Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Chrome Will Automatically Disable Web Notifications You Don't Care About
    by msmash on 10/10/2025 at 7:20 pm

    Google is introducing a new Chrome browser feature for Android and desktop users that automatically turns off notifications for websites that you're already ignoring. From a report: Chrome's Safety Check feature already provides similar functionality for camera access and location tracking permissions. This new auto-revocation feature builds on a similar Android feature that already makes it easier for Chrome users to unsubscribe from website notifications they don't care about with a single tap. The feature doesn't revoke notifications for any web apps installed on the device, and permissions will only be disabled for sites that send a lot of notifications that users rarely engage with. Less than one percent of all web notifications in Chrome currently receive any interaction from users, according to Google, often making them more distracting than helpful. Read more of this story at Slashdot.

  • Climate Goals Go Up in Smoke as US Datacenters Turn To Coal
    by msmash on 10/10/2025 at 6:42 pm

    US datacenters are experiencing a significant shift toward coal-powered energy due to elevated natural gas prices and rapidly growing electricity demand. From a report: According to a research note from financial services firm Jefferies, datacenter operators are racing to connect new capacity to the electrical grid, with accelerated load growth expected during the 2026-2028 period. This spike in demand is driving an unexpected resurgence in coal generation, which has increased nearly 20 percent year-to-date. The research note, seen by The Register, states: "We raise our estimate for coal generation by ~11 percent (driven by higher capacity factors), and staying elevated through 2027 on favorable fuel pricing vs gas (particularly for existing fleet)." Warnings emerged last year that rising energy demand from the proliferation of data centers in the US risked outstripping available generation capacity, potentially extending the operational life of coal-fired power plants. Further reading: India Needs Coal For the Next Decade and Nobody Wants To Say It. Read more of this story at Slashdot.

  • Apple Doubles Its Biggest Bug Bounty Reward To $2 Million
    by msmash on 10/10/2025 at 6:01 pm

    Apple is updating its Security Bounty program this November to offer some of the highest rewards in the industry. From a report: It has doubled its top award from $1 million to $2 million for the discovery of "exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks" and which requires no user interaction. But the maximum possible payout can exceed $5 million dollars for the discovery of more critical vulnerabilities, such as bugs in beta software and Lockdown Mode bypasses. Lockdown Mode is an upgraded security architecture in the Safari browser. In addition, the company is rewarding the discovery of exploit chains with one-click user interaction with up to $1 million instead of just $250,000. The reward for attacks requiring physical proximity to devices can now also go up to $1 million, up from $250,000, while the maximum reward for attacks requiring physical access to locked devices has been doubled to $500,000. Finally, researchers "who demonstrate chaining WebContent code execution with a sandbox escape can receive up to $300,000." Read more of this story at Slashdot.

  • NSO To Be Acquired By US Investors, Ending Israeli Control of Pegasus Maker
    by msmash on 10/10/2025 at 5:25 pm

    An anonymous reader shares a report: Control of NSO Group is set to leave Israeli hands. A group of American investors led by Hollywood producer Robert Simonds has agreed to acquire the controversial spyware developer in a deal valued at several tens of millions of dollars. The transaction is expected to be signed in the coming days, though its completion will require approval from Israel's Defense Export Control Agency (DECA) at the Ministry of Defense. Since March 2023, NSO's shares have been held by a Luxembourg-based holding company wholly owned by founder Omri Lavie. The company's lender syndicate, which had extended roughly $500 million in loans to finance a share buyback from the private equity fund Francisco Partners, transferred ownership to Lavie following the restructuring. Read more of this story at Slashdot.

  • Poland Says Cyberattacks on Critical Infrastructure Rising, Blames Russia
    by msmash on 10/10/2025 at 4:41 pm

    An anonymous reader shares a report: Poland's critical infrastructure has been subject to a growing number of cyberattacks by Russia, whose military intelligence, has trebled its resources for such action against Poland this year, the country's digital affairs minister told Reuters. Of the 170,000 cyber incidents that have been identified in the first three quarters of this year, a significant portion has been attributed to Russian actors, while other cases are financially motivated, involving theft or other forms of cybercrime, Krzysztof Gawkowski said. He said Poland is a subject to between 2,000 and 4,000 incidents a day and that 700 to 1,000 are "taken up by us, meaning they posed a real threat or had the potential to cause serious problems," he said. Foreign adversaries are now expanding their focus beyond water and sewage systems to the energy sector, he said. Read more of this story at Slashdot.

  • AI Push Drives Record Job Cuts at Top India Private Employer TCS
    by msmash on 10/10/2025 at 4:01 pm

    Tata Consultancy Services made its steepest-ever job cuts as strained ties with the US and a rapid shift toward AI reshape the country's $280 billion IT services sector. From a report: India's biggest private-sector employer cut 19,755 employees in the quarter ended Sept. 30, according to the company's quarterly earnings presentation. That number includes staff fired by the company and people who left voluntarily. The number of employees at Asia's biggest IT outsourcer fell 3.2% from the previous quarter, dipping below 600,000 for the first time since since the year ended March 2022. The company made a provision of 11.35 billion rupees ($128 million) in the quarter for severance related costs. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress