A nasty code-execution bug in WinRAR threatened millions of users for 14 years
If you're one of the 500 million WinRAR users, now would be a good time to patch.
WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a more than 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.
The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.
The most obvious path is to have an executable file extracted to the Windows startup folder where it would run on the next reboot. It was easy to bypass Windows permissions required to write to that folder.
In release notes published late last month, WinRAR officials said they patched the vulnerability. They said "UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users."
The code-execution vulnerability in WinRAR has existed the entire 14 years since the UNACEV2 library was created, and possibly earlier.
Source: arstechnica.com
Sent to us by: Roy W. Nash
Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware
Spectre – the security vulnerabilities in modern CPUs' speculative execution engines that can be exploited to steal sensitive data – just won't quietly die in the IT world.
Its unwelcome persistence isn't merely a consequence of the long lead time required to implement mitigations in chip architecture; it's also sustained by its ability to inspire novel attack techniques.
The latest of these appeared in a paper presented at the Network and Distributed Systems Security Symposium in San Diego, California, on Monday.
Co-authored by three computer science researchers from the University of Colorado, the paper, "ExSpectre: Hiding Malware in Speculative Execution," describes a way to compile malicious code into a seemingly innocuous payload binary, so it can be executed through speculative execution without detection.
Speculative execution is a technique in modern processors that's used to improve performance, alongside out-of-order execution and branch prediction. CPUs will speculate about future instructions and execute them, keeping the results and saving time if they've guessed the program path correctly and discarding them if not.
But last year's Spectre flaws showed that sensitive transient data arising from these forward-looking calculations can be abused. Now it turns out that this feature of chip architecture can be used to conceal malicious computation.
The researchers have devised a way in which a payload program and a trigger program can interact to perform concealed calculations. The payload and trigger program would be installed through commonly used attack vectors such as a trojan or phishing scam.
When a trigger program runs on the same machine as is infected with the payload, it tricks the CPU's branch predictor, causing the payload program to speculatively execute its malicious bidding.
The result is stealth malware. It defies detection through current reverse engineering techniques because it executes in a transient environment not accessible to static or dynamic analysis used by most current security engines. Even if the trigger program is detected and removed the payload code will remain operating.
The researchers have reiterated what many have already stated: these flaws need to be addressed in the chips themselves.
Until then, they expect malicious parties to create variants of their proof-of-concept malware technique.
Source: www.theregister.co.uk
Sent to us by: Roy W. Nash
A pair of Hewlett Packard Enterprise servers sent up to the International Space Station in August 2017 as an experiment have still not come back to Earth, three months after their intended return.
A pair of Hewlett Packard Enterprise servers sent up to the International Space Station in August 2017 as an experiment have still not come back to Earth, three months after their intended return.
Together they make up the Spaceborne Computer, a Linux system that has supercomputer processing power.
They were sent up to see how durable they would be in space with minimal specialist treatment.
After 530 days, they are still working.
Their return flight was postponed after a Russian rocket failed in October 2018.
HPE senior content architect Adrian Kasbergen said they may return in June 2019 if there is space on a flight but "right now they haven’t got a ticket".
The company is working with Nasa to be "computer-ready" for the first manned Mars flight, estimated to take place in about 2030. The company is also working with Elon Musk’s Space X.
Currently, the 20-year-old machines controlling the ISS return data to Earth for processing. This is possible because it takes less than a second to get the data back.
But on a Mars mission, the time taken for a data round-trip will grow to more than 40 minutes as the planet is millions of miles away. That means the data processing will have to be done on the spaceship.
The Spaceborne Computer is currently embedded in the ceiling of the ISS. They were placed in an airtight box with a radiator that is hooked up to the ISS water-cooling system. Hot air from the computers is guided through the radiator to cool down and than circulated back. But there have been problems with the redundancy power supply as well as some of the redundant solid-state drives.
The devices will need to be inspected back on Earth to find out what went wrong.
Source: www.bbc.com
Sent to us by: Roy W. Nash
Microsoft's HoloLens 2 has been announced for $3,500, and is available to preorder now to ship out later this year.
Comfort, better visuals, easier to use with your hands. That's the takeaway from HoloLens 2, Microsoft's follow-up to the Space Age goggles it announced four years ago. The technology behind the $3,500 HoloLens 2 device, which Microsoft calls "mixed reality," overlays computer images on the real world. Imagine arrows directing you down the street as you walk, or repair instructions floating over a machine as you fix it. That's mix reality's promise, according to Microsoft.
The company was the pioneer in augmented reality worlds when the tech giant debuted its first headset in 2015, charging companies $5,000 apiece for the gadget. Since then rival devices, such as the $2,295 Magic Leap, have come on the scene.
At prices like that, MR headsets are far more expensive than the competing VR technology currently on the market. Facebook's Oculus Rift, for example, is $349, HTC's Vive is $499 and Sony's PlayStation VR is $299. You have to buy a computer or PlayStation 4 console to power these VR devices, but even then their prices are at least half what Microsoft or Magic Leap are asking.
That hasn't deterred Microsoft from designing an improved headset as part of its push into the now far busier AR universe. The company says HoloLens still isn't ready for you and me to use at home though. Instead, Microsoft is focused on companies and the military. But that has stirred employee dissent. As of yesterday, more than 250 employees had signed an open letter denouncing the deal.
Aside from that caveat, Microsoft has made some welcome improvements to the device, which goes on preorder Sunday and will be shipping later this year.
Source: www.cnet.com
Sent to us by: Robbie Ferguson
RT @TheAmpHour: “The role of most prototypes is to try to kill the idea” ~ @zackfreedman This week Zack joins @Chris_Gammell on a crossov…
Open TweetRT @Category5TV: There are amazing, powerful alternatives to #RaspberryPi in full supply! We look at the @khadas_official #VIM4 and talk ab…
Open TweetThere are amazing, powerful alternatives to #RaspberryPi in full supply! We look at the @khadas_official #VIM4 and… https://t.co/cf4sCrqh9p
Open TweetWhy do TV remotes still have so many buttons (most of which are useless) in 2022? I mean, digital cable killed the… https://t.co/7NlPxrqOGE
Open TweetAn overnight dry rub, 9 hours on the smoker, followed by a quick grilling. I've finally nailed it. As good as any r… https://t.co/Lrb9MK9syS
Open Tweet