Security researchers have discovered a major security bug in the Unix shell known as Bash (Bourne-again shell), one of the most commonly used utilities in Linux and one that could potentially affect a great number of Unix and Linux web servers. By exploiting the newly discovered vulnerability, an attacker can take complete control of the system and/or execute shell commands that could make a server vulnerable to even more threats.
Perhaps it should be called the world wild web to more accurately reflect a landscape fraught with danger, at least if you're taking an alarmist point of view. Sometimes it's hard not to. To wit, security outfit ESET said its research team, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing and other leading agencies, uncovered a massive cybercriminal campaign in which a backdoor Trojan was able to hijack more than 25,000 UNIX servers around the world.
Thank you Dennis Ritchie, for without you, our digital lives may have turned out far less awesome than what they are now. Ritchie, for anyone who doesn't recognize the name, created the C programming language, which is still popular today and is the basis for many other programming languages, and co-developed Unix with Ken Thompson, variants of which are all over the place, including Android and iOS.
Whistleblower website Wikileaks.org ruffled more than a few feathers when it published classified U.S. documents and sensitive diplomatic cables sent between U.S. embassies, while also promising to publish thousands more. A series of Distributed Denial of Service (DDoS) attacks would follow, and by Friday, both Amazon.com and EveryDNS.net decided to drop Wikileaks.org from their servers.
"Wikileaks is under heavy attack," the organization announced on its website. "In order to make it impossible to ever fully remove Wikileaks from the Internet, we need your help. If you have a Unix-based server which is hosting a website on the Internet and you want to give Wikileaks some of your hosting resources, you can help!"
In other words, Wikileaks is relying on mirror sites -- exact replicas of the original site hosted at a remote location -- to stay afloat. All told, Wikileaks claims its entire repository "should not take more than a couple of GB at the moment (with base website and cablegate data)."
The said vulnerability, which can be used by an attacker to take control of the affected system, also affects Flash Player 10.1.85.3 (and earlier), but the hole in Flash has already been plugged with the release of version 10.1.102.64 earlier this month. Besides CVE-2010-3654, the updates also addressees a “potential issue” (CVE-2010-4091) in certain versions of Reader.
“Note that these updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011,” said Adobe in the advisory.
The free, multi-platform 4.4BSD-based Unix-like operating system known as OpenBSD has been updated to version 4.8 and is now available.
This latest version introduces a boat load of new features and fixes, including improved hardware support, file system mid-layer improvements, generic network stack improvements, changes to the install/upgrade process, a ton of bug fixes, and a whole bunch more.
You can view a partial (yet extensive) list of changes here, or check out the lengthy changelog here.
For the inevitable comedian who thinks he's being witty by posting a comment asking, "Yes, but can it run Crysis," the answer is, "Yes, it can, so go out and buy a dozen of them." That's wrong, of course, but IBM's latest Power7-based system does have what it takes to top the 10 million transactions per minute mark using the industry standard TPC performance benchmark, IBM says.
With a 10,366,245 tpmC score, IBM lays claim to the highest TPC-C benchmark result using a Power Systems configuration with its DB2 database software. According to IBM, that's more than twice as fast as HP's best result, and 35 percent better than what Oracle was able to achieve.
That's impressive, even if it isn't designed to run Crysis, or any other game for that matter. So who can use these systems?
"Smarter healthcare providers, cities, retailers, smarter energy grids, and financial systems, all require support for ever greater data volumes and transaction throughput," said Arvind Krishna, General Manager, IBM Information Management. "The results of this benchmark demonstrate how IBM innovations combine to deliver unprecedented performance and cost efficiency for data intensive applications. Not only can you scale to massive data volumes and transaction throughput, but you can do so economically in an energy efficient way."
The record breaking benchmark score was achieved using DB2 9.7 with a cluster of three IBM Power 780 servers, each one sporting 8 processors, 64 cores, and 256 threads.
Don't fret if you missed out on one of the many celebrations around the globe toasting 1234567890 Day, we hear the Unix crowd can get a bit rowdy anyway. Now there's another reason to shed that pocket protector and let loose with your friends - Square Root Day!
You only have nine chances every century to celebrate Square Root Day, with this one falling on 3/3/09 (do the math).
"These days are like calendar comets, you wait and wait and wait for them, then they brighten up your day -- and poof -- they're gone," said Ron Gordonn, a Redwood City teacher.
While we can't understand why there wouldn't already be excitement over the holiday, Gordon started a contest to get people buzzing about the event. The winner, determined by who has the biggest Square Root Day event, will receive (wait for it...) $339.
Miss your chance to celebrate and you'll have to wait until April 4, 2016 for the next Square Root Day.
Stop a stranger in the street and ask them what today is and they'll most likely answer 'Friday the 13th.' But if someone tells you it's 1234567890 Day, you can bet they're a Unix geek. That's because at precisely 3:31:30 PM PST today, Unix clocks will read 1234567890.
Believe it or not, celebrations are being planned all around the world to mark the milestone. Those who live in San Francisco can raise a glass at The 21st Amendment on 563 Second Street, but parties are also being planned in places like Austria, Hungary, Dubai UAE, Armenia, and many other locales.
Draw the line in the sand! It's the showdown the tech world has feared: Microsoft's upstart Windows 7 versus Linux. We've seen plenty of volleys back and forth from both camps over the past few days, thanks to the beta launch of the Windows 7 operating system. The new OS has a lot going for it--features that directly target the growing Linux base in the mobile PC market coupled with design elements that, honestly, look a lot like what we've seen in Linux desktop environments for some time now. But will that be enough to topple the best the open-source world has to offer? We dig deep into the arguments from both camps to find out whether Windows 7 is The Terminator... or John Conner.