The Google SparseHash project contains several C++ template hash-map implementations in use at Google, with different performance characteristics, including an implementation that optimizes for space and one that optimizes for speed.

Google's sparse_hash_map implementation available under BSD license

In January, a vulnerability in WMF surfaced that let attackers use the Windows' graphics rendering engine that handles WMF images to launch malicious code on users' computers via these images. A number of security researchers posted information about the vulnerability to their mailing lists. Within a few hours, researcher H.D. Moore posted a working example of a WMF exploit--a piece of code written to take advantage of a software flaw--on his Metasploit Web site. Some defended the action, saying it offered insight into the rules security pros needed to put on intrusion-detection systems to avoid getting hit. Others argued that what Moore did enabled the average hacker to more easily exploit the flaw.

Information Week published a long, sensational, and patently dishonest article on security research today. This text makes it seem as if malware authors used the information H.D. Moore published. The fact is that this vulnerability was being exploited by criminal organizations in the wild before anyone in the security research community knew about it. The article fails to make this fact clear because it doesn't fit into the narrative that the reporter is aiming for and undermines the questions the reporter is raising. Would any major news media organization be interesting in a peice that discusses whether intentially dishonest reporting is good or bad for society?

InformationWeek | Security | The Fear Industry | April 17, 2006

The Vrije Universiteit team found that compact malicious code could be written to RFID tags after all. By replacing a tag's normal identification code with a carefully written message, the researchers found they could exploit bugs in a computer connected to an RFID reader. This made it possible to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

Exploiting RFID Readers -- Viral RFID Prototype Created

Abstract

Recent announcements of better-than-expected collision attacks in
popular hash algorithms have caused some people to question whether
common Internet protocols need to be changed, and if so, how. This
document summarizes the use of hashes in many protocols, discusses
how the collision attacks affect and do not affect the protocols,
shows how to thwart known attacks on digital certificates, and
discusses future directions for protocol designers.

RFC 4270: Attacks on Cryptographic Hashes in Internet Protocols

May Meeting of The Atlanta UNIX Users Group (AUUG)

Topic: RFID, How it Works and What It Will Mean To You

Speaker: Lindsay Cleveland
Digital Systems Company
Atlanta, GA

Location: Hewlett-Packard Building
20 Perimeter Summit (directly across I-285 from Perimeter Mall)
Atlanta, GA

Date: Monday, May 2, 2005
Time: 7:30pm

(Our speaker has supplied the following)

Radio Frequency Identification (RFID) has been around for several
years, but new techniques are now being used to make it
inexpensively available on a large scale.

The FDA is requiring RFID on pharmaceuticals for tracking/recall
purposes. Vehicle tires are beginning to have RFID embedded in
their walls for the same reason (remember the Firestone flap?).
Some large retailers, such as Wal-Mart, will soon be requiring
them on every item they stock on their shelves.

This talk will detail the newer RFID 900Mhz technology and will
examine privacy implications and Information Technology
challenges. Will we be living in a "Brave New World" or will
this become "Big Brother Is Watching"?

[ Note that the AUUG web site does not yet have the May meeting announcement posted. ]

RFID, How it Works and What It Will Mean To You

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

The Downside of Biometrics

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

if you want to follow along I downloaded a trial copy of CherryOS this morning and I got the latest version of pearpc as of this morning off of sourceforge (not from cvs, just the tarball), I am using windows XP with Interactive Disassembler (IDA)...

ready...here goes:

so the first thing we want to do is find some strings which are common to both, they will not in and of themselves give you the answer you're looking for but they will give us a good starting point, we will then use these to get a context on the code that uses these strings, we will then compare the functions (or in this case class methods) to see if they are similar (or in this case identical)

so, example number one lets look at something in the cpu emulation code (because that is the heart of the code)

direct your editor to cpu/cpu_jitc_x86/jitc.cc line 465 you will see the following small function

extern "C" void FASTCALL jitc_error_program(uint32 a, uint32 b) {
if (a != 0x00020000) { // Filter out trap exceptions, no need to report them
ht_printf("JITC Warning: program exception: %08x %08x\n", a, b);
}
}

first lets see if we can find the format string "JITC Warning: program exception: %08x %08x\n" somewhere in the core memory image of CherryOS

now if you're using IDA attach to an already running CherryOs.exe (not to be confused with mainCherryOs.exe) and regenerate strings or do a direct string search, and search for this exact string...

you will find it in the text segment located at .text:0040E890...now the fact that it exists alone is almost enough to pass summary judgment, but lets keep going so its painfully obvious...

in cherryos.exe at .text:0040E8C0 you will see a reference to the format string from pearpc the disassembled function at this address looks like this (don't worry details will be explained in a bit)

.text:0040E8C0 sub esp, 0Ch
.text:0040E8C3 cmp ... [ Read More (1.6k in body) ]

Advanced binary analysis of CherryOS: proof of theft

Instead of waiting weeks for computers to grind out solutions to complex problems, scientists may someday get answers instantly thanks to a new type of "oracle" computer that will have all the answers built in, predict Duke University computer scientists and engineers. When a question is posed, the computer will provide the answer already paired with the question in the very structure of the computer's processing unit.

'Oracle' Computer Could Have All the Answers Built In

] At last, the secret of how to make MD5 collisions is out!

MD5 collision method published

bmitchell wrote:
] Researchers that reverse engineer software to discover
] programming flaws can no longer legally publish their findings
] in France after a court fined a security expert on Tuesday.

This is unfortunate if true. France has already shown little hesitation in suing american sites that violate french law. I wonder if they're going to start fining security companies anytime a new vunlerability is published?

RE: Publishing exploit code ruled illegal in france