/Reed( Kraft-)?Murphy(\.net)?/

64-bit operating system privilege escalation vulnerability on Intel CPU hardware

Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.

Linode posted a brief blog about their response to the vulnerability and the steps they took to minimize any issues for their customers - props to them.

Amazon announces “Micro” instances for MySQL RDS

Amazon RDS MySQL Now Starting at Just $19 a Month

I’m always happy to be able to talk about AWS options that lower costs and add flexibility for our customers.

To that end, I am pleased to announce the availability of Micro instances for Amazon RDS for the MySQL database engine. The t1.micro RDS instance is a low cost instance type designed for low traffic web applications, test applications and small projects.

Olympics struggle with 'policing femininity' — some female athletes required to undergo 'treatment' to make them 'less masculine'

PRETORIA, SOUTH AFRICA— There are female athletes who will be competing at the Olympic Games this summer after undergoing treatment to make them less masculine.

Still others are being secretly investigated for displaying overly manly characteristics, as sport’s highest medical officials attempt to quantify — and regulate — the hormonal difference between male and female athletes.

This is utterly ridiculous.

I’m a few days late on this one, but Dungeons of Dredmor: You Have To Name The Expansion Pack has been released.

What’s new? Here’s what:

• Rebalancing of many original skills (now you can smith more flesh into zombys with Fleshsmithing, find more loot with Perception, fire more cannons at the same time with Piracy, and much more)
• 29 new skills in 4 skill lines from the minds of mad Dredmor modders
• 100+ new rooms filled with Tesla coils, lots of breakable stuff, and fine dining furniture (which is also breakable).
• 20 new monster variations (including one new monster type)
• 30 new crafting recipes
• 47 new items from the Clockwork Grappling Bolt to the Rusty Caltrop Eruptor Trap

Security vulnerability in MySQL/MariaDB sql/password.c

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

…

Which means, if one knows a user name to connect (and “root” almost always exists), she can connect using any password by repeating connection attempts. ~300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent. Any client will do, there’s no need for a special libmysqlclient library.

Neal Stephenson’s CLANG - “Time for a revolution” in swordfighting games

“How will this be different than SoulCalibur?” you ask. …..

Low-latency, high-precision motion controller: Critical to a satisfying sword fight is fast, accurate response. This is especially important for CLANG given the depth and complexity of moves that are used in real sword arts. Initially, CLANG will make use of a commercial, third-party, off-the-shelf controller that anyone can buy today

Depth: Roundhouse swings and crude blocks just aren’t enough. Real sword fighting involves multiple attacks delivered from different stances, pommel strikes, grappling, feints, and parries.

Expandability: Implementing the longsword style will oblige us to construct a toolkit that can then be used–by us, or by others–to create other examples of what we’re calling MASEs (Martial Arts System Embodiments). If your thing is Japanese kenjutsu or Viking sword-and-board, then in principle CLANG should support it.

The League of Legends team today posted about a brief note about hackers gaining access to an unknown number of players’ information .

From their post:

• Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases ; as a security precaution, we’re emailing all players on these platforms
• The most critical data accessed included email address, encrypted account password, summoner name, date of birth, and – for a small number of players – first and last name and encrypted security question and answer

Somewhere in the middle — Magenta

Magenta is an implementation of Darwin/BSD on top of the Linux kernel. It is made up of a number of kernel and userland components that work together. It is fully binary compatible with iPhone OS 5.0 (as in, it uses the same binary format).

…

You may ask, why am I doing this? The answer is: no fucking idea :)

Flame lights its own self-destruct fuse (zdnet.com.au)

From here, infected machines received a new module from the remaining command and control servers — browse32.ocx — which has the purpose of covering Flame’s tracks. It not only has a hit-list of all Flame-related files and folders to delete, but it subsequently rewrites random characters on the disk to ensure that the old data can’t be retrieved.

Not 24 hours after LinkedIn confirmed the leak of 6.5 million hashed account passwords, last.fm have announced that they are investigating a leak of their own:

We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.