse into the growing problems at Zelle. From a report: The report also found that the large banks that partly own Zelle have been reluctant to compensate customers who have been victims of fraud or scams. For instance, less than half of the money customers reported being sent via Zelle without authorization was being reimbursed. Warren, D-Massachusetts, a long-time critic of the big banks, requested data on fraud and scams on Zelle from seven banks starting in April. The report cites data from four banks that tallied 192,878 cases worth collectively $213.8 million in 2021 and the first half of 2022 where a customer claimed they had been fraudulently tricked into making a payment. In only roughly 3,500 cases did those banks reimburse the customer, the report found. Further, in the cases where it's clear funds had been taken out of customers' accounts without authorization, only 47% of those dollars were ever reimbursed. Since being launched in June 2017, Zelle has become a popular way for bank customers to send money to friends and family. Almost $500 billion in funds were sent via Zelle in 2021, according to Early Warning Services, the company that operates Zelle. Zelle is the banking industry's answer to the growing popularity of peer-to-peer payment services like PayPal, Venmo and the Cash App. The service allows a bank customer to instantaneously send money to a person via their email or phone number, and it will go from one bank account to another. More than 1,700 banks and credit unions offer the service. But the service has also grown more popular with scammers and criminals. Once money is sent via Zelle, it requires a bank's intervention to attempt to get that money back. Read more of this story at Slashdot.

  • Nobel Prize in Chemistry Awarded To 3 Scientists for Work 'Snapping Molecules Together'
    by msmash on 05/10/2022 at 2:00 pm

    The Nobel Prize in Chemistry was awarded to Carolyn R. Bertozzi, Morten Meldal and K. Barry Sharpless on Wednesday for the development of click chemistry and bio-orthogonal chemistry -- work that has "led to a revolution in how chemists think about linking molecules together," the Nobel committee said. The New York Times: Dr. Bertozzi is the eighth woman to be awarded the prize, and Dr. Sharpless is the fifth scientist to be honored with two Nobels, the committee noted. Johan Aqvist, the chair of the chemistry committee, said that this year's prize dealt with "not overcomplicating matters, instead working with what is easy and simple." "Click chemistry is almost like it sounds," he said of a field whose name Dr. Sharpless coined in 2000. "It's all about snapping molecules together. Imagine that you could attach small chemical buckles to different types of building blocks. Then you could link these buckles together and produce molecules of greater complexity and variation." Shortly after Dr. Sharpless coined the concept, both he and Dr. Meldal independently discovered a chemical reaction called copper-catalyzed azide-alkyne cycloaddition, known today as the crown jewel of click chemistry. "When this reaction was discovered, it was like opening the floodgates," Olof Ramstrom, a member of the Nobel Committee for Chemistry, said in a briefing after the laureates were announced. "We were using it everywhere, to build everything." Dr. Bertozzi, a chemist and professor at Stanford, was able to apply this reaction to biomolecules, often found on cell surfaces, in living organisms without affecting the chemistry of the cells she was observing. Before her extensive research with glycans, or sugar chains, scientists' understanding of this subfield of glycobiology had been hampered by an inability to see molecules in action in living cells. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress