If you are interested in this kind of multi-level attack, I recommend watching this[1] really fun talk by dwangoAC, which he originally gave at DEFCON 24. He is the owner of "TASBot", a custom controller interface for sending high-speed (and occasionally reliable) controller input into a SNES.<p>In this talk, he uses the controller interface on the SNES to send commands to a Super GameBoy, which is running a real Pokemon Red cartridge. Commands are sent to Pokemon Red to activate an arbitrary code execution bug to write a bootloader that receives the rest of the attack program at high speed. Then - form inside the GameBoy environment - he takes over the Super GameBoy and gains arbitrary code execution on the SNES proper.<p>(for a finish, a Twitch chat client is written into RAM on the SNES that uses a custom network protocol to send requests over the controller port, so the livestream audience can ask questions live through the SNES).<p>[1] <a href="https://www.youtube.com/watch?v=s-bKWT9fj8Y" rel="nofollow">https://www.youtube.com/watch?v=s-bKWT9fj8Y</a>
Which brings to mind this blogpost by Ted Unangst [<a href="http://www.tedunangst.com/flak/post/features-are-faults" rel="nofollow">http://www.tedunangst.com/flak/post/features-are-faults</a>], in particular this quote:<p>> Right now there is what I can only describe as a conspiracy to connect something called <i>gstreamer-plugins-bad</i> to the internet. I do not want something called <i>gstreamer-plugins-bad</i> to be connected to the internet because that doesn’t sound like a good idea, but apparently somebody decided to call it a feature, and just like that it had to happen. It’s as if somebody looked at the UML diagram for my browser and realized that the boxes labeled <i>malicious input</i> and <i>gstreamer-plugins-bad</i> weren’t yet connected, and in their utopian vision of the internet, all of the boxes must be connected.
"The attack surface of the Linux desktop does not appear to be under control, or adequately monitored for regression." No kidding. I ran into an interesting example for this a year or so back - the library used by KDE's search indexer for reading image metadata added support for video files with a bunch of classic buffer overflows in the new code, and even though it wasn't used to index video files a similar filename trick could be used to get the indexer to call it. Not sure how easy it would be to get code execution, but it wouldn't require any user interaction thanks to Google Chrome.
On a similar note, last year three huge security holes were discovered in ZSNES that allow an attacker to execute arbitrary x86 code using a malformed ROM. [0] [1]<p>After seeing that and seeing this article, I'm thinking this might be the start of a whole new era of finding security holes in emulators that allow PCs to be compromised by running something shady in an emulator.<p>[0] <a href="https://www.reddit.com/r/emulation/comments/3aq0t3/psa_zsnes_v151_native_code_execution_vulnerability/" rel="nofollow">https://www.reddit.com/r/emulation/comments/3aq0t3/psa_zsnes...</a><p>[1] Seriously, if you're still using ZSNES to emulate SNES games, don't. That's a really scary vulnerability, it still hasn't been patched, and ZSNES has been horrendously inaccurate and buggy since even before that. Do yourself a favor and use Snes9X (or if you can, try something based on a bsnes core, like Higan, bsnes-classic, or RetroArch configured with a bsnes core; they're the most accurate, but the system requirements are high, and Higan's UI isn't user-friendly).
And hence the coding quality separation of gstreamer plugins. There is a reason the plugin ended up in gstreamer-plugins-bad, and most of them it is due to code quality or lack of maintainers or both.
How would people pronounce "0day" in a way where the expression "an 0day" would flow naturally?<p>I read it as "an zero day", and that feels wrong.
Classic: <a href="http://beza1e1.tuxen.de/articles/accidentally_turing_complete.html" rel="nofollow">http://beza1e1.tuxen.de/articles/accidentally_turing_complet...</a> and <a href="https://www.gwern.net/Turing-complete" rel="nofollow">https://www.gwern.net/Turing-complete</a><p>(Not to say that TC itself is bad, but unexpected/accidental TC is normally a sign of bad omen)
I should probably learn 6502 asm at some point. But I think I'll start with ARM and Z80 first, because I have a physical ARM/Z80 machine (read: Gameboy Advance).
Fixed in Ubuntu as of today.<p><a href="http://changelogs.ubuntu.com/changelogs/pool/universe/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.23-7.2ubuntu1.2/changelog" rel="nofollow">http://changelogs.ubuntu.com/changelogs/pool/universe/g/gst-...</a>
my system (linux mint, based on ubuntu 14.04.1) might be affected. the versions match, the files are there.<p>i'm loath to download and execute the test file though.<p>while i'm almost completely sure this post is legit, i also don't want to delete the gstreamer-0.1 in case it trashes something important. think of trolls recommending the deletion of system32 to speed up the system and free disk space.<p>can i remove this safely? is there more information from another credible source?