Tracking change and innovation in the enterprise software development community
Scaling Scrum
in the enterprise?
ScrumWorks Pro
can help.
Start a trial today
Free Book Offer
SOA Demystified
$40 Value
QCon London 2010!
March 10-12, 100
Speakers, 80 sessions,
"THE" team leads and,
architects conference.
Posted by Ryan Slobojan on Apr 01, 2009
In what is sure to become one of the most wide-reaching security vulnerabilities yet known, a researcher with L0pht Heavy Industries has uncovered a flaw in the standard implementation of the Quicksort algorithm. InfoQ spoke with Dildog of L0pht to learn more about this vulnerability and it's ramifications.
Dildog explained the vulnerability as being of a class of vulnerabilities known as buffer overflow exploits. In these sorts of vulnerabilities, a malicious program is able to execute arbitrary code using the permissions of the user which is executing the given process.
In the case of Quicksort, the source of the vulnerability has not yet been made public, however it has been confirmed by two external security analysis firms as being present in the standard implementation of the Quicksort algorithm. Pseudocode for this algorithm, as found on Wikipedia, is:
function quicksort(array)
var list less, greater
if length(array) ≤ 1
return array
select and remove a pivot value pivot from array
for each x in array
if x ≤ pivot then append x to less
else append x to greater
return concatenate(quicksort(less), pivot, quicksort(greater))
This vulnerability has been confirmed as affecting the following libraries, runtimes and products:
According to Dildog, this vulnerability was first discovered while performing forensics upon a system which had been compromised by a previously unknown exploit. This exploit caused the computer in question to change all system sounds to clips of an 80s pop song, and replaced all system images and icons with pictures of assorted Lolcats. Although there have been no other reports of this exploit being seen, we advise all InfoQ readers to keep alert and report any unexpected appearances of either Rick Astley or Lolcats to the proper authorities.
Unix, Linux Uptime & Reliability Increase While Patch Management Woes Plague Windows (Yankee Group)
Learning to be a Good Product Owner: Foundation Skills
Understand and Align BPM, SOA, and Lean Six Sigma: 43 page IBM Redguide
VersionOne is recognized by Agile practitioners as the leader in Agile project management tools. Companies such as Adobe, BBC, CNN, Dow, HP, IBM, Sony and 3M have turned to VersionOne to help deliver greater value to their customers.
I just looked at how many machines we have that are compromised... it's over 9000.
Similar to this bug:
bugs.sun.com/bugdatabase/view_bug.do?bug_id=504...
(however this bug didn't affect that many applications)
It's probably an April Fool's joke...
Do you think? ;)
No, it's true! Our credit card billing database has just quicksorted itself and everything is gone, because some exploit moved it to Youtube. We are bancrupt!
But a pretty good one. I'm curious if anyone at the ranch bites.
Brian Marick takes us through a quick tour of the most important values and challenges to adopting Agile successfully (they aren't the typical challenges and values we hear in the community).
The line between development and architecture is tricky. Does it exist at all? Is an ivory tower actually needed? There's a balance in the middle, but how do you move from developer to architect?
The word 'authority' sometimes produces an allergic response in hard-line agilists. Freedom and authority – both are bad if misused and both are good if used in right spirit for a noble cause.
"Getting Started with Grails" brings you up to speed on this modern web framework. Companies as varied as LinkedIn, Wired, and Taco Bell are all using Grails. Are you ready to get started as well?
Those familiar with only ITIL V2 often scoff at the thought that ITIL could serve as a governance framework for SOA. With ITIL V3, the focus of the framework shifted towards service-orientation.
SpringSource CTO Adrian Colyer discusses AspectJ, SpringSource's dm Server and tc Server products, OSGi and Scrum.
Heroku's Adam Wiggins talks about Rails, Background Jobs, Add-Ons, Ruby, and how Heroku manages to work around Ruby's inefficiencies using Erlang and other languages.
For Grady Booch the foundation of a good architecture is patterns, SOA being just one of many patterns. In this Second Life presentation, Booch attempts to bring more clarity on what architecture is.
7 comments
Watch Thread Reply