Top Stories for the Week of February 27, 2019

  • From Category5 Technology TV S12E21
  • February 27, 2019
The weekly tech news from Category5 TV is provided free of charge. If you enjoy what we do, please consider becoming a Patron so we can continue offering more great content.
Support This Free Content

Here are the stories we're following for the week of Wednesday February 27, 2019


A nasty code-execution bug in WinRAR threatened millions of users for 14 years

A nasty code-execution bug in WinRAR threatened millions of users for 14 years

If you're one of the 500 million WinRAR users, now would be a good time to patch.

WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a more than 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.

The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.

The most obvious path is to have an executable file extracted to the Windows startup folder where it would run on the next reboot. It was easy to bypass Windows permissions required to write to that folder.

In release notes published late last month, WinRAR officials said they patched the vulnerability. They said "UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users."

The code-execution vulnerability in WinRAR has existed the entire 14 years since the UNACEV2 library was created, and possibly earlier.

Source: arstechnica.com

Sent to us by: Roy W. Nash


Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware

Ready for another fright? Spectre flaws in today's computer chips can be exploited to hide, run stealthy malware

Spectre – the security vulnerabilities in modern CPUs' speculative execution engines that can be exploited to steal sensitive data – just won't quietly die in the IT world.

Its unwelcome persistence isn't merely a consequence of the long lead time required to implement mitigations in chip architecture; it's also sustained by its ability to inspire novel attack techniques.

The latest of these appeared in a paper presented at the Network and Distributed Systems Security Symposium in San Diego, California, on Monday.

Co-authored by three computer science researchers from the University of Colorado, the paper, "ExSpectre: Hiding Malware in Speculative Execution," describes a way to compile malicious code into a seemingly innocuous payload binary, so it can be executed through speculative execution without detection.

Speculative execution is a technique in modern processors that's used to improve performance, alongside out-of-order execution and branch prediction. CPUs will speculate about future instructions and execute them, keeping the results and saving time if they've guessed the program path correctly and discarding them if not.

But last year's Spectre flaws showed that sensitive transient data arising from these forward-looking calculations can be abused. Now it turns out that this feature of chip architecture can be used to conceal malicious computation.

The researchers have devised a way in which a payload program and a trigger program can interact to perform concealed calculations. The payload and trigger program would be installed through commonly used attack vectors such as a trojan or phishing scam.

When a trigger program runs on the same machine as is infected with the payload, it tricks the CPU's branch predictor, causing the payload program to speculatively execute its malicious bidding.

The result is stealth malware. It defies detection through current reverse engineering techniques because it executes in a transient environment not accessible to static or dynamic analysis used by most current security engines. Even if the trigger program is detected and removed the payload code will remain operating.

The researchers have reiterated what many have already stated: these flaws need to be addressed in the chips themselves.

Until then, they expect malicious parties to create variants of their proof-of-concept malware technique.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash


A pair of Hewlett Packard Enterprise servers sent up to the International Space Station in August 2017 as an experiment have still not come back to Earth, three months after their intended return.

A pair of Hewlett Packard Enterprise servers sent up to the International Space Station in August 2017 as an experiment have still not come back to Earth, three months after their intended return.

A pair of Hewlett Packard Enterprise servers sent up to the International Space Station in August 2017 as an experiment have still not come back to Earth, three months after their intended return.

Together they make up the Spaceborne Computer, a Linux system that has supercomputer processing power.

They were sent up to see how durable they would be in space with minimal specialist treatment.

After 530 days, they are still working.

Their return flight was postponed after a Russian rocket failed in October 2018.

HPE senior content architect Adrian Kasbergen said they may return in June 2019 if there is space on a flight but "right now they haven’t got a ticket".

The company is working with Nasa to be "computer-ready" for the first manned Mars flight, estimated to take place in about 2030. The company is also working with Elon Musk’s Space X.

Currently, the 20-year-old machines controlling the ISS return data to Earth for processing. This is possible because it takes less than a second to get the data back.

But on a Mars mission, the time taken for a data round-trip will grow to more than 40 minutes as the planet is millions of miles away. That means the data processing will have to be done on the spaceship.

The Spaceborne Computer is currently embedded in the ceiling of the ISS. They were placed in an airtight box with a radiator that is hooked up to the ISS water-cooling system. Hot air from the computers is guided through the radiator to cool down and than circulated back. But there have been problems with the redundancy power supply as well as some of the redundant solid-state drives.

The devices will need to be inspected back on Earth to find out what went wrong.

Source: www.bbc.com

Sent to us by: Roy W. Nash


Microsoft's HoloLens 2 has been announced for $3,500, and is available to preorder now to ship out later this year.

Microsoft's HoloLens 2 has been announced for $3,500, and is available to preorder now to ship out later this year.

Comfort, better visuals, easier to use with your hands. That's the takeaway from HoloLens 2, Microsoft's follow-up to the Space Age goggles it announced four years ago. The technology behind the $3,500 HoloLens 2 device, which Microsoft calls "mixed reality," overlays computer images on the real world. Imagine arrows directing you down the street as you walk, or repair instructions floating over a machine as you fix it. That's mix reality's promise, according to Microsoft.

The company was the pioneer in augmented reality worlds when the tech giant debuted its first headset in 2015, charging companies $5,000 apiece for the gadget. Since then rival devices, such as the $2,295 Magic Leap, have come on the scene.

At prices like that, MR headsets are far more expensive than the competing VR technology currently on the market. Facebook's Oculus Rift, for example, is $349, HTC's Vive is $499 and Sony's PlayStation VR is $299. You have to buy a computer or PlayStation 4 console to power these VR devices, but even then their prices are at least half what Microsoft or Magic Leap are asking.

That hasn't deterred Microsoft from designing an improved headset as part of its push into the now far busier AR universe. The company says HoloLens still isn't ready for you and me to use at home though. Instead, Microsoft is focused on companies and the military. But that has stirred employee dissent. As of yesterday, more than 250 employees had signed an open letter denouncing the deal.

Aside from that caveat, Microsoft has made some welcome improvements to the device, which goes on preorder Sunday and will be shipping later this year.

Source: www.cnet.com

Sent to us by: Robbie Ferguson


Discussion

Twitter Posts

Login to Category5

Error message here!

Hide Error message here!

Forgot your password?

Register on Category5

Error message here!

Error message here!

Hide Error message here!

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close