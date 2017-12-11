Security: Fuzzing, Windows, and ROBOT
Language bugs infest downstream software, fuzzer finds
Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.
That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.
As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee. Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”
Kaspersky Antivirus Engine Causing BSOD on Windows 10 Fall Creators Update
Despite the criticism it received in the United States and in the United Kingdom, Kaspersky continues to be one of the leading security vendors for Windows users across the world, with its software protecting millions of systems powered by Microsoft’s OS.
But it turns out that some of those whose computers were running the Windows 10 Fall Creators Update and Kaspersky Internet Security 2018 have been hit by a bug causing a Blue Screen of Death (BSOD) since earlier this month.
BornCity reveals that the issue first appeared earlier this month when some users complained of a BSOD on Windows 10 build 16299.98, which indicates that these systems were running the latest version of the OS with cumulative update KB4051963.
ROBOT Attack
ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
ROBOT Attack: 19-Year-Old Bug Returns With More Power To Target Facebook & Paypal
The attack can compromise a website’s RSA encryption by decrypting the data using the private key of the TLS server. It was possible because of the vulnerability present in the RSA algorithm used in SSL protocol, exploited by Bleichenbacher.
