Cutting-edge hack gives super user status by exploiting DRAM weakness

In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.

The technique, outlined in a blog post published Monday by Google's Project Zero security initiative, works by reversing individual bits of data stored in DDR3 chip modules known as DIMMs. Last year, scientists proved that such "bit flipping" could be accomplished by repeatedly accessing small regions of memory, a feat that—like a magician who transforms a horse into a rabbit—allowed them to change the value of contents stored in computer memory. The research unveiled Monday showed how to fold such bit flipping into an actual attack.

"The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software," David Kanter, senior editor of the Microprocessor Report, told Ars. "This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack."

Read 10 remaining paragraphs | Comments

Apple Releases Security Updates for OS X, iOS, and Apple TV

Original release date: March 09, 2015

Apple has released security updates for OS X, iOS, and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system.

Updates available include:

  • Xcode 6.2 for OS X Mavericks v10.9.4 or later
  • Security Update 2015-002 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Apple TV 7.1 for Apple TV 3rd generation and later
  • iOS 8.2 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates HT204427, HT204413, HT204426, and HT204423, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


MessenPass – Recover MSN, Yahoo Messenger, ICQ, Trillian Passwords

MessenPass is a password recovery tool that reveals the passwords of the many popular Instant Messaging applications. MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use [...] The post...

Read the full post at darknet.org.uk