The Java crisis, an interesting read on the Guardian Technology blog.
LE: Apparently the story is a bluff since this SUPER SECRET WTF OMGGMG SHIT discovery has been publicly known and used for at least 6 years now(look for 0x9c5a203a at the beginning). So, El Reg, you suck for not verifying stories before publishing them. AMD Rocks!
According to The Register a super secret password protected on-chip debugger has been discovered in all AMD chips since Athlon XP. The debugger seems to be activated once a specific password value(0x9C5A203A) has been set in a certain register(EDI to be more exact, a heavily used register).
I can’t help but wonder where exactly software security will stand on AMD CPUs, once you can access and control chip functionality by just setting a certain value in a register(free ring0 access huh?, local root?..nice, what about system?..even nicer). What about that value making it into that register by chance? Slow CPU operation? Deal with it.
Though i am afraid my assumptions are just heuristic since one needs more details and insight into this issue before making this into a statement. Quote from Czernobyl(the discoverer):
Amidst a ton of comments, I’ve seen some somber interrogations about security. IMO what is described herein does not pose new security problems per se; after all MSRs and Control Registers aren’t accessible except from ring zero. Nor are the Host’s CRs and MSRs accessible from a properly designed Virtual machine. I doubt the newly disclosed features will open security risks that were not already present due to poor OS and/or virtualization systems designs… (end of note).
Excerpt from The Register article:
A hardware hacker has discovered a secret debugging feature hidden in all AMD chips made in the past decade.
The password-protected debugger came as a shock to reverse-engineers who have hungered for an on-chip mechanism for performing conditional and direct-hardware breakpoint operations. Although AMD has built the firmware-controlled feature into all chips since the Athlon XP, the company kept it a closely guarded secret that was only disclosed late last week by a hacker who goes by the name Czernobyl.
Yesterday, Packet Storm re-launched with a completely new website, both in looks and functionality, adding lots of web2.0 features like favorites, commenting, trending, tagging and rss everywhere, etc..
In my opinion the new framework is very promising, but hey, why not decide for yourself. Here is the e-mail announcing the launch:
November 15, 2010 – Today is the launch of a completely
new version of Packet Storm that has been long awaited
and is long overdue. The security community has given
us a lot of feedback during our design phase and we
have attempted to integrate many features.
As you may already know, Packet Storm is home to a
massive security portal that houses news, whitepapers,
advisories, exploits and tools.
It’s a place to showcase your work, whether it be
a research advisory or a tool you wrote. It’s a
place to check news headlines coming down the
wire or to find out about the latest vulnerabilities.
The goal of the new site is usability and integration.
We realized that this community is missing a centralized
portal to appropriately promote their work and interact
with others in the community.
The site currently hosts:
More than 38,000 advisories
More than 20,000 exploits
More than 5,000 tools
More than 2,000 whitepapers
Full historical view of releases – going all the way back to 1998.
New core features:
Trending for top author, popular topics and daily additions
Tagging exists all over the place
Commenting is allowed everywhere
RSS feeds are all over the place
Search Users, Files, News and Authors
Commenting, favorites and the ability to view the favorites of the people you follow.
CVE and OSVDB integration
Privacy settings for all personal information
You can send messages to other users
You can switch to a minimal listing view
You can set your primary mirror; we’re on four continents
Share items with Facebook, Twitter, Digg, Reddit, LinkedIn, etc
Your very own author page and author id.
Ability to add biographic information and a picture.
Authors ranked by releases per month
If an already established author applies with the
same email address as is stored in the archive,
their profile will be linked to their work on the site.
Twenty years at least for now, because there’s a second conviction on a second trial to be made on which he could get up to 25 years. The court has agreed to serving his sentences concurrently, though, which means if he gets more then 20 year in the second case then he will serve that one if not he will serve the first one, sort of to speak.
Read more here.
Convicted TJX hacker Albert Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.
The information comes from one of Gonzalez’s best friends and convicted accomplices, Stephen Watt. Watt pleaded guilty last year to creating a sniffer program that Gonzalez used to siphon millions of credit and debit card numbers from the TJX corporate network while he was working undercover for the government.
Watt told Threat Level that Gonzalez was paid in cash, which is generally done to protect someone’s status as a confidential informant. The Secret Service said it would not comment on payments made to informants. Gonzalez’s attorney did not respond to a call for comment.
Yes that’s right and especially if you play Starcraft II beta.
You can find further info on this issue here.
The conclusion is that if you upgrade to the latest driver(196.75) and run the right graphics intense game your graphics card fans might start to malfunction because of some probably(very) stupid piece of code in the new driver and thus your graphics card will start to overheat, leading to irrevocably damage to your card, most probably killing it for good.
These being said, DO NOT UPGRADE to the latest Nvidia 196.75 driver!
If you have done already then roll back to the last version. Nvidia has also taken action and removed the download for the driver in question, but be aware since you might get that driver through Windows update or any other third party drivers and utilities software upgrade tool you might have on your system, like the ones that come from laptop vendors for eg.
Classic game Quake III will be re-released for the web browser on Tuesday, highlighting the rapid development in web games.
It runs inside browsers after the installation of a software plug-in.
“It is a significant step which proves browser games can be sophisticated,” said Michael French, editor of games industry magazine Develop.
Quake Live is a version of a PC game which was first launched in 1999.
The game is being released free of charge for browsers by id Software, and is supported by advertising. It opens to the public as a beta later on Tuesday.
I especially like the free part but as for the ideea of playing a game like quake in the browser i can’t really say that i am attracted too or see lots of benefits out of it(besides playing it at the office because installing a game at the office allways tends to be a little tricky), but i am not the only person on this earth so who cares if there are other millions who would enjoy it and lots money to be made out of it.