The Security Intel Analysis Team gives a pretty good summary of how the IE8 on Windows 7 got busted at the Pwn2Own during CanSecWest 2010. They show us a pretty interesting dive into the ideas behind data execution prevention in definitive must-read article.
Update:
zdnet provides (less verbose) background information on how the iPhone got hacked at the same event.
Apple just released Mac OS X 10.6.3. Pretty good. As usual, the list of bug fixes and patches is quite long. Thanks for that 
Oh, and they added a diagnostic and usage data collection … erm, feature? Hey, it is even enabled by default:
If there was a possibility for opting out I must have missed it somehow. Actually, I am pretty sure they did not ask me.
Speaking as a software engineer, I understand that crash logs and usage data can be invaluable for creating timely and to-the-point patches and updates. On the other side, this is my system. And the data stored on it is mine. Once again, speaking as a software engineer: in the way of creating new applications, a lot of crashes will occur. Bugs need to be squashed, and features to be added. Why should Apple know what I am working on? Or simply what video I was looking at before Youtube crashed? Or what mail caused Mail.app to go down in flames?
And why is it so hard to ask your customers if they want to take part in the user data collection before such a gimmick is activated?
Read more about the Diagnostic and usage data collection (and how to disable it) here.
You’d like your application to read pipe inputs, like “ls -la | myGreatApp”? That’s pretty easy:
#include <stdio.h> #include <unistd.h> int main(void) { char input[BUFSIZ]; /* just read it ... */ read(STDIN_FILENO, input, BUFSIZ); /* ... and use it */ puts(input); return(0); }
TortoiseSVN itself is a very cool tool. And it’s developers have created a nice collection of very helpful utilities as well.
So, if you ever need to send a single win32 message to a running application, you might try SendMessage.
Small size, works as advertised, free.
