Latest posts

Nothing important, just a note to myself on downgrading (should also work with upgrading) postgresql-libs with to a different version.

service pure-ftpd stop && \
rpm --erase postgresql9-libs --nodeps && \
yum install -y postgresql8-libs && \
service pure-ftpd start

The DataGenetics Blog has posted Sharing Secrets and Distributing Passwords, an excellent break down of Shamir's Algorithm, an algorithm implementing several ideal properties for distributing a secret as a number of parts:

• Knowledge of any non-complete combination of sub-passwords gives an attacker no additional information on how to solve the problem. Even if you have knowledge of n-1 passwords, there are still an infinite number of curves that fit through these points, and thus an infinite number of possible intercepts.
• As we can clearly see, it's very easy to generate new sub-passwords as needed. If we need to generate and distribute a new sub-password, we simply pull off another coordinate from the curve and give that out! None of the existing passwords need to change.
• If some of the sub-passwords are compromised (and you know which ones) and you want to regenerate new ones, but keep the uncompromised ones the same, you can generate a new curve that passes through the points you wish to keep. [Edit - Only if the the number of uncompromised points is two (or more) less than the minimum number needed to reconstruct the secret. Thanks for the correction @N1DQ]
• To weight passwords (such as giving The President a nuclear launch password with three times the power of a regular password), we simply give out multiple coordinates to that person. Thus, for the nuclear launch example requiring requiring five votes, we generate an order-4 polynomial, give The President three coordinates from the curve, The Secretary of Defence two coordinates off the curve, and the rest of the troops one coordinate each.

Michigan State University researchers Kazem Kashefi and Adam Brown have presented an art installation "The Great Work of the Metal Lover", using Cupriavidus metallidurans to convert naturally occurring gold chloride into a gold nugget.

In about a week, the bacteria transformed the toxins and produced a gold nugget.

Via: Super Bacteria Create Gold - Slashdot

ArsTechnica reports today that the "Moh2010.swf" exploit targeting Internet Explorer versions 7 and 8 on Windows XP has been spotted in the wild:

The exploits circulating in the wild may be relying on other methods to override the more limited defenses included in the Service Pack 3 version of Windows XP. According to Eric Romang, the researcher who disclosed the IE attacks over the weekend, they require the victim to be running Adobe's Flash Player, possibly to carry out what's known as a "heap spray" (another technique for bypassing ASLR). The attacks are being carried out by the same gang that waged the recent stealth attacks against critical vulnerabilities in Java. The files used in the latest wave of attacks (cataloged here, here, here, and here) had little or no detection by the 34 most widely used antivirus programs, at least at the time Romang published his blog post. It wouldn't be surprising for detection to ramp up quickly in the next few hours.