When Apple pushed their most recent security update, the first thing we checked was whether the ARDAgent issue was fixed. It’s not. This vulnerability lets anyone execute code as a privileged user and versions of this attack have already been found in the wild. While several Ruby, SMB, and WebKit issues were addressed it, ARDAgent is still unpatched. [Dino Dai Zovi] has published the method by which ARDAgent actually becomes vulnerable: when it starts, it installs its own Apple Event handlers and calls AESetInteractionAllowed() with kAEInteractWithSelf. This should restrict it only to its own events, but for some reason that’s not the resulting behavior. He also pointed out that SecurityAgent has displayed similar weirdness; it is vulnerable to Apple Events even though it doesn’t calls an Apple Events function. We can see how this unexpected behavior could make patch development take much longer and may end up uncovering an even bigger problem. Check out [Dino]‘s post for more information.
[Jeff] has been playing around with Parallax’s Propeller chip. He’s used it to adapt an NES controller to the to the Commodore 64. In this latest iteration though, he’s added a Memsic 2125 dual axis accelerometer to the end of a whiffle ball bat and used that to provide Wii style controller input. The video above shows his son playing Street Sports Baseball with it.
The Technology Entertainment Design Conference has been a great source for interesting presentations and in 2006 they started publishing their talks online. This week they published a list of the top 10 most popular talks. There are quite a few tech related ones and we’ve covered some of this work before: [Jeff Han]‘s multitouch demos, [Johnny Lee]‘s Wiimote hacking, [Blaise Aguera y Arcas] demoing a zoomable interface, and finally for a bit of fun [Arthur Benjamin]‘s Mathemagic.
We’re amazed we didn’t stumble across this ill advised burnination sooner. Earlier in the week [tetranitrate], of LED chess set fame, posted his experiences using a laser cutter to scarify his own skin. It’s very painful, not to mention the discomfort of smelling your own burning flesh. He’s using an Epilog with a magnet over the safety switch. To get the positioning right, a layer of painters tape was put down and then etched. For a less painful version, you could try Bre’s fingernail calendar from last Fall. Video of multiple tattoos embedded after the break.
You might remember [Janne]‘s IKEA cluster. Now he’s got a couple of dream rigs in mind, so he started doing 3D renderings of them. Helmer 2 is designed to contain 24 video cards attached to six motherboards with quad core CPUs. (AMD has even taken enough interest to send him some cpus to get started) The rendering really comes in handy for designing the custom copper heat pipes and the aluminum cooling fin enclosure. Still bored, he put together a rendering of a 4 PetaFLOP machine using 2160 video cards.
Update: The Helmer 2 link is fixed.