Highly recommended for anybody who might be even remotely interested in LinuxBIOS:
The talk is about LinuxBIOS, its history, how it works, what the main challenges are, where it's used today and what the future will likely hold. Watch it, you won't regret it.
Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)
Not too surprising when you come to think of it, there are tons of possibilities to embed various kinds of malware in the new office document formats. Also, you always have the risk of leaving sensitive metadata in there... If you publish stuff, you better convert to PDF before. But even that might leave sensitive data in the PDF, mind you!
Oh, and one nice detail you might enjoy:
And that doesn't even describe all of the format (e.g. VBA macros are missing)! No further comment required...
You should really upgrade ASAP, as this problem can (theoretically) occur when GnuPG decrypts/checks encrypted email messages/signatures (for example).
If you're running Debian unstable:
apt-get install gnupg
Here's a nice list of Famous Unsolved Codes and Ciphers.
Makes an interesting read for a rainy day... Or if you want to give one of the codes a try and solve it, go ahead, and let us know the results :-)
The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this
The only possible solution (as NVIDIA still hasn't fixed the issue, although they know about it since 2004):
Disable the binary blob driver and use the open-source "nv" driver that is included by default with X.
Yes, you won't have 3D acceleration any more if you do that. Yes, that sucks. Complain to NVIDIA that they don't provide documentation so that free drivers can be written.
Luckily I stopped using the NVIDIA binary-blob quite a while ago, and I don't intend to ever use it again. This exploit clearly shows me that that's a good decision. For now, I'll have to live with the fact that I must use software-rendering for 3D (which is slow). When I buy my next computer it won't have an NVIDIA card, that's for sure.
But maybe there's hope. Maybe, just maybe, NVIDIA releases proper documentation one day (but don't hold your breath).
Alternatively, I just learned about the nouveau project: a project which aims at producing Open Source 3D drivers for nVidia cards. I don't know what the current status is and whether it's usable already, but this is definately a project which is worth trying out and worth supporting!