FlishFun.com

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”

read more | digg story

Speaking yesterday at the Black Hat Security Conference in Las Vegas, Microsoft has now introduced a new group of security related programs that share advanced information with partners about upcoming security threats.

As many in the tech industry know, within hours, and sometimes minutes of monthly security patches being released, exploits are already booming for the security holes fixed by these updates. The Microsoft Active Protections Program (MAPP) will allow security software providers to provide protection to their customers quickly and effectively.

“The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk,” said Andrew Cushman, director of security response and outreach at Microsoft. “In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry. The Microsoft Active Protections Program gives security software providers the information and resources they need to help better protect customers.”

read more | digg story

Sad breaking news… snagged this from Neowin.net:

SpaceX Launch of Falcon 1 Suffers an Anomaly During Launch

At 11:36 pm EDT August 2, 2008 the Falcon 1 lost contact with the base in Hawthorn, California.

After aborting the launch at .5 seconds, the counter was reset to 11 minutes and launch countdown was reinitiated. At one minute cheers from the staff began and finally the Falcon 1 blasted off.

Unfortunately after T+140s when the vehicle switched to inertial guidance mode at an altitude of 35 km, all contact was lost. Staff at SpaceX stated that an anomaly occurred and immediately cut feed to the webcast.

The Falcon 1 was carrying the Trailblazer, two CubeSats for the Air Force and MDA and unfortunately also carried the remains of astronaut Gordon Cooper and the actor James Doohan from Star Trek.

More updates to come as information is available.

That really stinks.  From Space.com:

0355 GMT (11:55 p.m. EDT)

No further information is available from SpaceX at this time.

To recap, the third flight of the SpaceX Falcon 1 rocket began at 11:34 p.m. EDT (0334 GMT) today from Omelek Island in the Kwajalein Atoll of the Central Pacific Ocean.

An initial countdown experienced a shutdown of the main engine moments before liftoff due to a propulsion system perimeter being slightly out of limits, SpaceX said. But the launch team was able to resolve the issue quickly. Another countdown was started and the rocket lifted off just 34 minutes later.

Climbing skyward on the power of its kerosene-fueled Merlin 1C engine, the rocket was headed for orbit to deploy the U.S. military’s Trailblazer satellite as part of the Operationally Responsive Space effort and NASA’s PharmaSat Risk Evaluation spacecraft and the NanoSail-D solar sail payload.

A video camera mounted on the rocket appeared to show some oscillations during the ascent. Whether that was normal or a sign of trouble is not yet clear.

About two minutes, 20 seconds into the ascent, the video broadcast provided by SpaceX was abruptly terminated. A company spokesperson then said there had been “an anomaly” with the launch vehicle.

“We are hearing from the launch control center that there has been an anomaly on the vehicle,” said Max Vozoff, a mission manager at SpaceX. “We don’t have any information about what that anomaly is at this time. We will, of course, be doing an assessment of the situation and providing information as soon as it becomes available.”

Some more sources…. SpaceX.com Launce Updates | Kwajalein Atoll and Rockets

To quote the brother of the CEO:

We have two more Falcon 1′s right behind this one, no matter what happened.

Let’s hope all goes well next time around…. this is gonna turn out to be a very expensive anomaly, methinks.

Update… here’s a picture right before the feed was cut and the anomaly was detected:

Sad, sad stuff.

Jess and I got semi-interviewed today on a Podcast, and you can check it out/listen below:

Jason & Jessica on the “Featuring Who?” Podcast

Some of the things that we discussed:

1. How Jess and I found Neowin (a forum we belong to) and how we became staff.
2. Our computer setups.
3. Discussion about Virtual Machines (Sun xVM VirtualBox 1.6.4, specifically).
4. Microsoft’s Mohave Experiment backfiring
5. Travelers’ Laptops May be Detained At the Border

It’s a fun little listen… I feel like a huge nerd, but what else is new?  Enjoy!