News

Dangerous 7-Zip flaws put many other software products at risk | PCWorld

The flaws could allow arbitrary code execution when the 7-Zip library processes specially crafted files

Code reuse makes it hard to keep track of vulnerabilities

Credit: IDGNS

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.

The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco’s Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.

The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.

Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.

“7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today,” the Cisco Talos researchers said in a blog post. “Users may be surprised to discover just how many products and appliances are affected.”

A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it.

The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip’s handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.

To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.

http://www.pcworld.com/article/3069975/dangerous-7-zip-flaws-put-many-other-software-products-at-risk.html

Back to School – What is Alphabet?

And wow… Google made an arrangement with Alphabet, Inc. replacing Google as the publicly-traded company and thus changing its operating structure.

Larry Page said in blog post he would become the chief executive of Alphabet Inc, while Senior Vice President Sundar Pichai will be CEO of Google.

“This new structure will allow us to keep tremendous focus on the extraordinary opportunities we have inside of Google,” Larry Page

But, What is Alphabet?

“Alphabet is mostly a collection of companies. The largest of which, of course, is Google. This newer Google is a bit slimmed down, with the companies that are pretty far afield of our main Internet products contained in Alphabet instead. What do we mean by far afield? Good examples are our health efforts: Life Sciences (that works on the glucose-sensing contact lens), and Calico (focused on longevity). Fundamentally, we believe this allows us more management scale, as we can run things independently that aren’t very related. Alphabet is about businesses prospering through strong leaders and independence.

In general, our model is to have a strong CEO who runs each business, with Sergey and me in service to them as needed. We will rigorously handle capital allocation and work to make sure each business is executing well. We’ll also make sure we have a great CEO for each business, and we’ll determine their compensation. In addition, with this new structure we plan to implement segment reporting for our Q4 results, where Google financials will be provided separately than those for the rest of Alphabet businesses as a whole.

 

 

Spartan Falls to the Sword of Microsoft Edge

Agreed my post title is a bit dramatic; I am still rolling with it.

Announced in Build 2015, Microsoft Edge will be the successor to the Project known as Spartan

Microsoft Edge was made specifically for Windows 10. It will have features such as built in note taking and sharing and will also have Microsoft’s Cortana digital assistant built in.

As always the new is on its way fast via Build 2015

Windows 10 Windows Updates using P2P Technology

Hey Folks,

It seems that Windows 10 has the capability of downloading Windows updates using a peer-to-peer (P2P) protocol. Seems like a smart move to deliver their software to end users. After all we are all connected these days.

The new option that allows Windows 10 users to enable this feature that will speed up downloads due to its ability to download apps and OS updates from multiple sources to obtain them more quickly. Updates with a Bit-torrent twist.

These setting to be made to allow only updates from local networked peers or anyone available on the internet.

124-Year-Old Patent Reveals The Right Way To Use Toilet Paper

“My invention… consists in a toll of wrapping paper with perforations on the line of the division between on sheet and the next, so as to be easily torn apart, such roll of wrapping paper forming a new article of manufacture.”

For once I can prove to my wife that I am right.

The patent by New York businessman Seth Wheeler illustrates the proper position of the toilet paper roll.

 

A big thanks to Owen Williams shared the discovery Monday on Twitter and assisting me in winning my first debate with my wife.

A lioness open an unlocked car door

Let me in

As you can see, she doesn’t only come out at night!

At an safari in South Africa a lioness used her teeth to open an unlocked car door. As you can tell from the video the family was completely caught off guard by the event.

“Lock the door! Oh my gosh! I didn’t know they could do that,” one of the ladies screams out. As the woman in the backseat quickly closes and locks the door.

See for yourself.

Welcome to minecraft.jermsmit.com Blog Site

Well its here the blog site that the community of players have been asking for. 

I spend some time setting it up, getting a theme and making some customization and we are online and ready.

That said come join us for some game discussions and event sharing over at http://minecraft.jermsmit.com/

Thanks,

Jermal

 

 

Finally I can Watch Netflix in Ubuntu

Hi all,

I just read on the Ubuntu insights that watching Netflix is now a thing for Ubuntu. Recent efforts have finally paid off and Canonical, Ubuntu now supports it when using Google Chrome version 37 and above.

I big thanks goes out to those at Netflix and Ubuntu for making this “official”. I’ve personally waiting a long time for this.

R.I.P. Linwood B. Pulley Jr

Today, February  6th 2014 at 12:05 est. my cousin my hero ended his heroic and well fought fight with cancer.

His battle was far from easy; his courage, endurance, strength was that which great stories are told and later movies today are made.

Lin was more that just my family; he was part and always will be family to the United States Navy in which he so honorably served.

I wish him farewell, and will see you in the life after this. I wish you fair winds and following sea.

– Love you

 

SharePoint 2013 Upgrade Testing – My InfoPath Issue

I have been testing various features and functionally of a  recent SharePoint 2010 to SharePoint 2013 upgrade I preformed. When I encountered an issue involving a list item used heavily buy one of my departments.

The issue presented itself when the users attempted to create new work items and this is when SharePoint 2013 displayed an informative error messages telling me something went wrong.

I was able to obtain the correlation ID,

and after some filtering and digging in the ULS  (Unified Logging System) I was able to see that this list was created using InfoPath.

After seeking additional information from a few developers it was suggested that this form may need to be recreated. I was later to find out that other customer shave been facing issues with InfoPath and SharePoint 2013 forms.

The Office Team @ Microsoft has released a statement via their Blog that they are “evolving  forms technology” in an effort to streamline and deliver a more integrated  user experience.

In their own words:  “we’re retiring InfoPath and investing in new forms technology across SharePoint, Access, and Word. This means that InfoPath 2013 is the last release of the desktop client, and InfoPath Forms Services in SharePoint Server 2013 is the last release of InfoPath Forms Services.” 

I am taking that means the older forms used from back in Office SharePoint Server 2007 have been deprecated, eventually the rest.

That said here is a link to their blog post:
Update on InfoPath and SharePoint Forms