I hack, therefore I am.

Hackers Make the First-Ever Ransomware for Smart Thermostats | Motherboard

Because wiring everything up to a global network 24/7 always sounds like a smashing idea.

White hat hackers have made the first proof of concept for malware that locks a smart thermostat and demands a ransom.

Source: Hackers Make the First-Ever Ransomware for Smart Thermostats | Motherboard

Bus1: a new Linux interprocess communication proposal [LWN.net]

Oh dear ${DEITY}||${ARCHETYPE}, not again…

Anyone who has been paying attention to Linux kernel development inrecent years would be aware that IPC — interprocess communication — is nota solved problem. There are certainly many partial solutions, from pipesand signals, through sockets and shared memory, to more special-purposesolutions like Cross MemoryAttach and Android’s binder. But it seems thereare still some use cases that aren’t fully addressed by current solutions,leading to new solutions being occasionally proposed to try to meet those needs.The latest proposal is called “bus1”.

Source: Bus1: a new Linux interprocess communication proposal [LWN.net]

zero size objects

Playing with zero size objects is not always the same, or what you expect.

What’s the difference between the following length and pointer pairs?

size_t len1 = 0;

char *ptr1 = NULL;size_t len2 = 0;

char *ptr2 = malloc(0);size_t len3 = 0;
char *ptr3 = (char *)malloc(4096) + 4096;

size_t len4 = 0;
char ptr4[0];

size_t len5 = 0;
char ptr5[];

In many circumstances, all five result in identical behavior. Other times, the behavior can vary wildly. One obvious difference is whether the pointer can be passed to free, though I’m going to ignore that difference for the rest of this post.

The first case is interesting, but sufficiently different to postpone discussion for later.

Source: zero size objects

Fixing an Internet Security Threat « isssource.com

Completely to spec. But not good. This article also discusses mitigation.

A weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 enables attackers to hijack users’ Internet communications

Source: Fixing an Internet Security Threat « isssource.com

Flip Feng Shui – VUSec

Pretty scary stuff. Or a rainy sunday afternoon of fun. Perspective 🙂

Flip Feng Shui Flip Feng Shui (FFS) is a new exploitation vector that allows an attacker virtual machine (VM) to flip a bit in a memory page of a victim VM that runs on the same host as the attacker VM. FFS relies on a hardware vulnerability for flipping a bit and a physical memory massaging … Continue reading Flip Feng Shui →

Source: Flip Feng Shui – VUSec

Frist post!

mzap6pnn2b