“The Singularity project (an OS written in managed code used for research purposes) has provided several very useful research results and opened new avenues for exploration in operating system design. Recently, MSR released a paper covering an operating system research project that takes a new approach to building an OS stack with verifiable and type safe managed code. This project employs a novel use of Typed Assembly Language, which is what you think it is: Assembly with types (implemented as annotations and verified statically using the verification technology Boogie and the theorem prover Z3 (Boogie generates verification conditions that are then statically proven by Z3. Boogie is also a language used to build program verifiers for other languages)). As with Singularity, the C# Bartok compiler is used, but this time it generates TAL. The entire OS stack is verifiably type safe (the Nucleus is essentially the Verve HAL) and all objects are garbage collected. It does not employ the SIP model of process isolation (like Singularity). In this case, again, the entire operating system is type safe and statically proven as such using world-class theorem provers.” Channel9 has an interview on video with one of the developers behind this MSR project. Source code to Verve is available.
Dutch Police Arrest MasterCard Attacker
An arrest has been made in the case of the DDoS attacks against MasterCard, Visa, PayPal, and others. The Dutch police has arrested a Dutch guy [Dutch] who has already confessed to taking part in the attacks. Most likely, he is not in any way the brains behind the operation, and I’m going out on a limb here stating that these attacks will continue nonetheless. Also, I’m not the guy. Also also, I’m wondering if there’s police anywhere looking for the people who are continuously DDoS’ing WikiLeaks.
Apple Quietly Drops iOS Jailbreak Detection API
bednarz writes “Without explanation, Apple has disabled a jailbreak detection API in iOS, less than six months after introducing it. Device management vendors say the reasons for the decision are a mystery, but insist they can use alternatives to discover if an iPhone, iPod touch, or iPad has been modified so it can load and alter applications outside of Apple’s iTunes-based App Store.”
Read more of this story at Slashdot.
Apple, Google Diss the DoD Over Mobile Security
Julie188 writes “The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs.”
Read more of this story at Slashdot.
Has Progress Been Made In Fighting DDoS Attacks?
alphadogg writes “As the distributed denial-of-service attacks spawned by this week’s WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American Network Operators Group (NANOG) e-mail reflector are debating whether any headway has been made heading off DDoS attacks in 10 years. The discussion is occurring while WikiLeaks deals with DDoS attacks after leaking sensitive government information, and sympathizers launch attacks against MasterCard, Visa, PayPal and other significant e-commerce sites.”
Read more of this story at Slashdot.
New Windows Kernel Vulnerability Bypasses UAC
xsee writes “A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”
Read more of this story at Slashdot.
China’s Politburo Behind Google Cyber-Attack?
theodp writes “While Wikileaks itself is under a DoS attack, details about the US State Department cables obtained by WikiLeaks are starting to come out via the mainstream media. Among the most newsworthy, reports Techcrunch’s Erick Schonfeld, is one set which deals with the massive computer attack on Google and other companies which was first revealed last January. According to the NY Times, some of the new leaked cables point directly at China’s Politburo for instigating the original attacks, which should shed some more light on why the White House and State Department backed Google so vociferously at the time. Developing, as Drudge likes to say.”
Read more of this story at Slashdot.
WikiLeaks Under Denial of Service Attack
wiredmikey writes “WikiLeaks has reported that its Web site is currently under a mass distributed denial of service attack. The attack comes around the time of an expected release of classified State Department documents, which the Obama administration says will put ‘countless’ lives at risk, threaten global counterterrorism operations and jeopardize US relations with its allies.”
Read more of this story at Slashdot.
Security Expert Warns of Android Browser Flaw
justice4all writes “Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before posting information about the flaw on his blog. ‘While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card,’ Cannon wrote. ‘It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.’” Sophos’s Chester Wisniewski adds commentary on how this situation is one of the downsides to Android’s increasing fragmentation in the mobile marketplace.
Read more of this story at Slashdot.
USB3 Arrives for Mac OS X Thanks to LaCie
Steve Jobs recently told a Mac user, enquiring about the probability of USB3 on Macs in the near feature, that the technology is not ready because Intel has yet to adopt the platform. A recent rumour slated Intel to integrate USB3 it into its chipsets by no earlier than 2012.
LaCie electronics, however, is not prepared to wait around until 2012, and has just released an USB3.0 driver for Mac OS X. Just one catch: it only works with LaCie’s hardware.