String of Critical Vulnerabilities

It seems like the vulnerability researchers have gotten over their winter slumber and are back in action. This week has seen a string of critical issues:

  1. Aurigma Image Uploader Control Remote Buffer Overflow Vulnerabilities. This impacts Facebook and MySpace users (Facebook Photo Uploader Control Remote Buffer Overflow Vulnerabilities)
  2. Nero Media Player M3U File Processing Buffer Overflow Vulnerability
  3. Apple iPhoto Photocast Handling Remote Format String Vulnerability
  4. Sun Java Runtime Environment Remote Code Execution Vulnerabilities
  5. Yahoo! Music Jukebox ActiveX Multiple Buffer Overflow Vulnerabilities

The interesting thing about this batch is that most of these are likely to be below the radar for most patching systems. Sun’s JRE might be checked, but if users install the others I doubt they’ll notice these alerts on their own.

Computers decode dog barks

It would seem we are only steps away from communicating with dogs in their own language through a voice decoder. The Discovery Channel reports on the latest success:

In one experiment, the software correctly classified the barks in 43 percent of cases. “Fight” and “stranger” barks were the easiest to recognize, while “play” barks were more difficult. When matched against a human’s ability to do the same, the computer’s success was about the same.

Pet behavioral analysis? I guess 43 percent is not bad. Now if humans could just understand each other more than 40 percent of the time…

You need an RFID-enabled rabbit, said Mr. Kitten

This BBC story is just too strange to believe:

“In the average house you have about 10,000 different objects and right now you have maybe three objects connected to the net – phone, computer and perhaps a rabbit,” he said.

“But we think that more and more objects are going to be connected,” said Mr Kitten.

A rabbit connected to the net? That is Jean-Francois Kitten, a spokesman for Violet, talking about a Nabaztag wi-fi rabbit gadget that can interpret RFID chips. Put a chip in front of the rabbit and it will “read” aloud. For example a book for children, or maybe a recipe for a cook.

The big question, I suppose, is whether Mr. Kitten will be tracking rabbit behavior. Is there a privacy-enabled rabbit?

Mediterranean Cable Break

Some people are starting to call this a “wake up call” because of the simplicity of the attack and the magnitude of the impact.

Apparently a ship is blamed for dragging its anchor across an undersea cable early this morning, causing widespread outages to Internet and voice traffic in Africa, the Middle East and Asia.

Renesys has a blog with some excellent details:

As you can see from the above map, there are several cable systems that connect Europe, the Middle East and Asia, via the Suez Canal. The countries highlighted in red are those whose Internet connectivity is being disrupted the most by this event. At Renesys, we geo-locate all routed networks and observe their reachability from over 250 locations around the globe. In the case of disasters like this, we will suddenly see a large percentage and/or a large number of country-specific networks disappear from the Internet. As the following charts show, Egypt and Pakistan lost the highest percentage of their networks, while India lost the least. However, India had the third highest total number of networks disappear. Looking at the cable map, it is not surprising that the Indian subcontinent was impacted by events off the coast of Egypt. There are essentially two ways to get to this part of the world: via the Suez Canal or via Southeast Asia.

Pakistan and Egypt report outages of seventy percent or more. I have been working on a number of projects with offices in Asia. None appear directly affected by this incident, but obviously we’re taking another hard look at redundancy requirements.