> > could provided a specially-crafted PAF audio file, which once opened by
> > a local, unsuspecting user in an application, linked against libsndfile,
> > could lead to that particular application crash (denial of service),
I agree with everything up to here.
> > or, potentially arbitrary code execution with the privileges of the
> > user running the application.
but this is rubbish. The heap gets overwritten with zeros which would
certainly lead to the application segfaulting. However, there is
no way for arbitrary code to be executed on amy sane OS with proper
memory protection.
Furthermore, Secunia when they contacted me about this said they would
release information about this vulernability on the 18th and then ended
up releasing it on the 12th instead which means I had to rush out the
release I was working on (and would have easily had ready for the
18th). That is not the way to win friends and influence people.
Insightful and humorous thoughts on development. His argument is to not blame the tool, blame the tool users…
Yesterday I tried to cut my steak with a spoon and that goddam spoon sucked-ass. Why the hell would anybody ever use a spoon for anything? They are completely useless!
[…]
People tend to inaccurately think that ‘potentially shippable software‘ means just build some shit and see what happens. Not the case.
BART has just posted a job listing for Executive Staff Assistant, Independent Police Auditor. The BART Police obviously are generating a lot of demand for independent audits, having killed at least two people recently.
Despite changing chiefs (following last year’s killing) the department is now facing the same heavy criticism from the public. They are accused of taking too long to explain events and details from this past July 3rd, when an officer shot and killed a man 25 seconds after confronting him.
One of the complaints I see is that a 250-member police force has been unapproachable and even refused witness testimony.
Some of the cops began asking if anyone had seen the shooting, she said.
Hollero said she told one police officer that she had, but she said it didn’t seem like the officer was interested in following up. She left the station without giving an interview to police.
In the days since, Hollero called the San Francisco Police Department, which is investigating the shooting, to report what she saw. She reached an officer Wednesday morning; when she identified herself as a witness to the shooting on Sunday, she said the officer asked, “What shooting are you referring to?”
When she told him, he answered that “this is sounding like a BART issue” and said she should call the BART tip line but he didn’t have the number. Hollero said that she then called BART [tip line: 510-464-7040], but only got an answering machine.
The auditor role appears designed to help with that and other important functions for running investigations such as processing and releasing information to the public more quickly.
5. Screens incoming calls, responds to questions and complaints from the general public or from departments; provides information based on knowledge of existing policies, procedures, programs, or services; reviews and investigates problems, and recommends appropriate action or referral; prepares summary reports as required.
6. Obtains essential information from complainants, witnesses, and others, including over the phone, in-person, or through written or electric correspondence, necessary for the Office of the Independent Police Auditor to initiate an investigation.
7. Receives visitors to the Office of the Independent Police Auditor, including members of the public and individuals from other BART departments, and determines how to address their requests, inquiries, etc.
8. Independently composes, compiles and prepares correspondence, reports and documents; reviews finished materials for completeness, accuracy and compliance with District policies and procedures.
I’ll let you draw your own conclusions from the released surveillance video.
What jumps out to me is the police draw and fire bullets yet the video indicates other passengers are not far away and that they sense no serious/station threat. They leave the area calmly without pause to assess the danger, which could explain why there have been no amateur videos or photos released.
The official police report says the victim raised a large knife above his head but he is too far away to be seen in the video.
The victim also is said to have broken a glass bottle near the more experienced officer, who then slipped and fell on the liquid. The knife may have been threatening but the sound/visual of a bottle being broken and an officer slipping and falling down sounds far more likely to have been what spooked the less experienced officer into firing his gun. Audio would certainly help…
Interesting to note the similarities in the Oscar Grant and Charles Hill investigations. Both were holidays (New Years 2009 and 4th of July 2011), both were late night reports of drunk and disorderly conduct, and both involved officers with less than two years experience firing bullets instead of their taser (although it’s not clear yet whether the officer firing bullets in the latest case was the one carrying a taser)
It was supposed to be a simple technology change to solve the problem of pumping water for women and children. Replace hand pumps with merry-go-rounds and when children play the water is pumped (like a windmill on its side) into a storage tank. Apparently $60 million was raised, including $10 million from the US government and $5 million from the founder of AOL.
Costello visited more PlayPump sites, the next one in a more remote part of Mozambique with fewer children around. Women tell her that spinning the merry-go-rounds is often hard work without help, and hard especially for the older women. They tell her the old hand pumps were much easier, and that no-one consulted them about the change. The PlayPump just arrived.
a blog about the poetry of information security, since 1995