Security: Fuzzing, Windows, and ROBOT

Submitted by Roy Schestowitz on Wednesday 13th of December 2017 06:05:30 PM Filed under
Security
  • Language bugs infest downstream software, fuzzer finds

    Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.

    That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi.

    As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee. Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”

  • Kaspersky Antivirus Engine Causing BSOD on Windows 10 Fall Creators Update

    Despite the criticism it received in the United States and in the United Kingdom, Kaspersky continues to be one of the leading security vendors for Windows users across the world, with its software protecting millions of systems powered by Microsoft’s OS.

    But it turns out that some of those whose computers were running the Windows 10 Fall Creators Update and Kaspersky Internet Security 2018 have been hit by a bug causing a Blue Screen of Death (BSOD) since earlier this month.

    BornCity reveals that the issue first appeared earlier this month when some users complained of a BSOD on Windows 10 build 16299.98, which indicates that these systems were running the latest version of the OS with cumulative update KB4051963.

  • ROBOT Attack

    ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

  • ROBOT Attack: 19-Year-Old Bug Returns With More Power To Target Facebook & Paypal

    The attack can compromise a website’s RSA encryption by decrypting the data using the private key of the TLS server. It was possible because of the vulnerability present in the RSA algorithm used in SSL protocol, exploited by Bleichenbacher.

Red Hat and Fedora News

  • Red Hat Adds Common Criteria Security Certification for Red Hat Enterprise Linux
    Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that Red Hat Enterprise Linux 7.1, the world’s leading enterprise Linux platform, has achieved an additional Common Criteria Certification. Enhancing the existing Evaluation Assurance Level 4+ certification announced in October 2016, this certification was under the General-Purpose Operating System Protection Profile (OSPP) 3.9. Red Hat Enterprise Linux was the first operating system to be Common Criteria-certified with Linux Container Framework Support, underscoring Red Hat’s commitment to delivering hardened and more secure IT innovations like Linux containers.
  • ASX Upgrades Its Technical Architecture to Improve Requirements for Business Productivity with JBoss Middleware
  • Fedora 25 Linux Operating System Reached End of Life, Upgrade to Fedora 27
    As of December 12, 2017, the Fedora 25 Linux operating system is no longer supported and it won't receive further updates or security patches as it reached end of life. Fedora 25 Linux was released last year on November 22, and will be remembered as the first release of the GNU/Linux distribution to adopt the next-generation Wayland display server by default for its Workstation edition using the acclaimed GNOME desktop environment. Fedora Project usually provides updates for each Fedora Linux release until a month after the second succeeding version of the operating system is released. Fedora 25 received thirteen months of support, and now that Fedora 27 Linux is out as of November 14, 2017, users need to upgrade.
  • Server Edition of Fedora 27 Linux Is Finally Here, but It Lacks Modularity
    Three weeks after the launch of the Fedora 27 Linux operating system, the Fedora Project announced the release of Fedora 27 Server edition, but it's not what you might have expected.

