to post messages and comments.

← All posts tagged

Tor Mail was an anonymized email service run over Tor. It was operated by a company called Freedom Hosting, which was shut down by the FBI last August. The owner was arrested for 'enabling child porn,' and the Tor Mail servers suddenly began hosting FBI malware that attempted to de-anonymize users. Now, Wired reports on a new court filing which indicates that the FBI was also able to grab Tor Mail's entire email database.

Microsoft, partnered with Machinima, has put forth a promotion for YouTube personalities: make a video about the Xbox One and get money for it. Problematically, they also require the reviewer not to disclose that they're getting paid (or mention anything negative), which breaks FTC disclosure rules (PDF).
MS пытается выплыть платными (и требуют что б молчали про это) позитивными видео про Xbox One (также известное как XBone) :}

Тем временем Microsoft удалённо удаляет с вендовых компов (участвовавших в ботнете) старые версии Тора, а Агентство национальной безопасности США собирает 200 млн сообщений в день. Такие дела, товарищи.

The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility.


The C++ standards committee is looking at adopting a Cairo C++ interface as part of a future revision to the ISO C++ standard to provide 2D drawing. Herb Sutter, the chair of the ISO C++ standards committee, sent out a message to the Cairo developers this week about their pursuit to potentially standardize a basic 2D drawing library for ISO C++. The committee right now is looking at using a C++-ified version of Cairo. Sutter wrote, 'we are currently investigating the direction of proposing a mechanically C++-ified version of Cairo. Specifically, "mechanically C++-ified" means taking Cairo as-is and transforming it with a one-page list of mechanical changes such as turning _create functions into constructors, (mystruct*, int length) function parameters to vector<struct>& parameters, that sort of thing — the design and abstractions and functions are unchanged.'

An anonymous reader writes with a link to Der Spiegel, which describes a Top-Secret spy-agency catalog which reveals that the NSA "has been secretly back dooring equipment from US companies including Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor and more, risking enormous damage to US tech sector." Der Spiegel also has a wider ranging article about the agency's Tailored Access Operations unit.

Добро пожаловать в мир бэкдоров. Кстати, оперативная информация: шапочка из фольги больше не помогает.

An interesting bug regarding update dependency calculation has been found in Windows XP. By design, machines using Windows Update retrieve patch information from Microsoft's update servers (or possibly WSUS in a company setting). That patch information contains information about each patch: what software it applies to and, critically, what historic patch or patches the current patch supersedes. Unfortunately, the Windows Update client components used an algorithm with exponential scaling when processing these lists. Each additional superseded patch would double the time taken to process the list. With the operating system now very old, those lists have grown long, sometimes to 40 or more items. On a new machine, that processing appeared to be almost instantaneous. It is now very slow. After starting the system, svchost.exe is chewing up the entire processor, sometimes for an hour or more at a time. Wait long enough after booting and the machine will eventually return to normalcy.