:Syslog.gr: - a Site about Computers, Open Source, Security, SysAdmins and more ...

Long-time Slashdot reader Kekke shared this article from Ars Technica:

A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said.

The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013…

The vulnerability is tracked as CVE-2019-17666. Linux developers proposed a fix on Wednesday that will likely be incorporated into the OS kernel in the coming days or weeks. Only after that will the fix make its way into various Linux distributions.

Nico Waisman, who is a principal security engineer at Github [and discovered the bug] said he has not yet devised a proof-of-concept attack that exploits the vulnerability in a way that can execute malicious code on a vulnerable machine. “I’m still working on exploitation, and it will definitely… take some time (of course, it might not be possible),” he wrote in a direct message. “On paper, [this] is an overflow that should be exploitable. Worst-case scenario, [this] is a denial of service; best scenario, you get a shell.”

The article notes that the flaw “can’t be triggered if Wi-Fi is turned off or if the device uses a Wi-Fi chip from a different manufacturer.”

of this story at Slashdot.

…read more

Source:: Slashdot

Hint: It rhymes with ‘throwing’ as lawmakers baulk at lobbing an unknown amount of cash into the 2024 lunar bonfire

NASA brought a smile to faces of Boeing shareholders this week with the announcement that it would be ordering 10 Space Launch System (SLS) core stages from the US aviation giant for Artemis rocket launches to the Moon. Although paying for the things could be tricky.…

…read more

Source:: TheRegister

If you thought CADing designs for 3D printing was hard enough, wait until you hear about this .stl trick.

[Angus] of Maker’s Muse recently demoed a method for creating hidden geometries in .stl files that are only revealed during the slicing process before a 3D print. (Video, embedded below.) The process involves creating geometries with a thickness smaller than the size of the 3D printer’s nozzle that still appear to be solid in a .stl editor, but will not be rendered by a FDM slicer.

Most 3D printers have 0.4 mm thickness nozzle, so creating geometries with a wall thinner than this value will result in the effect that you’re looking for. Some possible uses for this trick are to create easter eggs or even to mess with other 3D printing enthusiasts. Of course, [Angus] recommends not to use this “deception for criminal or malicious intent” and I’d have to agree.

There’s a few other tricks that he reveals as well, including a way to create a body that’s actually a thin shell but appears to be solid: great for making unprintable letters that reveal hidden messages.

Nevertheless, it’s a cool trick and maybe one of those “features not bugs” in the slicer software.

…read more

Source:: Hackaday

An anonymous reader quotes a report from Motherboard: On Monday, the right-to-repair movement will have its best chance at advancing legislation that would make it easier to repair your gadgets. The Massachusetts state legislature is holding a three-hour hearing on the Digital Right to Repair act, a bill that would require electronics manufacturers to sell repair parts and tools, make repair guides available, and would prevent them from using software to artificially prevent repair.

So far this year, 19 other states have considered similar legislation. It hasn’t passed in any of them. But Massachusetts is one of the most likely states to pass the legislation, for a few different reasons. Most notably, the legislation is modeled on a law passed unanimously in Massachusetts in 2012 that won independent auto shops the right to repair, meaning lawmakers there are familiar with the legislation and the benefits that it has had for auto repair shops not just in Massachusetts but around the country. Crucially, important legislative hurdles have already been cleared in the state: Both the House and Senate bills are identical and has broad support from both Democrats and Republicans in the legislature. The hearing is going to be held in the Gardner Auditorium, which holds 600 people, making this the largest and highest-profile hearing on the topic in any state thus far.

of this story at Slashdot.

…read more

Source:: Slashdot

The search giant’s new phone goes big on price as consumers balk at costly phones. …read more

Source:: CNet

It wasn’t just Steve Jobs, Elon Musk and Hillary Clinton who said things worth remembering in the last decade. A frustrated judge also questioned whether an overeager Apple lawyer was smoking crack, for example. …read more

Source:: CNet

Here’s a look at our most important stories of the week ending Oct. 19. …read more

Source:: CNet

I spent three months testing treadmills so you don’t have to. …read more

Source:: CNet

The renowned inventor of useless robots [Simone Giertz] has outdone herself this time. She, along with a team of engineers featuring [Rich Rebuilds], [Laura Kampf], and [Marcos Ramirez], recently decided to convert a Tesla into a pickup truck, and make a video along the way, all while salvaging what remains they can of the back of the car and making the final product roadworthy. Yeah, this is a couple weeks old now, and yeah, it’s kind of a commercial, but really: [Simone Giertz] and Co. rock.

In her vlog of the experience, the team starts by gutting out the interior of the car in order to find out the weight distribution and form of the outer frame. Essentially, in order to create the pickup truck, a portion of the back of the car needs to be removed, with additional beams and support welded in depending on the consequent structural integrity. With a sawzall and angle grinder, the top portion of the frame is cut and taken out, but not before a worrying glance brings about the realization that the car needs exterior support during its modifications.

After the cushions, glass, wiring, and all other accessories are removed, they install a truck bed from another sacrificial pickup truck, as well as a roof rack to complete the look. Amidst the deconstruction and reconstruction, there are moments when the car encounters a “Safety restraint system fault” or when the team accidentally lines the inside of the car with fiberglass right before shooting their video. Between complaints of the different clip sizes used and the clear time pressure of the project, it’s a funny and informative look into a pretty unique car mod.

The final commercial they made of their Tesla-pickup hybrid, dubbed Truckla, is available on [Giertz]’s YouTube channel.

[Thanks to crener for the tip!]

…read more

Source:: Hackaday

Rumors about a new iPhone SE have reached fever pitch. Let’s break down why this iPhone may be a big deal. …read more

Source:: CNet