An exploit called ABftw.c was posted on full disclosure, September 15, 2010, under the title Ac1dB1tch3z Vs Linux Kernel x86_64 0day.

This exploit has been tested very thoroughly over the course of the past few years on many many targets.

Thanks to redhat for being nice enough to backport it into early kernel versions (anything from later August 2008+

That backport comment might be a reference to a CVE-2007-4573 regression (September 24, 2007), which is the cause of the vulnerability.

Mitre’s description of the problem (CVE-2010-3081) from August 20, 2010 says the include/asm/compat.h files in a Linux kernel prior to 2.6.36-rc4-git2 on 64-bit systems had a userspace memory allocation flaw. The 32/64-bit compatibility layer implementation missed a sanity check, so a local, unprivileged user could elevate their privilege level by abusing a length argument.

A couple months have passed as various Linux distributions patched, and now VMware has announced their patch as well.

This patch updates the Service Console kernel to fix a stack pointer underflow issue in the 32-bit compatibility layer.

They appear to rate it as less critical than the other vendors, most likely because local users on ESX Server 4.x have far less exposure to risk than a typical Linux host.

Ksplice offers a tool to detect “the CVE-2010-3081 high-profile exploit”.

Here is sample
output for a system that has not been compromised:

$ wget -N https://www.ksplice.com/support/diagnose-2010-3081
$ chmod +x diagnose-2010-3081
$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit — Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.18-194.11.3.el5
$$$ Backdoor in LSM (1/3): checking…not present.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking…not present.

Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.
$

The Bay Area Hackers Association has a call out for speakers.

When: Sunday, January 9th, 2011
Where: Noisebridge, 2169 Mission St, San Francisco, CA

Charter:

…give those interested in learning and teaching about security topics a forum to do so. This is mostly about computer, application, network security and cryptology, but I don’t see a reason to strictly limit discussion to those topics. For example, there may be widespread interest in anonymity, privacy, relevant legislation, physical security, locksport, and so on.

Mailing List

Odd, on December 9th I mentioned a story on the BBC about an MIT team who had spent considerable resources mapping social networks to geography.

[Carlo Ratti of the Massachusetts Institute of Technology’s] team used records of more than 12 billion anonymised landline telephone calls, to model who Britons frequently spoke to.

I added in a Wired map from 2007 to illustrate how the NSA likes to route communications through America so they can listen:

Now I see an intern at Facebook has tonight tried to replicate the same study using Facebook data:

I was interested in seeing how geography and political borders affected where people lived relative to their friends. I wanted a visualization that would show which cities had a lot of friendships between them.

That sounds an awful lot like the MIT study, which said:

A map created using those connections showed that people tended to communicate most with people that we geographically close to them, [Carlo Ratti of the Massachusetts Institute of Technology’s team] added.

I do not think the Facebook intern is really saying “I have a hypothesis that x,y cities have a lot of friendships”. No, I think he is saying “I set out to paint a picture of cities that have a lot of relationships between them”. It is kind of like he says he wants to do the exact same thing that the MIT study was doing, but skipping straight past the study part and to the pretty picture.

I began by taking a sample of about ten million pairs of friends from Apache Hive, our data warehouse. I combined that data with each user’s current city and summed the number of friends between each pair of cities. Then I merged the data with the longitude and latitude of each city.

Voila! Art.

Note that MIT’s study was on 12 billion anonymised connections.

Facebook intern project: not so many and not so anonymous, and no credit.

MIT had a team working on their study.

Facebook intern project: “a few minutes of rendering”

So here are millions of connections, probably not even random let alone anonymous, manipulated to look pretty in “enough shades of color for it to work the way I wanted”.

Pretty and artistic, but I will avoid making jokes about it being insecure, shallow and artificial, like Facebook. I would have to make the data work the way I want to support that…but seriously, there are barely any connections between France and French-speaking Africa. Is that a sign of weakness by Facebook or is it outside the data set of their millions, or is that asking the same question?

And here is the MIT study color map, from the BBC, for comparison:

This all takes me back to the link analysis tools I wrote about in June. It is extremely useful to incident responders and investigators to map suspect relationships to geography over time.

Updated: A reader pointed out the Facebook map is similar to a 1996 IEEE presentation called “Visualizing the Global Topology of the MBone”

We present a case study of visualizing the global topology of the Internet MBone. The MBone is the Internet’s multicast backbone. […] We create a geographic representation of the tunnel structure as arcs on a globe by resolving the latitude and longitude of MBone routers.