Xen exploitation part 3: XSA-182, Qubes escape

This is the last part of our blogpost series about Xen security . This time we write about a vulnerability we found (XSA-182) (CVE-2016-6258) and his exploitation on Qubes OS project.

We first explain the methodology used to find the vulnerability and then the exploitation specificity on Qubes OS.
We would like to emphasize that the vulnerability is not in the code of Qubes OS. But since Qubes OS relies on Xen hypervisor, it is affected by this vulnerability. More information is provided by Qubes’ security bulletin #24 .

tl;dr
This screenshot shows a fresh install of Qubes OS. The terminal is running inside an untrusted VM to which an attacker gained access. The exploitation of the vulnerability gave him full control over dom0. Thanks to a little shell script, he can execute any command in dom0 (as shown by the gray borders and the title [Dom0] Calculator of xcalc), and thus gain


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/5sgOzAW44Bg/xen-exploitation-part-3-xsa-182-qubes-escape.html

Original article

JQuery++

I am a MIT licensed collection of extremely useful DOM helpers and special events for jQuery 1.8 and
later. I’m not a UI project like jQuery UI or
jQuery Tools. Instead, I’m all about providing
low-level utilities for things that jQuery doesn’t support. If Underscore
is jQuery’s functional-programming tie, I am jQuery’s bald-spot covering toupee.

Select the plugins you want and click “Download” for a customized, unminified JavaScript file:

Learn more about how I can be useful to you. If you think I should
have other utilities, let me know on the forum. If you like me, check out my sister library CanJS. Finally, my apologies
about talking about myself in the third person from this point forward.

Get jQuery++

There are several ways to get and setup jQuery++:

using the download builder
using individual files
using Steal
using AMD
Using the download builder

Simply select the files you want and click “Download”. This will create and download a jquerypp.custom.js
with all the files


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/NTt2XWvdMp0/

Original article

Firefox Will Try To Show You Saved Archive Of a Page Instead Of 404 Error

Firefox has announced a new add-on dubbed No More 404s in its Test Pilot platform which aims to change the way we see 404 links on the web. The add-on, Firefox says, replaces the Error 404 from missing webpages, and replaces them with saved archives from the Wayback Machine. From a report on Gadgets 360: Normally, when presented with a missing link, the browser shows the 404 error. However, Mozilla’s No More 404s add-on will give Firefox users the choice to see old Internet snapshots saved in the Internet Archive’s Wayback Machine. This is especially handy for users trying to do research or just digging up some old graves out of curiosity. For now, this add-on is only available in Firefox’s experimental Test Pilot platform, with no details on availability for regular Firefox users. Interested users can install the test version here. Apart from this, the Test Pilot platform also


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/C2jpj1UNdQk/firefox-will-try-to-show-you-saved-archive-of-a-page-instead-of-404-error

Original article

Mozilla Awards $585k to Nine Open Source Projects

“People use Tails to chat off-the-record, browse the web anonymously, and share sensitive documents. Many human rights defenders depend on Tails to do their daily work, if not simply to stay alive.” – Tails developer team
“We think that the Web will only be truly open when we own the means of locating information in the billions of documents at our disposal. Creating PeARS is a way to put the ownership of the Web back into people’s hands.” – Aurelie Herbelot, PeARS
“Item 4 of Mozilla’s Manifesto states, ‘Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.’ This is the primary philosophy behind Caddy, the first and only web server to use HTTPS by default.” –Matt Holt, Caddy
Last quarter’s Mozilla Open Source Support (MOSS)-awarded projects are diverse, but they have one thing in common: they believe in innovation for public benefit. Projects like Tails, PeARS


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/FH9jB0C5ZC8/

Original article

Windows 10’s 1607 becomes the enterprise deployment default

The just-released Windows 10 Anniversary Update will be the version Microsoft’s biggest customers use to migrate their PCs.
Due to timing on the part of both Microsoft and enterprises, Windows 10’s support cycles — and old habits — this week’s upgrade, tagged as 1607 to mark year and month, will shoulder the responsibility as the version destined for deployment.
“[Anniversary Update] is the right version for enterprises [because] it’s like the first service pack,” said Steve Kleynhans, an analyst at Gartner.
Microsoft may have abandoned the term “service pack” — a label for the intermittent updates composed of previously-released bug fixes — but the moniker remains alive among IT professionals. Service packs marked milestones in each Windows edition’s lifetime, and the first was considered the most important because it represented a more stable build from which the biggest bugs had been expunged. Many swore to await Service Pack 1, or SP1, in a


Original URL: http://www.computerworld.com/article/3104013/windows-pcs/windows-10s-1607-becomes-the-enterprise-deployment-default.html#tk.rss_all

Original article

1700 blogs for hackers

README.md

A collection of developer related blogs and publications.

Make something cool!

Where did these come from?

Can you give me moar??!3

These sites are yet to be parsed and put into the list:

License

Licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/EzE0LMJk7fo/devblogs

Original article

Windows 10 IoT Core for the Raspberry Pi Is Now Easier to Set Up, Adds Remote Client Access and More

Windows 10 on the Raspberry Pi is a great way to create your own internet connected devices
, and today Microsoft pushed out an update that makes the set up process a bit easier.Read more…


Original URL: http://feeds.gawker.com/~r/lifehacker/full/~3/MYnfPb2FYRI/windows-10-iot-core-for-the-raspberry-pi-is-now-easier-1784889252

Original article

Ask HN: Developers – How did you learn to say NO?

Ask HN: Developers – How did you learn to say NO?
29 points by ninja_to_be 2 hours ago | hide | past | web | 29 comments | favorite Your boss comes to you with some highly improbably task and you say YES.Your Project Manager comes to you asking if something could be done and you say YES. And then you have a unbelievable deadline looming over you for the next few days.Your peers ask you for some help on a task that they had been struggling with – for days. You say YES and then you end up having to feel the burn for their complete workload.Your subordinates ask you for help every five minutes and you always say YES and end up helping them and sometimes end up doing all the task yourself – veiled under ‘mentoring’.How do you say NO? How did you learn to say NO?


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/41oNraztQa4/item

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: