news.buyenne.com

(credit: An-d)

New research into the "Rowhammer" bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers.

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what's known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven't been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks.

As Ars has previously reported, Rowhammer exploits physical weaknesses in certain types of DDR memory chips to reverse the individual bits of data they store. By repeatedly accessing small regions of memory many times per second, code can change zeroes to ones and vice versa in adjacent regions. These changes occur even though the exploit code doesn't access, and doesn't have access rights to, the adjacent regions. The bug took on the name Rowhammer, because when the code figuratively clobbers one or more rows of memory cells, it causes bitflips in a neighboring cell.

High energy neutrinos may be shot out of the barrel of a black hole. (credit: NASA)

Over the last few years, we've witnessed the start of two radically new ways of doing astronomy. For all of human history, everything we've learned about the cosmos has come from observing photons, from high-energy gamma rays down to the cosmic microwave background. But since the opening of the IceCube observatory at the South Pole, we've been able to track ultra-high-energy cosmic neutrinos. And earlier this year, the updated LIGO detector spotted gravitational waves, ushering in the ability to observe ripples in space itself.

While neutrinos and gravitational waves are a very different means of looking at the cosmos, the data that they generate has to be integrated with everything we've already learned about the Universe. In other words, when we spot the neutrinos or gravitational waves, it would be helpful to observe photons associated with whatever event is producing them. That will help us integrate the new information with things we already know about and come to grips with anything we don't know about.

This week, possible successes were announced, as people identified a likely source of cosmic neutrinos, as well as a possible detection of a gravitational-wave-generating event using more traditional astronomy.

This is a stripped (and fully-milled) AR-15 lower. (credit: Madison Scott-Clary)

A man in Sacramento, California has pleaded guilty to one count of unlawful manufacture of a firearm and one count of dealing firearms.

According to federal prosecutors, Daniel Crowninshield, known online as "Dr. Death," would sell AR-15 blanks, which customers would then pay for him to transform into fully-machined lower receivers using a computer-numerically-controlled (CNC) mill. (In October 2014, Cody Wilson, of Austin, Texas, who has pioneered 3D-printed guns, began selling a CNC mill called "Ghost Gunner," designed to work specifically on the AR-15 lower.)

"In order to create the pretext that the individual in such a scenario was building his or her own firearm, the skilled machinist would often have the individual press a button or put his or her hands on a piece of machinery so that the individual could claim that the individual, rather than the machinist, made the firearm," the government claimed in its April 14 plea agreement.