HOME
VLC Player Vulnerable to Remote Hijack
March 20th, 2008VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
VLC is a popular media player among BitTorrent users. Not just for the fact that it is free, also because it includes a huge number of the video codecs, so it can play virtually every video file available. Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.
The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.
Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”
“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.
For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.
Source - Torrentfreak
We’re back! Hide your valuables!
February 20th, 2008Ok, again we’ve taken an unannounced season break and we’re back. With this new season we’ll be coming hard to bring everyone - everything we know.
We will be releasing more details on what we’re bringing to the table - this time we hope you’ll be able to see us via a video podcast and just not audio. We’ll be bringing along a number of guest hosts and a few other surprises.
So from all of our house boys and Chongopants we want to just say see ya next week!
PC superstore unhinged by Linux
September 13th, 2007For all you car aficionados out there, how’s this for an operating system analogy from PC World? Installing Linux onto a laptop sold by the computer retail behemoth is like putting a Ford engine into a BMW, apparently.
Earlier this week a mysterious PC World customer, known only by the name of Tikka, posted a story to Slashdot about the store’s refusal to repair a hardware fault on a five-month-old Acer laptop.
The store’s IT support "Tech Guys" told Tikka that, because Linux had been installed, the machine’s warranty had been voided.
But, here’s the rub: the fault in question hinged on a dodgy, er, hinge on the laptop’s display. In other words, a pure hardware failure that was completely unrelated to the choice of operating system installed.
Despite that, PC World – which claims in its marketing blurb to be "with you every step of the way" – refused to fix the problem and sent Tikka away with the broken laptop.
El Reg put a call in to the DSGi-owned retail giant to get some clarification on PC World’s Linux support policy.
A spokesman told us that there had simply been a misunderstanding at the store and that, in fact, the normal procedure would be for the Tech Guys to provide a fix.
But if you type Linux into the firm’s website the nearest matches offer a baffling choice between a Maxtor external hard drive and a copy of Microsoft Office 2007.
Indeed, Linux, which is arguably the preserve of back-room geeks everywhere, is an alien concept to PC World which, according to the spokesman, had more than 60 million customers through its door in the past year.
PC World admitted it had made a mistake and told us it will provide a full repair once the firm has made contact with Tikka.
The spokesman said it had been an isolated incident and added "we’ll support what we’ve sold you".
US outfit whips out mp3 vibrator
September 13th, 2007Our female readers looking for an earth-moving experience are directed forthwith not to the San Andreas fault, but rather to the profoundly silly My Little Secret Talking Head mp3 vibrator - a "breakthrough in adult toys" that allows you to "download and listen to erotic audio fantasies or record your own for the ultimate in personalized pleasure".
Good heavens above. The Talking Head boasts: full-function silicone vibrator with interchangeable shafts; 64 megabytes of Ram with built-in USB port; built-in microphone for voice and sound recording; two pre-recorded audio fantasies; PC and Mac compatibility*; and headphones and USB cable.
Naturally, you’re wondering just what "pre-recorded audio fantasies" involve. Look no further than the erotic audio playlist where Bergen the German Mountain Man deploys his doubtless well-filled lederhosen to scale hitherto unexplored climactic peaks.
Quite what Bergen is saying we know not ("Guten morgen fraulein, would you like to chew this fine fat bratwurst?" or thereabouts, we reckon), but he did provoke a certain amount of weakness at the knees among the Reg hackettes.
Well, we think it was Bergen’s rugged tones that caused our sub Tracey to go and have a quick lie down in a darkened room, although it may have been the Talking Head’s price tag - a cool $99.95 plus shipping.
Canonical and VMware team on mini-Ubuntu
September 13th, 2007Canonical has busted out yet another version of Ubuntu – this time taking aim at the much hyped and loved virtualization market.
In the coming weeks, ISVs and OEMs will gain access to Ubuntu JeOS – pronounced Juice. The acronym stands for Just Enough Operating System, since the Ubuntu folks have ripped out a variety of general purpose software packages that don’t really play into the virtualization game. As a result, you end up with a server OS that’s 215MB in size – plus 65MB from VMware, as compared to a standard version of Ubuntu at 320 to 686ish MB in size, depending on what packages you select.
To get the lower size, Canonical pulled out things such as MySQL, Cups, postfix, slapd, evms and mutt.
Gerry Carr, marketing manager at Canonical, sees Ubuntu JeOS as an ideal guest OS option for ISVs. They can pair their software with the OS and end up with a fast running virtual appliance of sorts.
And, in addition to better software performance, customers should enjoy the ability to run more virtual servers per physical machine due to the lightweight Ubuntu JeOS.
"Ubuntu Server is the most downloaded software on the VMware Technology Network over the last 12 months," Carr said. "It is the OS people have been using to build virtual appliances.
"So, VMware didn’t pick us as a partner here because we’re nice guys."
Business Objects has apparently produced a virtual appliance for the new OS in conjunction with VMware and the Ubuntu folks.
Canonical is still in the midst of deciding whether not to make JeOS wildly available, since it’s mostly meant as an ISV thang.
The company has worked hard to tweak its popular Linux operating system for virtualization. It, for example, has kernel level tweaks – paravirt-ops – that boost the performance virtualization software running in conjunction with Ubuntu.
Now, Canonical is also promoting its Full and Self-Service partner programs for Ubuntu Server and JeOS. In the Full Service plan, Canonical will package an ISV application with Ubuntu Server, help with testing and keep both the app and Ubuntu up-to-date as new releases come out. The Self-Service plan is very similar with Canonical providing compatibility test suites for ISV applications and helping fix any issues with the software to make sure it runs on Ubuntu.
Apparently these new Packaging Services for Ubuntu are readily available, although we can’t seem to find word about them on the Canonical or Ubuntu websites. A phone call or email should, however, do the trick.
Ubuntu continues to steam along, gaining a very loyal and active customer base.
Your reporter has ordered a Dell laptop with Ubuntu to see what all the fuss is about. Sadly, the Direct Model is moving about as fast as Fat Albert after a feeding. I ordered the system almost three weeks ago, and it has yet to be built. Are Windows customers treated this way?
eBay glitch sends packages to wrong addresses
September 13th, 2007eBay has acknowledged a bug on its site that’s causing some sellers to send items to the wrong address. The flaw, which in certain cases causes eBay to transmit incorrect mailing instructions to sellers, is expected to be fixed soon, an eBay official said today.
"This recent issue is limited to a very small number of eBay purchases and is presenting sellers with the wrong shipping information," the official wrote on the PayPalblog. "We understand and recognize that for these buyers and sellers, this is a very serious issue and are working to correct the problem."
One of those users is Joe Kane,from England, who said every time he tries to make a purchase using eBay’s vaunted Buy-it-Now feature, the system automatically transmits an address he used just the once more than three years ago.
"For some reason there’s no way of me getting rid of it," said Kane, who lives in Essex. He said the bug has caused him considerable headaches, not only because it has prevented him from receiving goods he’s paid for, but also because eBay and PayPal support people seemed to be unaware of the problem.
"The PayPal people say ‘this isn’t our problem.’ They directed me to an online chat forum" for eBay support, he said. "eBay would respond by saying it’s PayPal."
Other users have also complained in forums here, here and here.
"What an almighty mess, but this might also serve as a warning for us all to check and re check and even confirm personally with buyers that addresses are correct," wrote one eBay user, who said the glitch weighed particularly heavily on a buyer the user had recently transacted with. "She’s checked all her other purchases and has realised about 200 pounds worth of purchases have gone to the wrong address since 2nd September."
Firefox-Google marriage on shaky ground?
September 13th, 2007Yes, Firefox reached a major milestone this week, surpassing 400 million downloads worldwide. But that’s just the good news. There’s another story swirling around the famously open source web browser - and it’s a little less sunny.
Last week, The New York York Times questioned whether the growing popularity of a Firefox extension called AdBlock Plus poses a threat to the ad-driven business models of entertainment, media, and search sites across the web. If enough people install the extension and other ad-killing browser gizmos, The Times asked, could they chip away at the bottom line of companies like CNN, Microsoft, and Google?
With roughly 2.5 million people using AdBlock Plus - and 300,000 to 400,000 more downloading the tool each month, according to its developer - this is certainly a valid question. But there’s a second question worth asking, a question looming over the future of Firefox itself.
According to internet rumor, Google provides almost all of the revenue for the Mozilla Corp. - the commercial wing of the Mozilla Foundation, makers of Firefox. You know how it works: Google ponies up the dough, and Mozilla ties Firefox to certain Google tools. Most notably, Firefox uses a customized version of Google.com as its default home page.
The question is: As more and more people install AdBlock Plus, which is officially recommended by Mozilla, will Google continue to fund the browser?
When we asked Google for an answer, the company stayed quiet, as it did when The Times came calling. And we’re still awaiting an email from Mozilla on the matter. But it isn’t hard to connect the dots.
According to a March 2006 rumor trumpeted by Weblogs founder Jason Calacanis, Mozilla pulled in $72m in 2005, and most of that came from Google. In a subsequent blog post, Mozilla board member Chris Blizzard wouldn’t verify the rumor, but he said these figures were "not off by an order of magnitude."
Meanwhile, AdBlock can be downloaded from the Mozilla website, where it’s listed as one of the most popular Firefox extensions. And yes, it does a wonderful job of blocking ads on Google’s AdSense network - not to mention banners served up by DoubleClick, the company Google’s trying so very hard to purchase.
No, that doesn’t mean Google is dead-set on pulling its Mozilla dollars. After all, it could simply crack down on the use of AdBlock, a free download developed by an independent German programmer named Wladimir Palant. As The Times discussed, there’s already a mini-movement among ad-laden websites to, well, block AdBlock.
Oklahoma-based web developer Danny Carlton has succeeded in rejecting any user who visits his sites with AdBlock Plus installed, and he insists that each and every site owner has the right to do the same. Palant and his cohorts, Carlton says, shouldn’t be allowed to block AdBlock blocking.
"It comes down to whether they’re going to be like adults and support the concept of freedom, allowing site owners to block AdBlock users, or they’re going to be like children screaming for more bread and circuses," Carlton told The Reg.
But if Google jumped on board with this sort of AdBlock crackdown, it would surely anger the masses, undermining the we’re-in-it-for-the-little-guy attitude the company tries so hard to foster. "Google could step into this very easily. They could shut AdBlock down entirely," Carlton said. "But then they look like the big-bad meanie."
In the end, it might be easier for Google to break off its relationship with Mozilla, leaving the foundation struggling for revenue. Sure, Google would lose the traffic driven by those less than 400 million users, but there’s nothing stopping the ridiculously-rich Mountain Viewers from building their own browser - or buying a Mozilla competitor that doesn’t block quite so many ads. Opera comes to mind.
Then again, if Google dumped Mozilla, it would still look like a big-bad meanie. No wonder the company won’t grant us an interview.
Music Piracy Documentary Released As Torrent
August 5th, 2007The producers of a new documentary film analyzing global music piracy have decided to ‘put their money where their mouth is’ by releasing the film as a free Xvid download (hosted by the Pirate Bay, as one would expect). The film explores the blurred line between ‘fair use’ and piracy, and includes interviews with DJ Danger Mouse (creator of the now infamous ‘grey album’), Lawrence Lessig (founder of Creative Commons), the lads from the Pirate Bay, and even some guy from the MPAA. Here is a link to the torrent.
Google Shows Off Ad-Supported Cell Phone
August 5th, 2007Today Google showed off a ad-supported cellphone that the company plans to offer for free to interested parties. The product could reach the marketplace within a year, and will offer Google search, email, and a web browser. ‘The move would echo another recent product launched by a phone industry outsider, Apple Inc.’s iPhone. But Google’s product would draw its revenue from a sharply different source, relying on commercial advertising dollars instead of the sticker price of at least US$499 for an iPhone and $60 per month for the AT&T Inc. service plan. Negotiating the fairest way to split those advertising revenues with service providers could be a big hurdle for Google, one analyst said. Another problem is the potential that consumers could be scared off by the prospect of listening to advertisements before being able to make phone calls, said Jeff Kagan, a wireless and telecommunications industry analyst in Atlanta.
First Armed Robots on Patrol in Iraq
August 5th, 2007Robots have been roaming Iraq, since shortly after the war began. Now, for the first time — the first time in any war zone — the ‘bots are carrying guns. The SWORDS robots, armed with M249 machine guns, "haven’t fired their weapons yet," an Army official says. "But that’ll be happening soon." The machines have actually been ready for a while, but safety concerns kept them off the battlefield. Now, the robots have kill switches, so "now we can kill the unit if it goes crazy," according to the Army. I feel safer already.
