Posts Tagged ‘open-source’

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Google releases its first 64-bit Chrome web browser- The Inquirer

Thursday, July 3rd, 2014

GOOGLE’S CHROMIUM PROJECT has released its first 64-bit edition of the Chrome web browser for Windows.
google chromium

The project manages Google’s open-source web browser code underlying the Chrome browser and Chrome OS. It claims that the new build is up to 25 percent faster than the standard 32-bit version, particularly for graphics and multimedia content. In addition crash rates for rendering are down nearly 50 percent from the 32-bit version.

The 64-bit version, which has full functionality, also takes advantage of additional security features in 64-bit Windows architecture such as High Entropy ASLR, as well as improving existing measures like heap partitioning.

At present, the new version is only available to Windows 7 and 8 users. The build is not considered stable yet, and is only available in the Developer or Canary (nightly build) channels.

Existing Chrome users can load the 64-bit version over the installed 32-bit edition without having to uninstall. In addition, all settings are preserved, though as with any test build, it might bork some of your add-ons.

via Google releases its first 64-bit Chrome web browser- The Inquirer.