By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says. The vulnerability affects all versions of Windows 7 through 10 (including 8.1 RT), Server 2008, 2012, 2016, and Core Installations. Tagged with the identification number CVE-2018-5391, the bug received the moniker FragmentSmack because it responds to IP fragmentation, a process that adjusts the packet size to fit the maximum transmission unit (MTU) at the receiving end. IP fragmentation attacks are a known form of denial of service, where the victim computer receives multiple IP packets of a smaller size that are expected to be reassembled into their original form at the destination. FragmentSmack is a TCP fragmentation type of attack, also known as a Teardrop attack, that prevents reassembling the packets on the recipient end. The vulnerability is as old as Windows 3.1 and 95, where it crashed the OS, but it was seen in the more recent Windows 7, too. "An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments," reads Microsoft's advisory on the bug. There is a possible workaround posted on OUR FORUM.

A SENIOR GOOGLE research scientist has quit the company in protest over its plan to launch a censored version of its search engine in China. Jack Poulson worked for Google’s research and machine intelligence department, where he was focused on improving the accuracy of the company’s search systems. In early August, Poulson raised concerns with his managers at Google after The Intercept revealed that the internet giant was secretly developing a Chinese search app for Android devices. The search system, code-named Dragonfly, was designed to remove content that China’s authoritarian government views as sensitive, such as information about political dissidents, free speech, democracy, human rights, and peaceful protest. After entering into discussions with his bosses, Poulson decided in mid-August that he could no longer work for Google. He tendered his resignation and his last day at the company was August  31. He told The Intercept in an interview that he believes he is one of about five of the company’s employees to resign over Dragonfly. He felt it was his “ethical responsibility to resign in protest of the forfeiture of our public human rights commitments,” he said. There's plenty more posted on OUR FORUM.

AMD CEO, Dr. Lisa Su, has confirmed the company is working closely with Microsoft on the future of cloud computing. Given AMD’s ongoing hardware partnership on the Xbox side of the business that does lend more credence to the rumors that the next-gen Microsoft machine could get a Scarlett Cloud version. Back in July, it was rumored the next-gen Xbox console was going to come in two flavors, one standard hardware box for local gaming and another, a more lightweight machine designed for cloud-based gaming. It would reportedly be a low-power device, with a moderate amount of computing power baked into it do deal with specific game-centric tasks like controller input, image processing, and collision detection, with the heavy rendering done in the cloud. Dr. Su was talking with Jim Cramer, of CNBC’s Mad Money, and was responding to his question about AMD’s relationship with Microsoft, suggesting it was no longer a case of Wintel and more WinAMD. Though, to be fair, that really doesn’t trip off the tongue anywhere near as well. “We’re partnered with them in game consoles,” says Dr. Su, “I think we have a vision of where cloud computing is going and we’re working closely with them.” The earlier console rumors surfaced on Thurrott back in July, after Microsoft mentioned it was at work on its next generation of a games console. The CNBC interview could well hint that AMD has been working with Microsoft to create the hardware which enables parts of a game to be computed locally on the low-power device while the heavy lifting is done in Microsoft’s cloud. We have posted further details on OUR FORUM.

 

An exploit for a vulnerability in Tor Browser was delivered today in a tweet that left sufficient room for comments. A security vulnerabilities broker disclosed the details because it no longer served its purpose. The exploit was part of Zerodium's portfolio and worked for Tor Browser 7.x. It existed in the NoScript component, which is a browser add-on that stops web pages from executing JavaScript, Flash, Java or Silverlight. An exploit that one can only assume Zerodium paid good money for, is just a matter of setting the Content-Type of the attacker's HTML/JS page, or a hidden service in the Tor network, to "text/html/json," to suppress any reaction from NoScript and permit all JavaScript code through. The bug worked when the user configured NoScript to block out all JavaScript by selecting the add-on's "Safest" security level. The recently released Tor Browser 8 is based on the new Firefox Quantum engine and did not inherit the flaw; neither is the latest NoScript version, which was re-written as a web extension. Zerodium burning this exploit was also prompted by the fact that Tor Browser, like all modern browsers, comes with an auto-update mechanism, which is enabled by default. This makes sure that users are not affected in any way by exploits that have already been addressed. One can disable this feature from the 'app.update' parameter in the 'about:config' menu. While some users prefer to deploy updates manually for sensitive software such as Tor Browser, the mechanism proves beneficial in such instances. There's more on OUR FORUM.

Apple removed today a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China. Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8-star rating and over 7,000 reviews. While it may have had the ability to remove infections on your Mac, it was also discovered to be quietly uploading a user's personal data without their permission to a remote site. This behavior was first discovered by a security researcher named Privacy 1st who noticed that Adware Doctor would gather a user's browsing history from the Chrome, Safari, and the Firefox browsers, a list of running processes, and App Store search history. This information is then stored in a password protected zip file called history.zip. After the history zip was created, it would be uploaded to a remote server. In a blog post released today, Patrick corroborates Private_1st's findings and provides a detailed analysis of how the program would secretly gather a user's browsing habits and application details and then upload it to a remote host. When Adware Doctor uploaded a user's data, it would send the history.zip file to a remote host named adscan.yelabapp.com. While this domain is hosted on Amazon AWS servers, its DNS records clearly show that it is administered by someone from China. Continue reading on OUR FORUM.

The browser extension for the Keybase app fails to keep the end-to-end encryption promise from its desktop variant. Keybase is a communication and collaboration application focused primarily on securing the traffic from source to destination through public-key cryptography. Wladimir Palant, the maker of popular AdBlock Plus content filtering tool, looked at how the web extension for Keybase works and noticed that the messages it sends are exposed to third-party JavaScript code. The extension adds a "Keybase Chat" button into profiles pages for Facebook, Twitter, GitHub, Reddit, and Hacker News. Clicking on the button opens a chat window where users can type their message. "When you compose your text and 'send' it, the extension passes it to your local copy of Keybase, which encrypts the message and sends it through Keybase chat," informs the FAQ section for the Keybase Chrome and Firefox extension. And herein lies the issue signaled by Palant: messages are not encrypted until they reach the desktop app; Keybase injects its button into web pages, but it does not isolate itself from them. "So the first consequence is: the Keybase message you enter on Facebook is by no means private. Facebook’s JavaScript code can read it out as you type it in, so much for end-to-end encryption," Palant explains. Check it out at OUR FORUM.