« Previous 1 2
Dispatches from the world of IT
News
X.org Vulnerabilities Discovered
Security expert Ilja van Sprundel has identified a number of safety-critical bugs in the code of the X11 client libraries from X.org. X.org is the graphic display system used on most Linux and Unix-based systems. According to a note on the X.org developers list, the main reason for the large number of vulnerabilities is that the client libraries trust that the data sent by the X server satisfies the X11 protocol and is correct, but the code itself is susceptible to integer and buffer overflow attacks.
In the general case, the danger is minimized if the X server and X client programs run with the same user ID. However, in special cases, such as set user ID programs, an intruder could use this attack technique to obtain root privileges on a vulnerable system. All previous versions of X.org are affected. Patches to the source code are available at the X.org site.
IBM's Watson Computer Gets a Day Job
When IBM's Watson computer project stole headlines two years ago by beating the best available human at Jeopardy, experts wondered if IBM had a long-term plan in mind, or if putting the computer on a television quiz show was a marketing gambit designed to show off the company's technological prowess. The answer came recently with the announcement of the IBM Watson Engagement Advisor, a system designed to provide customer service responses through near-instantaneous big data analysis.
According to IBM, "270 billion customer service calls are handled annually, with roughly 50 percent unresolved, which means an increase in cost-per-escalated-call by three times. 61 percent of those calls could have been resolved with better access to information."
Descriptions of the new service are fairly vague, but maybe that is the point – Watson is much more adept than most computers at finding specific answers to vague questions. According to IBM, Watson will "help companies make their interactions count by knowing, delivering, and learning what each customer wants – in the context of their preferences and actions – sometimes before even the customer knows it themselves." The service appears to fall into the general category of "Big Data"; however, rather than analyzing the data in advanced for a finished report, Watson will organize the information into an intermediate, indexed state, then analyze on the fly based on its interpretation of the customer's question. Watson's formidable natural language capabilities will contribute to what IBM hopes will be a seamless and efficient customer interaction.
Since winning at Jeopardy, Watson has gotten smaller and faster, with a 240 percent improvement in system performance and a 75 percent reduction in physical size. IBM says the system can now run on a single Linux-based Power 750 server.
At least for now, the Watson Engagement Advisor seems intended to provide services for clients that support customers who have a need for drawing highly specific information from very large data sets, such as information services for the banking and consumer marketing industries. The service will be delivered in a variety of formats, including via HTML, online chat, and mobile devices.
Drupal.org Hacked
The Drupal project has announced a security breach that has compromised usernames, contact information, and hashed passwords for possibly millions of users. Drupal is a popular open source Content Management System (CMS) used for building and managing websites. The Drupal project also hosts user websites at drupal.org and groups.drupal.org . The breach affected the sites hosted by Drupal but did not affect other sites running the Drupal CMS.
According to a statement by the Drupal security team, "This access was accomplished via third-party software installed on the Drupal.org server infrastructure and was not the result of a vulnerability within Drupal itself." Accounts at the affected websites are set to prompt users to reset their passwords at the next login. Users are encouraged to log in as soon as possible to reset their passwords.
« Previous 1 2