SoylentNews is people
SoylentNews
Microsoft's Jet crash: Zero-day flaw drops after deadline passes:
The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days to fix it. The Windows giant did not address the security blunder in time, so now everyone knows about the flaw, and no official patch is available.
The bug, reported to Microsoft on May 8 with a 120-day deadline before full disclosure, was described on Thursday by ZDI, here. It was discovered by Lucas Leong of Trend Micro Security Research.
The bad news: it's a remote-code execution vulnerability, specifically, an out-of-bounds memory write. The good news is that an attacker can only trigger the bug by tricking the victim into opening a specially crafted Jet file, and any arbitrary malicious code smuggled in the document is executed only with the user's privileges (we've all made sure that users don't have admin privilege, right?) The booby-trapped Jet file can also be opened using JavaScript, so someone could be fooled into viewing a webpage that uses JS to open the file, causing the code to run if it's picked up by the database.
The other good news is that the Jet database engine is not terribly well deployed: it's mostly associated with Microsoft Access and Visual Basic. However, if you are using it, you probably will want to stop users from opening any maliciously rigged files.
(Score: 1, Insightful) by Anonymous Coward on Saturday September 22 2018, @02:58AM (4 children)
These concerns were actually expressed by Richard Stallman and were the subject of GPLv3. Stallman was worried about Tivo like devices (now smartphones), that take away users freedom by denying the user the ability to install their own operating system or have any control over the software the device runs. Torvalds was very resoundingly opposed to GPLv3 especially since Linux is funded by Google et al.
(Score: 0) by Anonymous Coward on Saturday September 22 2018, @03:24AM (1 child)
Richard Stallman began the GNU Project with the explicitly stated goal of lowering programmer salaries to the level of sales clerks. He very nearly is succeeding. On average he has succeeded already when the vast numbers of unpaid free software programmers are counted. There are yet some few millennial hipster douchebags who earn pay in the six figure range and are deluded enough to believe they deserve to get paid for coding work. This state of affairs is not economically sustainable and professional coder pay will be corrected to zero by the invisible hand of capitalism. On the subject of Mr Torvalds all I can say is I hope he enjoys his new career of selling coffee.
(Score: 0) by Anonymous Coward on Saturday September 22 2018, @06:09AM
Interesting. Can I subscribe to your newsletter?
Will he enjoy selling coffee? With $150m in the bank, he just may.
(Score: 2) by MichaelDavidCrawford on Saturday September 22 2018, @09:18AM (1 child)
-loaders.
Usually it's just a simple command in adb.
That's how one does Android Platform Development - you just unlock your phone, roll a firmware image then upload it to your phone.
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Saturday September 22 2018, @04:39PM
IoT is more than just smartphones. Go to the electronics section of any big box store, Walmart, Target, Best Buy, pick one, and almost every product for sale is running Linux. Launch the web browser on a TV and check the user agent string and you'll see Linux mentioned. Buy a Wi-Fi router and look in the packaging for a full printed copy of the GPL.
You don't have the freedoms granted to you by the GPL when you buy products containing Linux. Companies have the freedom to take Linux and sell it to you in a locked down black box which you are not allowed to modify.
The free software movement in theory gives you the freedom to modify your software. In practice the only thing free software accomplishes is enriching billionaires who made their billions by taking free software for free and denying you your freedoms.
By gifting labor to capitalists for free, free software is making the future much worse, not better.