Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • New Bacteria Have Been Discovered on a Chinese Space Station
    by BeauHD on 22/05/2025 at 7:00 am

    Scientists have discovered a previously unknown bacterium aboard China's Tiangong space station. "It has been named Niallia tiangongensis, and it inhabited the cockpit controls on the station, living in microgravity conditions," reports Wired. From the report: According to China Central Television, the country's national broadcaster, taikonauts (Chinese astronauts) collected swab samples from the space station in May 2023, which were then frozen and sent back to Earth for study. The aim of this work was to investigate the behavior of microorganisms, gathered from a completely sealed environment with a human crew, during space travel, as part of the China Space Station Habitation Area Microbiome Program (CHAMP). A paper published in the Journal of Systematic and Evolutionary Microbiology describes how analysis of samples from the space station revealed this previously unseen bacterial species, which belongs to the genus Niallia. Genomic sequencing showed that its closest terrestrial relative is the bacterium Niallia circulans, although the Tiangong species has substantial genetic differences. [...] It is unclear whether the newly discovered microbe evolved on the space station or whether it is part of the vast sea of as yet unidentified microorganisms on Earth. To date, tens of thousands of bacterial species have been cataloged, although there are estimated to be billions more unclassified species on Earth. The discovery of Niallia tiangongensis will provide a better understanding of the microscopic hazards that the next generation of space travelers will face and help design sanitation protocols for extended missions. It is still too early to determine whether the space bacterium poses any danger to taikonauts aboard Tiangong, although it is known that its terrestrial relative, Niallia circulans, can cause sepsis, especially in immunocompromised people. Read more of this story at Slashdot.

  • Denver Detectives Crack Deadly Arson Case Using Teens' Google Search Histories
    by msmash on 22/05/2025 at 5:00 am

    Three teenagers nearly escaped prosecution for a 2020 house fire that killed five people until Denver police discovered a novel investigative technique: requesting Google search histories for specific terms. Kevin Bui, Gavin Seymour, and Dillon Siebert had burned down a house in Green Valley Ranch, mistakenly targeting innocent Senegalese immigrants after Bui used Apple's Find My feature to track his stolen phone to the wrong address. The August 2020 arson killed a family of five, including a toddler and infant. For months, detectives Neil Baker and Ernest Sandoval had no viable leads despite security footage showing three masked figures. Traditional methods -- cell tower data, geofence warrants, and hundreds of tips -- yielded nothing concrete. The breakthrough came when another detective suggested Google might have records of anyone searching the address beforehand. Police obtained a reverse keyword search warrant requesting all users who had searched variations of "5312 Truckee Street" in the 15 days before the fire. Google provided 61 matching devices. Cross-referencing with earlier cell tower data revealed the three suspects, who had collectively searched the address dozens of times, including floor plans on Zillow. Read more of this story at Slashdot.

  • Brembo's New Brakes Cut Particulate Emissions By 90 Percent
    by BeauHD on 22/05/2025 at 3:30 am

    An anonymous reader quotes a report from Ars Technica: As electric vehicles reduce car exhaust as a source of particulate emissions, people are increasingly focusing on other vehicular sources of pollution that won't go away with electrification. Tires are one of them, particularly as we grapple with overweight EVs with tire-shredding torque. And brakes are another -- even an EV with regenerative braking will occasionally need to use its friction brakes, after all. Over in Europe, the people responsible for writing regulations have taken this into consideration with the upcoming Euro 7 standard, which sets new limits on 10- and 2.5-micron particulate emissions on all new vehicles -- including EVs -- starting next year. And to help OEMs achieve that target, Brembo has developed a new brake and pad set called Greentell that it says cuts brake dust emissions by 90 percent, improving durability in the process. [...] Brembo investigated a range of solutions before settling on using laser metal deposition. Physical vapor deposition, as used as a durability coating for wristwatches and firearms, was ruled out due to cost. "So it can be used for some special application or some small pieces, but when you are speaking about 20 kilos of cast iron, PVD is not the right solution. LMD is a technology that [has been] available... [for] years, but [it hasn't yet been] applicable in a high volume application. So the goal is to find the best compromise between performance and process," [Fabiano Carminati, VP of disc technical development at Brembo] told me. Together with the reduction in brake dust, there's an 80 percent reduction in surface corrosion compared to conventional brakes, but they won't last forever. "The thickness of the layer that we apply is not so high -- we apply just 100-120 microns. That means that the disk is not a lifetime disk," he said. That said, Greentell brakes should need replacing less often, and while that's not entirely in Brembo's best financial interests, neither is not being able to offer its customers a Euro 7-compliant product. Read more of this story at Slashdot.

  • Phone Companies Failed To Warn Senators About Surveillance, Wyden Says
    by msmash on 22/05/2025 at 2:00 am

    Sen. Ron Wyden (D-Ore.) revealed in a new letter to Senate colleagues Wednesday that AT&T, Verizon and T-Mobile failed to create systems for notifying senators about government surveillance on Senate-issued devices -- despite a requirement to do so. From a report: Phone service providers are contractually obligated to inform senators when a law enforcement agency requests their records, thanks to protections enacted in 2020. But in an investigation, Wyden's staff found that none of the three major carriers had created a system to send those notifications. "My staff discovered that, alarmingly, these crucial notifications were not happening, likely in violation of the carriers' contracts with the [Senate Sergeant at Arms], leaving the Senate vulnerable to surveillance," Wyden said in the letter, obtained first by POLITICO, dated May 21. Wyden said that the companies all started providing notification after his office's investigation. But one carrier told Wyden's office it had previously turned over Senate data to law enforcement without notifying lawmakers, according to the letter. Read more of this story at Slashdot.

  • SEC Sues Crypto Startup Unicoin and Its Executives For Fraud
    by BeauHD on 22/05/2025 at 12:02 am

    The SEC on Wednesday said it has charged cryptocurrency startup Unicoin and three of its top executives for false and misleading statements that raised more than $100 million from thousands of investors. "We allege that Unicoin and its executives exploited thousands of investors with fictitious promises that its tokens, when issued, would be backed by real-world assets including an international portfolio of valuable real estate holdings," said Mark Cave, Associate Director in the SEC's Division of Enforcement. "But as we allege, the real estate assets were worth a mere fraction of what the company claimed, and the majority of the company's sales of rights certificates were illusory. Unicoin's most senior executives are alleged to have perpetuated the fraud, and today's action seeks accountability for their conduct." From the release: The SEC alleges that Unicoin broadly marketed rights certificates to the public through extensive promotional efforts, including advertisements in major airports, on thousands of New York City taxis, and on television and social media. Among other things, Unicoin and its executives are alleged to have convinced more than 5,000 investors to purchase rights certificates through false and misleading statements that portrayed them as investments in safe, stable, and profitable "next generation" crypto assets, including claims that: - Unicoin tokens underlying the rights certificates were "asset-backed" by billions of dollars of real estate and equity interests in pre-IPO companies, when Unicoin's assets were never worth more than a small fraction of that amount; - the company had sold more than $3 billion in rights certificates, when it raised no more than $110 million; and - the rights certificates and Unicoin tokens were "SEC-registered" or "U.S. registered" when they were not. According to the SEC's complaint, Unicoin and Konanykhin also violated the federal securities laws by engaging in unregistered offers and sales of rights certificates. Konanykhin offered and sold over 37.9 million of his rights certificates to offer better pricing and target investors the company had prohibited from participating in the offering to avoid jeopardizing its exemption to registration requirements, as alleged. Read more of this story at Slashdot.

  • Quebec To Impose French-Language Quotas On Streaming Giants
    by BeauHD on 21/05/2025 at 11:20 pm

    Quebec Culture Minister Mathieu Lacombe has introduced Bill 109, which would require streaming platforms like Netflix and Spotify to feature and prioritize French-language content. CBC.ca reports: Bill 109 has been in the works for over a year. It marks the first time that Quebec would set a "visibility quota" for French-language content on major streaming platforms such as Netflix, Disney and Spotify. [...] The legislation, titled An Act to affirm the cultural sovereignty of Quebec and to enact the Act respecting the discoverability of French-language cultural content in the digital environment, would apply to every digital platform that offers a service for watching videos or listening to music and audiobooks online. Those include Canadian platforms such as Illico, Crave and Tou.tv. It would amend the Quebec Charter of Human Rights and Freedoms to enshrine "the right to discoverability of and access to original French-language cultural content." If the bill is adopted, streaming platforms and television manufacturers would be forced to present interfaces for screening online videos in French by default. Those interfaces would need to provide access to platforms that offer original French-language cultural content based on the government's pending criteria. Financial penalties would be imposed on companies that don't follow the rules. If the business models of some companies prevent them from keeping to the letter of the proposed law, companies would be allowed to enter into an agreement with the Quebec government to set out "substitute measures" to fulfil Bill 109 obligations differently. "We don't want to exempt them. We're telling them, 'let's negotiate substitute measures,'" Lacombe told reporters. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress