> When combined with an earlier vulnerability, named “Wi-Figate”, which lets attackers force a device to automatically connect to a given WiFi network
I'm not fully up on exploitable iOS tricks, but it sounds like they're spoofing a BSSID to be one that the iOS device has already connected to (because iOS devices broadcast this when scanning for networks IIRC?), but has RADIUS authentication with a specially crafted server certificate that manages to crash the network stack.
Not aware of anything from Apple about this issue. It was just an assumption, sorry. What I did is test up to date devices (i think i even tested an up to date iOS 6) and couldn't get any specific SSID. The probe requests were still there, but SSID parameter was always set to Broadcast.
However I did see a lots of probe requests WITH a SSID parameter set but those were not coming from my devices :). I assumed they were not up to date.
I am very interested to know if the probe requests you're seeing are also coming from unknown devices: if they aren't, could you provide us with the iOS version you're using/testing with?
> What do you call something that grants root access without authentication, but wasn't intended to let arbitrary people or programs use it?
Local privilege escalation. In a huge number of established LPEs, the exploit is by leveraging a weakness in checking who makes the call that allows legitimate privilege escalation. This is a legitimate privilege escalation (sshd binds to port 22, among others tasks), that can be exploited through a weakness in checking who is making that request and if they can have that granted.
There are a number of open source discussion lists I've been subscribed to over the past decade (usenet, then Google Groups) that have recently migrated to hosted Discourse boards because of Google's lack of spam fighting tools. Who cares about what the listservs UI looks like, the entire point is to receive and send email. Lets help build good spam fighting capabilities into mailman and others so all of our knowledge isn't locked into these walled-garden communities.
* Since data is now in SQL, it's easier to interact with the DB and have simple tools delete spammers.
* Since there's an exposable API now, it's possible to develop systems that interact with mailman and help with the issue.
I find that the Man pages on BSD-derived systems are generally quite exceptional, where as GNU-based systems seem to be less so. `info` seems to be their attempt at making a better `man`, but it's pretty hit-or-miss if a Linux-based project thats not from the FSF supports infopages over manpages.
But the one thing I hate about info is that they often change the "see also" near the end of a man page from a list of similar or related commands that you might want to also read, to an invitation to use the info chapter for that command. Aarrrggghhh!
The full documentation for ls is maintained as a Texinfo manual.
If the info and ls programs are properly installed at your site, the command
info coreutils 'ls invocation'
should give you access to the complete manual.
Why hijack a useful section? Why not just add a "SEE INFO" section?
USB PIDs aren't like NIC MAC addresses, two identical items (keyboards, webcams, etc.) are supposed to have the same PID in order for the OS to recognize them as being the same and to apply the same driver to them. The VID is just a namespacing convention.
If you're writing http headers out to your apache logs on your production server, you're doing it _severely_ wrong.
edit: I'm specifically talking about http basic auth with a precomputed "Authentication: base64($username + $passwd)" header, not a GET of "/foobar?api_key=12345abcd". The latter is obvious in it's failures and is not related to http basic auth.
I'd have to disagree. I don't have any insight into the church office building's internal network, but I do know that they already have massive lines going into the church office building and the surrounding Temple Square area. The church itself has no need for more fiber. Even if they did, they showed no desire to help UTOPIA along (they even have the capabilities of becoming a private leaser), so what makes you think they would want to pipe their traffic through a third party advertising agency?
Secondly, Salt Lake City proper, where I live and where this announcement is declaring the buildout initiative, is very much not-mormon. The number of people logging on to their site to stream videos is minuscule compared to the number of people in the surrounding suburban sprawl. Google Fiber isn't coming to Salt Lake Valley, it's coming to the City. This won't help them.