All streams
Search
Write a publication
Pull to refresh
879.42
Global rating

Information Security *

Data protection

ArticlesPostsNewsAuthors
Show first
Rating limit
Level of difficulty

Espressif IoT Development Framework: 71 Shots in the Foot

Reading time28 min
Views1.1K
PVS-Studio corporate blogIOTC * C++ * Information Security *

0790_Espressif_IoT_Development_Framework/image1.png
One of our readers recommended paying heed to the Espressif IoT Development Framework. He found an error in the project code and asked if the PVS-Studio static analyzer could find it. The analyzer can't detect this specific error so far, but it managed to spot many others. Based on this story and the errors found, we decided to write a classic article about checking an open source project. Enjoy exploring what IoT devices can do to shoot you in the foot.

Read more →
Total votes 1: ↑1 and ↓0+1
Comments0

ONLYOFFICE Community Server: how bugs contribute to the emergence of security problems

Reading time12 min
Views982
PVS-Studio corporate blog.NET * C# * Open source * Information Security *
image1.png

Server-side network applications rarely get the chance to join the ranks of our reviews of errors found in open source software. This is probably due to their popularity. After all, we try to pay attention to the projects that readers themselves offer us. At the same time, servers often perform very important functions, but their performance and benefits remain invisible to most users. So, by chance, the code of ONLYOFFICE Community Server was checked. It turned out to be a very fun review.
Read more →
Total votes 2: ↑1 and ↓1+2
Comments2

Russian microcontroller K1986BK025 based on the RISC-V processor core for smart electricity meters

Reading time10 min
Views7.3K
Миландр corporate blogInformation Security * Language localisation * Manufacture and development of electronics *
Welcome to RISC-V era!

Solutions based on the open standard instruction set architecture RISC-V are currently increasing their presence on the market. Microcontrollers from Chinese colleagues are already in serial production; Microchip is offering interesting solutions with FPGA on board. The ecosystem of software and design tools for this architecture are also growing. Seeming previously unshaken leaders have more often found themselves in resale ads, while young startups attract multi-million investments. Milandr also got involved in this race and today began supplying interested companies with samples of its new K1986BK025 microcontroller based on the RISC-V processor core for electricity meters. Well here we go, pictures, characteristics and other information, as well as a little bit of hype under the cut.


Read more →
Total votes 9: ↑9 and ↓0+9
Comments0

Unicorns on Guard for Your Safety: Exploring the Bouncy Castle Code

Reading time7 min
Views975
PVS-Studio corporate blogInformation Security * Development Management *
image1.png

Would you like to see a new batch of errors found by the PVS-Studio static analyzer for Java? Then keep reading the article! This time the Bouncy Castle project is to be checked. The most interesting code snippets, as usual, are waiting for you below.
Read more →
Total votes 1: ↑0 and ↓1-1
Comments0

SIEM Solutions Overview (Security Information and Event Management)

Reading time11 min
Views2.5K
ROI4CIO corporate blogInformation Security * Software
Recovery Mode

Modern corporate IT infrastructure consists of many systems and components. And monitoring their work individually can be quite difficult — the larger the enterprise is, the more burdensome these tasks are. But there are the tools, which collect reports on the work of the entire corporate infrastructure — SIEM (Security Information and Event Management) system in one place. Read the best of such products according to Gartner experts in our review, and learn about the main features from our comparison table.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments1

Checking Clang 11 with PVS-Studio

Reading time10 min
Views868
PVS-Studio corporate blogC++ * Open source * Information Security * Compilers *
PVS-Studio: I'm still worthy

Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
Read more →
Total votes 3: ↑2 and ↓1+1
Comments0

Why code reviews are good, but not enough

Reading time3 min
Views950
PVS-Studio corporate blogC++ * Information Security * Programming *
image1.png

Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
Read more →
Rating0
Comments0

The 2020 National Internet Segment Reliability Research

Reading time9 min
Views9.6K
Qrator Labs corporate blogIPv6 * IT Infrastructure * Information Security * Network technologies *

The National Internet Segment Reliability Research explains how the outage of a single Autonomous System might affect the connectivity of the impacted region with the rest of the world. Most of the time, the most critical AS in the region is the dominant ISP on the market, but not always.

As the number of alternate routes between AS’s increases (and do not forget that the Internet stands for “interconnected network” — and each network is an AS), so does the fault-tolerance and stability of the Internet across the globe. Although some paths are from the beginning more important than others, establishing as many alternate routes as possible is the only viable way to ensure an adequately robust network.

The global connectivity of any given AS, regardless of whether it is an international giant or regional player, depends on the quantity and quality of its path to Tier-1 ISPs.

Usually, Tier-1 implies an international company offering global IP transit service over connections with other Tier-1 providers. Nevertheless, there is no guarantee that such connectivity will be maintained all the time. For many ISPs at all “tiers”, losing connection to just one Tier-1 peer would likely render them unreachable from some parts of the world.
Read more →
Total votes 25: ↑25 and ↓0+23
Comments0

The hunt for vulnerability: executing arbitrary code on NVIDIA GeForce NOW virtual machines

Reading time5 min
Views7.2K
Доктор Веб corporate blogAntivirus protection * Information Security * Cloud computing *

Introduction


Against the backdrop of the coronavirus pandemic, the demand for cloud gaming services has noticeably increased. These services provide computing power to launch video games and stream gameplay to user devices in real-time. The most obvious advantage of this gaming type is that gamers do not need to have high-end hardware. An inexpensive computer is enough to run the client, spending time in self-isolation while the remote server carries out all calculations.

NVIDIA GeForce NOW is one of these cloud-based game streaming services. According to Google Trends, worldwide search queries for GeForce NOW peaked in February 2020. This correlates with the beginning of quarantine restrictions in many Asian, European, and North and South American countries, as well as other world regions. At the same time in Russia, where the self-isolation regime began in March, we see a similar picture with a corresponding delay.

Given the high interest in GeForce NOW, we decided to explore this service from an information security standpoint.
Read more →
Total votes 5: ↑5 and ↓0+3
Comments0

Static code analysis of the PMDK library collection by Intel and errors that are not actual errors

Reading time14 min
Views821
PVS-Studio corporate blogC * C++ * Open source * Information Security *
PVS-Studio, PMDK

We were asked to check a collection of open source PMDK libraries for developing and debugging applications with NVRAM support by PVS-Studio. Well, why not? Moreover, this is a small project in C and C++ with a total code base size of about 170 KLOC without comments. Which means, the results review won't take much energy and time. Let's go.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments1

Y messenger Manifesto

Reading time3 min
Views1.1K
Decentralized networks * Information Security *
Recovery Mode

Y messenger - decentralized end-2-end encrypted messenger


We are a team of independent developers. We have created a new messenger, the purpose of which is to solve the critical problems of the modern Internet and the modes of communication it provides. We see users become hostages to the services they have grown accustomed to and we see corporations exploiting their users and controlling them. And we don’t like it. We believe the Internet should be different.
In this Manifesto, we disclose our vision of the Internet and describe what we have done to make it better. If you share our ideas — join us. Together we can achieve more than each of us can alone.

Read more →
Total votes 6: ↑1 and ↓5-2
Comments2

Looking back at 3 months of the global traffic shapeshifting

Reading time9 min
Views3.3K
Qrator Labs corporate blogNetwork technologies * Information Security * IT Infrastructure *
image
There would be no TL;DR in this article, sorry.

Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.

In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.
Read more →
Total votes 26: ↑26 and ↓0+24
Comments0

Safe-enough linux server, a quick security tuning

Reading time10 min
Views2.8K
*nix * Cloud computing * Information Security * Server Administration * System administration *
Tutorial
From sandbox
The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).

What would be the standard quick security related tuning to configure before you install the meat?


release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)


image

Read more →
Total votes 3: ↑2 and ↓1+5
Comments0

This is how you deal with route leaks

Reading time2 min
Views2.9K
Qrator Labs corporate blogInformation Security * Network technologies *
That, we must say, is the unique story so far.

Here’s the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP — Rostelecom (AS12389) — was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.

Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. The route leak was distributed quite well through Rascom (AS20764), then Cogent (AS174) and in a couple of minutes through Level3 (AS3356) to the world. The issue suddenly became bad enough that it saturated the route decision-making process for a few Tier-1 ISPs.

It looked like this:

image

With that:

image
Read more →
Total votes 21: ↑21 and ↓0+19
Comments0

SLAE — SecurityTube Linux Assembly Exam

Reading time17 min
Views2.8K
Assembler * C * Information Security *
image
SecurityTube Linux Assembly Exam (SLAE) — is a final part of course:
securitytube-training.com/online-courses/securitytube-linux-assembly-expert
This course focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to Infosec and can be useful for security engineers, penetrations testers and everyone who wants to understand how to write simple shellcodes.
This blog post have been created for completing requirements of the Security Tube Linux Assembly Expert certification.
Exam consists of 7 tasks:
1. TCP Bind Shell
2. Reverse TCP Shell
3. Egghunter
4. Custom encoder
5. Analysis of 3 msfvenom generated shellcodes with GDB/ndisasm/libemu
6. Modifying 3 shellcodes from shell-storm
7. Creating custom encryptor
Read more →
Total votes 3: ↑1 and ↓20
Comments0

New action to disrupt world’s largest online criminal network

Reading time3 min
Views1.2K
Microsoft corporate blogIT Infrastructure * IT-companiesInformation Security *


Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments0

What would be the future of Android in 2020?

Reading time4 min
Views8.4K
IOTAR and VRDevelopment for Android * Development of mobile applications * Information Security *
Android has always been on the top of the hustle when you think about mobile application development. Android’s smartphone OS Market Share now hovers around 85%. Furthermore, volumes are expected to grow at a five-year CAGR of 2.4%, with shipments approaching 1.41 billion in 2022.

image

Source: Google Images

But before you took the plunge in exploring and riding on the waves of changes or hire an android app developer to develop an app, it is important to understand the trends and its implications on the android application development ecosystem.
Read more →
Rating0
Comments2
1234
5
678

Authors' contribution

Your account

Sections

Information

Services

Support
© 2006–2025, Habr