First off this week, a ransomware named Robinhood has a novel trick up its sleeve. The trick? Loading an old known-vulnerable signed driver, and then using a vulnerability in that driver to get a malicious kernel driver loaded.
A Gigabyte driver unintentionally exposed an interface that allows unfettered kernel level read and write access. Because it’s properly signed, Windows will happily load the driver. The ransomware code uses that interface to turn off the bit that enforces the loading of signed drivers only. From there, loading a malicious driver is trivial. Robinhood uses it’s kernel-level access to disable anti-virus applications before launching the data encryption.
This is a striking example of the weakness of binary signing without a mechanism to revoke those signatures. In an ideal world, once the vulnerability was found and an update released, the older, vulnerable driver would have its signature revoked.
The last Windows 7 Update For Real This Time, Maybe
More news in the ongoing saga of Windows 7/Server 2008 reaching end-of-life. KB4539602 was released this patch Tuesday, fixing the black background problem introduced in the last “final” round of updates. Surely that’s the last we’ll hear of this saga, right?
Not so fast. Apparently that patch has led to multiple Windows Server 2008 machines failing to boot after install. According to Microsoft, the problem is a missing previous patch that updates SHA-2 support.
Apple Mail Exposed Encrypted Emails
Back in November, [Bob Gendler] discovered something disconcerting about how Apple Mail handles encrypted emails. On MacOS, the suggestd service gathers snippets of emails and files, in an effort to more intelligently handle searches and Siri requests. The resulting dataset contains the plaintext of emails, even those that encrypted using GPG. He gave a set of workarounds, and notified Apple of the issue.
Just recently, Apple pushed 10.15.3, and buried in the change log is a note stating that encrypted emails will no longer appear in spotlight searches. [Bob] Did some further testing, and confirmed that the suggestd service now identifies encrypted messages, and deletes snippets taken from those messages immediately.
Gitlab’s GCP DeepDive
Curious about Google’s Cloud Platform, and how security considerations there differ from a more traditional environment? Gitlab did some research into GCP, and it turned into a step-by-step guide to exploring and compromising a GCP project.
There’s a bunch of basic information about GCP, as well as common mis-configurations that make for vulnerable instances. One of my favorites from the write-up: Follow the scripts. If you find a backup script, you not only have some credentials to work with, you also get a copy of the whole filesystem. The guide includes tips on moving to other VMs, as well as a possible path to compromising the whole Google Suite account.
Address Space Layout Randomization (ASLR) is a security enhancement that was added to the Linux kernel in 2005. It randomizes the memory layout of userspace programs, in an effort to make actual compromise harder to achieve. If you have a buffer overflow, for example, how do you write an exploit when the memory layout is different every time a program is run?
The guys over at Wildfire Labs took a look at Linux ASLR, and concluded that it’s still lacking. The main problem is the information available in “/proc/[pid]/*”, and the way security checks are done on those virtual files. The most straightforward example is “/proc/[pid]/maps”, which contains the randomized memory layout. As disclosed in mid-2019, this virtual file would do a permissions check when another application attempted to read its contents, but not when attempting to simply open the file. In practice, this means a non-root application can obtain a file descriptor pointing at the “maps” virtual file, and pass that descriptor to another application. If passed to a setuid root application, the protected information can be freely read, and potentially leaked back to the unprivileged application.
“Setuid root” is worth an aside to explain. Ping is the perfect example: It’s reasonable to allow a non-root user to use the ping command to test network connectivity. Sending an ICMP packet requires a raw socket, which in turn requires root privileges. How do we securely allow a non-root user to access this function? Setuid is a special file permission for executables, that allows the executable to run as root, regardless of the user that launches it. As you can imagine, it takes a lot of care to avoid local exploits in setuid binaries.
While the permissions bypass in the maps virtual file was fixed, the fix wasn’t applied to the rest of the nodes in the /proc structure. The novelty of the Wildfire work is that they found other nodes that can be similarly abused, to retrieve the mapping information. There seems to be some disagreement with kernel devs about whether current mitigations are sufficient, but with a proof of concept published, it’s sure to get sorted soon.
Last up this week is news about way too much data being collected by a Wacom tablet driver. Look forward to a dedicated article from our own Kristina Panos, taking a closer look at this story, and the techniques used to figure out exactly what was going on.
How Starship Delivery Robots know where they are going
(plus how to make your very own 1:8 scale papercraft robot model)
by : Joan Lääne, Mapping Specialist, Starship Technologies
Every September when the new school year starts, many first-graders are a little afraid of the unknown. Not only about starting school and new people they will meet, but also about the journey they need to make each day. They must learn and remember how to navigate the world and the way to and from their classroom by themselves. This can be made easier by a parent who can accompany their child the first few trips back and forth to get them more familiar with the path, usually pointing out some interesting landmarks along the way such as, tall or bright buildings or signs on the pathway. Eventually it will be trivial for the child to go to school and remember the way. The child will have formed a mental map of the world and how to navigate it.
Starship Technologies provides a convenient last mile delivery service with fleets of sidewalk delivery robots navigating the world each day. Our robots have completed over 100,000 deliveries. To get from point A to point B the robots need to plan a route ahead which in turn requires some sort of a map. Even though there are already many publically available mapping systems such as Google Maps and OpenStreetMaps, they have the limitation that they are designed with car navigation in mind and mostly focus on mapping car roads. Since these delivery robots travel on sidewalks, they need an accurate map of where it is safe to travel on sidewalks and where to cross streets just like a child needs a mental map on how to get to school safely and on time every day. So how is this map generated?
The first step of creating a map for delivery robots is scouting the area of interest and generating a preliminary map (2D map) on top of satellite imagery in the form of simple interconnected lines representing sidewalks (green), crossings (red), and driveways (purple) as illustrated in the image below.
The system treats this map as a node graph and it can be used to generate a route from point A to point B. The system can identify the shortest and the safest path for the robot to take and also calculate the distance and time it would take to drive this route. The advantage of this process is that it all can be done remotely before any robots physically arrive on site.
The next step involves showing the robots what the world looks like. Similar to the parent-child analogy, the robots need a little bit of hand-holding the first time they explore an area. When the robot first drives, the cameras and a multitude of sensors on the robot collect data about the world around it. These include thousands of lines which come from detecting edges of different features, for example buildings, streetlight poles and rooftops. The server can then create offline a 3D world map from these lines which the robot can then use. Like the child, the robot now has a model of the world with guide posts and it can understand where it is at any given time.
Since our robots need to cover different areas at the same time to complete all their deliveries, to be efficient various maps need to be put together to create one unified 3D map of given area. The unified map is created piece by piece by processing the different pieces of the new area until eventually the map looks like a huge completed jigsaw puzzle. The server will put this map together based on the line data the robot collected earlier. For example, if the same rooftop was detected by two robots, then the software figures out how it connects with the rest of the map. Every colored line in the image below represents a single piece of a mapping trip added to the map.
The final step of the mapping process, before the robots can drive fully autonomously, is to calculate exactly where and how wide the sidewalk is. This is created by processing the camera images the robot recorded while exploring the area as a reference as well as incorporating the previously created 2D map based on the satellite imagery.
During this process more details are added to the map to accurately define the safe zones for where the robots can drive.
Of course, the world around us is not static. There are daily and seasonal changes in landscape, constructions and renovations, which change the way the world looks. How might this affect the mapped areas for the robots? Actually, the robot’s software handles small to medium changes in the mapped area quite well. The 3D models are robust enough and filled with such vast quantities of data, that a tree cut down here or one building torn down there typically does not pose a challenge to the robot’s ability to localize its position or use the map. And, additionally as the robot drives around each day it continues to gather more data that is used to update the 3D maps over time. But if an area is completely reshaped, or new sidewalks are built, then the solution is simple. The map must be updated using new data gathered by a robot. Then afterwards, other robots can drive autonomously again in the same area as if nothing happened. Keeping maps up to date is crucial to keep the robots driving safely and autonomously.
As you can no doubt tell by now, I really enjoy playing around with the concepts of 3 dimensional space. Ever since I played the first 3D first person shooter computer game (Wolfenstein 3D), the world of 3D in the digital domain became an interest of mine. I wanted to make my own 3D worlds for computer games, so I found ways to edit the existing game levels. Later, I also tried my hand with 3D computer modelling, which I found interesting. With the popularization and affordability of 3D printers, I started physically printing models too. But long before that, during school summer breaks, I loved to do papercraft models of different buildings and vehicles. It was an easy and cheap way to create something with my own hands, yet it was also interesting to see how a 2D layout on a piece of paper, with a little cutting, folding and gluing, can turn into a 3D model. Basically, creating the papercraft of a 3D object or “unfolding” is, in a sense, the reverse of mapping. It is creating the 2D layout of the surface of a 3D object.
Since I have a passion for papercraft I decided to create one for our Starship delivery robots. The goal of making this model is to enable others who might enjoy the same passions I do to create their own version of our delivery robots. Creating a paper model is a fun challenge, and once done it makes for a nice decorative item too. As with generating 3D maps for the robot, the making of a papercraft model requires precision, accuracy, and spatial thinking of how all the parts fit together. Also a good bit of patience.
I have created some instructions for you to create your own papercraft delivery robot and I’d love to see your efforts. Have fun and good luck making your own delivery robot paper model!
Please post a picture of your robot on Instagram and tag @StarshipRobots so I can find them!
Please find the Starship delivery robot papercraft model and instructions here
© Starship Technologies. The design of the Starship® delivery robot and aspect of the technologies described are proprietary and protected by copyright and other intellectual property laws
How Starship Delivery Robots know where they are going was originally published in Starship Technologies on Medium, where people are continuing the conversation by highlighting and responding to this story.
11 Ways Blockchain Will Forever Change Link Building and SEO
There’s been a lot of discussion about blockchain over the past few years and what it means for this industry or that industry. You’ll hear people discuss the potential with which it could revolutionize fields like finance, wealth management, investing, banking, real estate, insurance, payment processing, etc. But it cuts much deeper than this. Blockchain has the ability to fundamentally alter the way businesses and marketers approach important online activities, such as link building and SEO. Do you know what to expect?
So What is Blockchain, Anyway?
If you’re reading this blog, chances are you have a cursory understanding of what blockchain is. However, it’s also possible that you’re a link building or SEO professional and have stumbled upon this resource to learn more about where the industry is going. In that case, let’s provide a basic explanation or refresher on what blockchain is, how it works, and why it’s so important.
For starters, blockchain is basically an incorruptible digital ledger that records and stores economic transactions, as well as any other tangible event that needs a definitive, immutable “receipt” attached to it. If you’re looking for the simplest, non-technical explanation, it’s basically a massive, tamperproof Google Doc spreadsheet that’s shared with the general public. Each time a transaction is made, it goes into the spreadsheet. And since everyone has access to it, there’s never any confusion over who owns a specific asset, how much it was purchased for, when it was sold, etc.
Blockchain gets its name from the idea that blockchain is a collection of individual “blocks” that are chained together to make up a ledger. Each block stores information about a transaction (date, time, dollar amount, etc.). But instead of displaying private and personal information, each individual or business is given a unique digital signature. Furthermore, each block has its own distinguishing code called a “hash.” Each hash is a cryptographic string of characters that’s created by a special algorithm. In addition to recording transactions, the blockchain is used to verify transactions and confirm details of the event.
The Impact of Blockchain on Link Building and SEO
So while you typically hear blockchain discussed within the context of cryptocurrency and financial transactions, it will have far-reaching impacts on every aspect of life and business. This includes digital marketing – especially link building and online SEO. Here’s a look at what to expect moving forward:
- Crack Down on Black Hat Link Building
Link building is one of the most critical aspects of SEO and online marketing. Over the years, it’s also been prone to manipulation and unethical practices. These strategies, which are still in existence today, are referred to as black hat link building. Blockchain has the potential to completely extinguish these unsavory practices.
Instead of would-be online marketers searching “what is link building?” they’ll be more likely to query, “what was link building?” In other words, the strategies of today will be completely replaced with white hat link building methods that are fresh, novel, and different than anything that’s currently happening in the industry. The next section on “smart links” provides one taste of what this could look like in practice.
- Hello Smart Links
Never heard of smart links? Don’t worry – you’re in good company. This is a fairly new concept, but it’ll almost certainly play a significant role in the development of link building and SEO as blockchain technology expands.
Smart links function in much the same way as traditional links, but with one key point of differentiation: They natively track when and with whom the link has been shared. It does so via an embedded “smart contract.”
While we can’t know the precise ramifications of smart links until they’re used in the real world, the belief is that they would give content creators more control over their links and how they can be used. This will ultimately lead to more ethical and collaborative online interactions.
- Dramatic Shift in Affiliate Networks
Affiliate networks, like Amazon Associates, are extremely popular. They work by allowing individuals to build product pages that link back to specific Amazon products. When someone clicks the link and buys the product, the affiliate gets a cut – such as 10 percent of the sale price.
Smart links will render the current affiliate networking strategy useless and decentralize the process. There will no longer be any need for the network. Individuals and businesses can use smart links to track sales and provide immediate compensation.
- No More Click Fraud
PPC advertising is a multi-billion dollar industry. Much of this money filters through Google’s AdWords platform. And while the ROI can be significant for businesses that have deep pockets, click fraud – where competitors or bots click ads to drive up costs – is a serious problem. By one estimate, 20 percent of a marketer’s advertising spend goes towards these fraudulent clicks.
Blockchain has the ability to effectively eliminate click fraud by verifying that every user is legitimate and ensuring that advertisers are only charged for actual click-throughs. It can also verify that ads have been viewed by real people, not bots.
As click fraud becomes less of a problem, businesses will have more incentive to invest in advertising. This will boost ad spend, which will benefit website owners and bloggers who can monetize space on their sites. The result will be mutually beneficial business relationships that keep cash flow cycles well lubricated.
- Better Keyword Research and Analysis
For SEO professionals and business owners, trying to check up on keyword rankings can be very frustrating. Even with all of the advanced analytics platforms out there, it can feel like an uphill battle. Between the location, login status, device type, browser type, and cookies, keyword positions can be dramatically affected between users. Blockchain is coming to the rescue.
Powered by blockchain, SEO tools will be able to track the average keyword position from a variety of scenarios without much problem. And because it’s incorruptible and easily accessible, the result will be fast, accurate keyword rankings that require minimal analysis.
- No More Advertising Middlemen
At the moment, Google has a firm chokehold on the advertising industry. But the reality is that Google is just a middleman taking a massive cut from the businesses/advertisers that are doing the real work.
Blockchain is set to establish greater transparency. This will decentralize advertising and make products and services more accessible to consumers. Google will still make a killing on advertising, but they’ll no longer the gatekeepers.
- Content Trust and Transparency
With all of the worry over fake news, manipulative links, shady reviews, and other questionable online practices, blockchain ledgers will become signals of trust. This will help genuine content creators and authentic businesses show off their transparency and establish stronger connections with the marketplace. We can also expect to see Google and other search engines place an even greater emphasis on trustworthiness as they rank web pages. This will ultimately force businesses to take trust and transparency seriously in order to amplify visibility.
- Blockchain Certificates
For now, blockchain remains a buzzword for the general public – much like the “World Wide Web” was a buzzword in the mid-90s. But before long, internet users and consumers will begin expecting web pages to have blockchain implemented into the code. This means Content Management Systems will have to integrate it into their platforms. Blockchain certificates will become the gold standard of the internet.
- Less Ecommerce Fraud
Ecommerce fraud is a big deal – specifically Card Not Present (CNP) fraud. Retailers are losing billions of dollars per year, and the issue is only getting worse. But once again, blockchain promises to come to the rescue. Smart contracts would ensure only the person initiating the contract is actually who they say they are.
Blockchain could also help prevent situations where buyers purchase items from unknown websites and the person on the other end runs off with the money without actually sending any product. It could potentially act as a sort of “digital escrow” – holding funds until a package is marked as shipped. This would prevent the buyer from losing money without a product, while lessening the seller’s chances of not getting paid.
- Evolving SEO Skillset
For SEOs, link building and marketing will no longer be about trying to decipher Google’s latest algorithmic changes or updates. Tomorrow’s SEO experts will need to be tech-savvy individuals who understand the intricacies of blockchain and how it impacts commerce and decision-making. This will become a much more complex and interconnected field, as opposed to an isolated branch of the marketing world.
- More Trustworthy Environment
When it’s all said and done, the hope is that blockchain will lead to a more trustworthy online environment where users, advertisers, customers, businesses, and even search engines have a greater sense of trust and camaraderie. There will be less fear and fewer people looking over their shoulders. Instead, we’ll all be free to enjoy the beauty of safe, productive online interactions and profitable commerce.
The Future of Link Building and SEO
To precisely speculate what the future of the digital marketing industry holds is to set yourself up for embarrassment. However, one thing we know: Blockchain will have a permanent and significant impact on link building and SEO in the future. We’ve provided a list of 11 specific ways we believe it’ll change the game. Now we just have to wait and see how things unfold. It’s going to be exciting to watch.
The post 11 Ways Blockchain Will Forever Change Link Building and SEO appeared first on ReadWrite.
LoRa Mesh Network with Off-the-Shelf Hardware
An ideal application for mesh networking is off-grid communication; when there’s no cellular reception and WiFi won’t reach, wide-area technologies like LoRa can be used to create ad hoc wireless networks. Whether you’re enjoying the outdoors with friends or conducting a rescue operation, a cheap and small gadget that will allow you to create such a network and communicate over it would be a very welcome addition to your pack.
That’s exactly the goal of the Meshtastic project, which aims to take off-the-shelf ESP32 LoRa development boards and turn them into affordable mesh network communicators. All you need to do is buy one of the supported boards, install the firmware, and starting meshing. An Android application that will allow you to use the mesh network to send basic text messages is readying for an alpha release, and eventually you’ll be able to run Signal over the LoRa link.
Developer [Kevin Hester] tells us that these are still the very early days, and there’s plenty of work yet to be done. In fact, he’s actively looking to bring a few like-minded individuals onto the project. So if you have experience with the ESP32 or mobile application development, and conducting private communications over long-range wireless networks sounds like your kind of party, this might be your lucky day.
From a user’s perspective, this project is extremely approachable. You don’t need to put any custom hardware together, outside of perhaps 3D printing a case for your particular board. The first time around you’ll need to flash the firmware with
esptool.py, but after that, [Kevin] says future updates can be handled by the smartphone application.
Incidentally, the primary difference between the two boards is that the larger and more expensive one includes GPS. The mesh networking side of things will work with either board, but if everyone in your group has the GPS-equipped version, each user will be able to see the position of everyone else in the network.
This isn’t the first time we’ve seen LoRa used to establish off-grid communications, and it surely won’t be the last. The technology is perfect for getting devices talking where there isn’t any existing infrastructure, and we’re excited to see more examples of how it can be used in this capacity.
Top 10 Supergirl Podcasts (TV Series) You Must Follow in 2020
Chancellor Hopefuls Clash in Duel for Post-Merkel Germany
The coronavirus is crushing business. Could insurance lessen the blow?
The Beginner's Guide to LinkedIn Marketing
Best Mortgage Rates
2 Simple Ultimate Oscillator Trading Strategies
Marketing Strategies3 months ago
The Beginner's Guide to LinkedIn Marketing
Finance4 months ago
Best Mortgage Rates
Share Market4 months ago
2 Simple Ultimate Oscillator Trading Strategies
Finance4 months ago
How to Tackle Saving for These 6 Major Life Expenses
Economy5 months ago
What If Tariffs Cost Trump The Farm Vote?
World News1 month ago
The West Blames the Wuhan Coronavirus on China’s Love of Eating Wild Animals. The Truth Is More Complex
Finance3 months ago
Best Interest Rates on Cash – December 2019
Finance4 months ago
20 Gifts for Boys Under $30