News

Dangerous 7-Zip flaws put many other software products at risk | PCWorld

The flaws could allow arbitrary code execution when the 7-Zip library processes specially crafted files

Code reuse makes it hard to keep track of vulnerabilities
Credit: IDGNS

Two vulnerabilities recently patched in 7-Zip could put at risk of compromise many software products and devices that bundle the open-source file archiving library.

The flaws, an out-of-bounds read vulnerability and a heap overflow, were discovered by researchers from Cisco’s Talos security team. They were fixed in 7-Zip 16.00, released Tuesday.

The 7-Zip software can pack and unpack files using a large number of archive formats, including its own 7z format, which is more efficient than ZIP. Its versatility and open-source nature make it an attractive library to include in other software projects that need to process and deal with archived files.

Previous research has shown that most developers do a poor job of keeping track of vulnerabilities in the third-party code they use and that they rarely update the libraries included in their projects.

“7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today,” the Cisco Talos researchers said in a blog post. “Users may be surprised to discover just how many products and appliances are affected.”

A search on Google reveals that 7-Zip is used in many software projects, including in security devices and antivirus products. Many custom enterprise applications also likely use it.

The out-of-bounds read vulnerability, tracked as CVE-2016-2335, stems from 7-Zip’s handling of Universal Disk Format (UDF) files, while the heap overflow condition, CVE-2016-2334, can occur when handling zlib compressed files.

To exploit the flaws, attackers can craft specially crafted files in those formats and deliver them in a way that would cause the vulnerable 7-Zip code to process them.

http://www.pcworld.com/article/3069975/dangerous-7-zip-flaws-put-many-other-software-products-at-risk.html

Back to School – What is Alphabet?

And wow… Google made an arrangement with Alphabet, Inc. replacing Google as the publicly-traded company and thus changing its operating structure.

Larry Page said in blog post he would become the chief executive of Alphabet Inc, while Senior Vice President Sundar Pichai will be CEO of Google.

“This new structure will allow us to keep tremendous focus on the extraordinary opportunities we have inside of Google,” Larry Page

But, What is Alphabet?

“Alphabet is mostly a collection of companies. The largest of which, of course, is Google. This newer Google is a bit slimmed down, with the companies that are pretty far afield of our main Internet products contained in Alphabet instead. What do we mean by far afield? Good examples are our health efforts: Life Sciences (that works on the glucose-sensing contact lens), and Calico (focused on longevity). Fundamentally, we believe this allows us more management scale, as we can run things independently that aren’t very related. Alphabet is about businesses prospering through strong leaders and independence.

In general, our model is to have a strong CEO who runs each business, with Sergey and me in service to them as needed. We will rigorously handle capital allocation and work to make sure each business is executing well. We’ll also make sure we have a great CEO for each business, and we’ll determine their compensation. In addition, with this new structure we plan to implement segment reporting for our Q4 results, where Google financials will be provided separately than those for the rest of Alphabet businesses as a whole.

 

 

Spartan Falls to the Sword of Microsoft Edge

Agreed my post title is a bit dramatic; I am still rolling with it.

Announced in Build 2015, Microsoft Edge will be the successor to the Project known as Spartan

Microsoft Edge was made specifically for Windows 10. It will have features such as built in note taking and sharing and will also have Microsoft’s Cortana digital assistant built in.

As always the new is on its way fast via Build 2015

Windows 10 Windows Updates using P2P Technology

Hey Folks,

It seems that Windows 10 has the capability of downloading Windows updates using a peer-to-peer (P2P) protocol. Seems like a smart move to deliver their software to end users. After all we are all connected these days.

The new option that allows Windows 10 users to enable this feature that will speed up downloads due to its ability to download apps and OS updates from multiple sources to obtain them more quickly. Updates with a Bit-torrent twist.

These setting to be made to allow only updates from local networked peers or anyone available on the internet.

124-Year-Old Patent Reveals The Right Way To Use Toilet Paper

“My invention… consists in a toll of wrapping paper with perforations on the line of the division between on sheet and the next, so as to be easily torn apart, such roll of wrapping paper forming a new article of manufacture.”

For once I can prove to my wife that I am right.

The patent by New York businessman Seth Wheeler illustrates the proper position of the toilet paper roll.

 

A big thanks to Owen Williams shared the discovery Monday on Twitter and assisting me in winning my first debate with my wife.