TechGlyphs Editor

A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers.

GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program's memory with code.


This code then compromises the vulnerable application or device and tries to take over the control over the whole system.


It is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.


However, an attacker need to bypass several operating system security mechanisms – like ASLR and non-executable stack protection – in order to achieve successful RCE attack.


Alternatively, an attacker on your network could perform man-in-the-middle (MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet."glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated."

"Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow."

you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes

Changing the date and time system in iOS ie, changing your iPhone's or any iOS device's date to January 1, 1970, will kill your iPhone forever.

Do Not Try This Trick with your iOS device really

This bug affects any iOS device that uses 64-bit A7, A8, A8X, A9 and A9X processors and runs iOS 8 or newer, including iPhones, iPads, and iPod touches. However, for those running on 32-bit iOS versions are not affected by this issue.This bug is related to UNIX timestamp epoch that causes the kernel to crash. The only way to get it back is to open the device's casing and physically disconnect the battery from the logic board. This could only be done with the help of Apple's Genius Bar.


This process will reset the iPhone's date and allow it to boot.While there isn't any other fix at the moment, Apple is expected to come up with a software update to fix and unbrick the affected iOS devices.

"The driving force of the universe is gravity," said Tuck Stebbins, Gravitational Astrophysics Lab Chief at NASA's Goddard Space Flight Center."Gravitational waves are emitted by orbiting bodies and certain other accelerated masses. Right now, major international efforts are underway to detect gravitational waves directly. Once detection is possible, the scientists hope to use gravitational waves to “listen” to some of the most violent processes in the universe: merging black holes and/or neutron stars, or the core region of supernova explosions.

What do gravitational waves do?

But what do gravitational waves do? For that, let us look at a simplified, entirely hypothetical situation. (The following are variations on images and animations originally published here on Einstein Online.) Consider particles drifting in space, far from any sources of gravity