Wikipedia For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered “root” access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole. The severity of the bug, which resides in the Linux kernel’s “perf,” or performance counters subsystem, didn’t become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine. Hackers who already have limited control over a Linux machine—for instance, by exploiting a vulnerability in a desktop browser or a Web application—can also use the bug to escalate their privileges to root. The flaw affects versions of the Linux kernel from 2.6.37 to 3.8.8 that have been compiled with the CONFIG_PERF_EVENTS kernel configuration option. “Because there’s a public exploit already available, an attacker would simply need to download and run this exploit on a target machine,” Dan Rosenberg, a senior security researcher at Azimuth Security , told Ars in an e-mail. “The exploit may not work out-of-the-box on every affected machine, in which case it would require some fairly straightforward tweaks (for someone with exploit development experience) to work properly.” Read 4 remaining paragraphs | Comments
Link:
Critical Linux vulnerability imperils users, even after “silent” fix
The Korean handset maker earned $5.1 billion of the $5.3 billion in global profits last quarter, says research firm Strategy Analytics. [Read more] 
Georgia Tech and Udacity — the online courseware project led by Sebastian Thrun — have announced a plan to offer an accredited M.S. Computer Science program online. The two organizations are also working with AT&T. This is the first time a major university has made an actual degree available solely through the MOOC format. Getting a degree in this manner is going to be much cheaper than a traditional degree: “… students also will pay a fraction of the cost of traditional on-campus master’s programs; total tuition for the program is initially expected to be below $7,000.” U.S. Secretary of Education Arne Duncan said, “Massive open online courses (MOOCs) have quickly become one of the most significant catalysts of innovation in higher education. As parents know all too well, America urgently needs new ideas about how to make higher education accessible and affordable. This new collaboration between Georgia Tech, AT&T and Udacity, and the application of the MOOC concept to advanced-degree programs, will further the national debate — pushing from conversations about technology to new models of instruction and new linkages between higher education and employers.” Georgia Tech is looking at the big picture: “At present, around 160,000 master’s degrees are bestowed in the United States every year in computer science and related subject disciplines; the worldwide market is almost certainly much larger, perhaps even an order of magnitude larger.” Read more of this story at Slashdot. 
With 32.3 percent of the market share, Netflix reigns the entertainment streaming world, but Amazon, Hulu, and YouTube still maintain their piece of the pie. [Read more] 