Nvidia’s Mental Ray high-performance 3D rendering software has a vulnerability that could be exploited to compromise clusters of specialized computers called render farms, according to researchers from ReVuln.
”There is a vulnerability affecting Nvidia mental ray (raysat) version 184.108.40.206, which allows a malicious user to load arbitrary DLLs on a victim system, thus an attacker can take control over a whole render farm by simply injecting a malicious remote library,” said Luigi Auriemma and Donato Ferrante, security researchers and founders of Malta-based vulnerability research ReVuln, Tuesday in a research paper.
The Nvidia Mental Ray can use CUDA-enabled consumer or professional GPUs like the Nvidia GeForce, Quadro, and Tesla models for parallel rendering. It’s commonly used in the film industry for CGI (computer-generated imagery) effects, but also in industries that rely on computer-aided design (CAD).
Mental Ray is available as a stand-alone application for Windows, Mac and Linux that can be installed and used on dedicated render machines. However, it is also integrated into third-party software like Autodesk 3ds Max, Autodesk Maya, Cinema 4D and others.
A render farm’s computing power varies depending on its size. Industrial Light Magic, an American visual effects company, used a render farm with access to 5,700 processor cores when it worked on the Transformers 2 movie in 2009.
On Windows, Nvidia Mental Ray runs as a system service and listens for incoming connections on port 7520, the ReVuln researchers said. To exploit the vulnerability an attacker just needs to send a malicious packet to the affected systems from a compromised computer on the same network, they said.
Post-exploitation scenarios could include using compromised render farms for password cracking or mining bitcoins, since both tasks can be distributed across many GPUs, the researchers said.
An example of a malicious packet that triggers the vulnerability in the Mental Ray software was included in ReVuln’s research paper, but the company did not report the issue to Nvidia. ReVuln discloses the vulnerabilities found by its researchers publicly or sells the information to third parties through a subscription-based vulnerability intelligence service.
Nvidia did not immediately respond to a request for comment.
All of the network’s Web features, including meme and GIF generators, are available on the apps. They were also available on the mobile-optimized Socl site before the apps launched, so Microsoft didn’t stray too far from the beaten path.
If you’ve never used Socl before, you’re not alone. The network lets users create a variety of different kinds of posts, ranging from GIFs and memes to collages and “video parties,” or playlists of videos. Many of the site’s users appear to either be newcomers, judging by their posts and lack of followers, or community managers.
The apps were released quietly on Monday, so maybe Microsoft is still operating Socl in stealth mode and giving it time to grow organically. But with social start-ups like Snapchat and Imgur proving that fame isn’t exactly a slow-moving beast, Socl needs more than just a trio of apps to convince people they need yet another social network in their lives.
Socl still hasn’t figured out its niche. At least Google+ is tying its fate to photo-sharing —Socl doesn’t have much of a base to stand on, even with the creative features and apps.
The Dutch Minister of the Interior and Kingdom Relations will question the U.S. Embassy over the purpose of its rooftop antennas, the minister wrote in a letter to the House of Representatives Monday.
Minister Ronald Plasterk will question the embassy after concerns were raised that the antennas can be used to intercept data from mobile phones used in the nearby Ministry of the Interior in The Hague and the Binnenhof, where the houses of parliament are located.
The issue was raised by the Dutch radio show “Met het Oog op Morgen” (“With an Eye on Tomorrow”) and led to formal questions in the House on Nov. 18.
While it is technically possible to intercept phone traffic from a nearby building, that does not mean that is actually happening, wrote Plasterk in response to those questions. It is common for embassies to use antennas for their own communication, he added.
Foreign powers are not allowed to conduct intelligence operations on Dutch soil unless they have the necessary approval, said Plasterk. Operations conducted without that permission are “unacceptable,” he said. But there is no reason to currently assume that the U.S. does not comply with the agreements, he added.
Nevertheless, Plasterk said he would ask the embassy for clarification, adding that he would brief the House about the outcome.
The Ministry of the Interior could not immediately respond to a request for comment. The U.S. Embassy could not be reached for comment.
The Dutch action follows a report from the Italian magazine L’Espresso last Friday that claimed that the U.S. National Security Agency has been spying on Italian communications from installations on the roof of the U.S. Embassy in Rome and the consulate in Milan.
In late October, a report in Germany’s Der Spiegel claimed that not only did U.S. intelligence agencies listen in on Chancellor Angela Merkel’s mobile phone conversations, but they also used the U.S. Embassy in Berlin as a listening station. A special unit of the CIA and NSA can monitor a large part of mobile phone conversations in the government quarters from the roof of the embassy, Der Spiegel reported.
Both the Italian and the German spying reports were based on documents provided to reporters by former NSA contractor Edward Snowden.
On any given day cybercriminals and nation states are in possession of as many as 100 zero-day software exploits known only to them, NSS Labs has calculated using the commercial vulnerability market as a baseline.
NSS Labs research director Dr. Stefan Frei reached this startling conclusion after studying at up to ten years’ worth of software vulnerability data from the two firms that pioneered the market for purchasing flaws from researchers, iDefense (which started its program in 2002) and TippingPoint (which started in 2005 and is now owned by Hewlett-Packard).
NSS found that iDefense’s Vulnerability Contributor Program (VCP) and HP TippingPoint’s Zero Day Initiative (ZDI) have from birth to late September 2013 published a total of 2392 vulnerabilities with an average time from purchase to public disclosure of 133 days for the VCP and 174 days for the ZDI.
In Frei’s view, this confirms the conventional wisdom that serious zero-day flaws are remaining private and potentially exploitable in attacks for long periods of time; if legitimate vendors take an average of 153 days or five months to make flaws public, cybercriminals are surely able to keep them secret for even longer.
In the case of iDefense and HP TippingPoint, the timescales are dictated by internal rules on disclosing the flaws they buy to affected vendors. However, one might also uncharitably conclude that the software industry is still dragging its feet when it comes to issuing patches.
As an interesting aside, Frei’s research offers some detail on the significant influence these two firms have on the flaws being fed into public domain patching cycles which serve as a partial vindication of their once-controversial programs.
Microsoft, for example, received 390 flaws from the pair, equivalent to 14 percent of its total over the ten years reviewed. The equivalent percentage for Apple over the same period was 10 percent; Adobe, 17 percent; SAP, 13 percent; Symantec, 18 percent; Hewlett-Packard, 19 percent; and EMC, 38 percent; to pick only a few.
Put another way, the vulnerability programs of only two small firms have brought to light a remarkably high percentage of unknown flaws. There were considerable differences in how quickly each affacted vendor reacted to such disclosures with most firms taking months to issue a patch.
Frei then turns to the thorny issue of what all this might tell us about the “known unknown” of the zero-day flaws that are discovered by or sold to criminals groups or nations looking to hack their rivals.
His approach was to use the commercial vulnerability programs as a best case for calculating the number of nondisclosed flaws that might exist at any one moment in time. Taking August 1, 2012 as a test example in the case of the VCP this turns out to be 20 purchased but undisclosed flaws while the ZDI had 93 in its queue.
Averaged over the last three years for only major software vendors, the figure on any given day was 58.
Extrapolating these numbers to the entire universe of serious undisclosed flaws is tricky not least because other firms such as Google, Mozilla, Facebook and more recently Microsoft and Yahoo also now pay researchers for critical flaws, but it is a reasonable inference that only a small part of the iceberg is visible.
”It is NSS’ belief that the figures represent only a minimum estimate of the number of ‘known unknowns’ and of the amount of time that users are exposed to them,” said Frei, who believes the number of flaws not known about on any given day was around 100.
”Some of the parties involved in the exploitation of vulnerabilities have no desire to coordinate vulnerability information with the affected vendors, potentially using this information for offensive operations,” he added.
Not all of these entities are criminal and includes smaller boutique research and software broker firms running their own paid and reverse-engineering programs, defense contractors, and of course government agencies such as the NSA. Some of these flaws will come to the notice of the affected vendor through other channels, while many others will surely not.
”It is safe to assume that cyber criminals and government agencies primarily purchase vulnerabilities and exploits that target prevalent products from major vendors. Therefore, these “known unknowns” pose a real and present threat to the security of corporate and private software users,” Frei concluded.
His recommendations are that the scale of the vulnerability and zero-day problem is now so vast that businesses can’t simply rely on patching cycles to dig them out of trouble. Cybercriminals are too far head on vulnerabilities and firms should assume they will fall prey to unknown vulnerabilities and direct their effort to spotting the results of breaches once they happen.
It would also be unwise to assume that the greatest threat comes from nation states which are certainly not the only entities with money to spend buying zero-days from black hat researchers, according to Frei.
Modern games deliver awesome graphics, but the visuals are only half of the gaming experience. Studies have shown that audio quality can shape your perception of the entire gaming experience. When a high-quality soundtrack reaches your ears, your brain will also perceive the game’s graphics to be of higher quality.
Audio quality can affect your gaming experience in other ways, too. Without good audio, you won’t hear enemies approaching or hiding behind cover. You might not hear your teammates as they try to coordinate with you or give you instructions, and they won’t hear you clearly, either. And you’ll lose that sense of immersion in the game world that turns a good gaming experience a great one. A high-quality headset is just as important as a good graphics card, keyboard, and monitor.
Audiophiles want the best quality they can get, and gamers need the best tech available. Top-of-the-line headsets deliver both. Whichever camp you’re in, the first choice you need to make is between a stereo headset and a surround-sound headset. Stereo—independent sound from the left and right channels—is the more common option, but it can’t match the realism of surround sound.
Headsets that use surround-sound technology simulate realistic room acoustics through digital signal processing. They trick your brain into thinking that sound is coming from specific locations in the environment. It’s a great sensation and can be really helpful in games—when it works. If the designer handles the encoding poorly, however, it can create myriad artifacts and distortions that make audio enthusiasts cringe.
Once you’ve made that decision, focus on comfort. A headset should fit your noggin the way your favorite sweatshirt fits your torso. A too-heavy headset will pull down on the top of your head and strain your neck, turning you into a broken bobble-head. The headband should be well padded, and the ear cups should cover your ears completely to keep sound in and background noise out.
Natural materials such as cloth mesh and leather (especially lambskin) are the most comfortable to wear for long gaming runs. Vinyl and other types of faux leather tend to peel and crack with age, and they can irritate sensitive skin after several hours.
You can connect a headset to your PC in one of two ways: with a USB connector or with jacks (typically, 1/8-inch jacks). USB keeps the audio signal in the digital domain until it reaches a digital-to-analog converter, which can be inline with the cable or inside the headset. These designs prevent electrical noise from the PC’s motherboard and other components from contaminating the audio signal. If you’ve invested in a high-end sound card, or a motherboard designed to isolate its onboard audio components from electrical interference, a good analog headset will deliver excellent audio quality.
Don’t forget the element that turns a pair of headphones into a headset: the microphone. Communication is huge in multiplayer games, so a good mic is invaluable. A flexible stalk will enable you to position it comfortably near your mouth when you need it, and easily shunt it aside when you don’t.
Extra features are the icing on a headset cake. Inline controls provide a convenient way to adjust the volume and mute the mic when you don’t want to broadcast your conversation. A removable microphone allows you to comfortably use the headphones with a digital media player while on the go. And an equalizer or client software can let you establish sound profiles for whatever you’re listening to—games, movies, or music.
Escape the never-ending ambient sounds of holiday music and squabbling families by throwing on your new headset and blasting away in-game baddies while enjoying sweet high-definition audio.
Here’s just the latest verse in the ongoing ditty dubbed “No, seriously, check those Android app permissions.”
On Thursday, the FTC announced that it has reached a settlement with Goldenshores Technologies, LLC, the developer of the super-popular “Brightest Flashlight Free” app—an app that has been sharing Android users’ unique device IDs and precise physical location with advertisers.
“The company deceived consumers by presenting them with an option to not share their information, even though it was shared automatically, rendering the option meaningless,” the FTC statement reads. That’s wonderful, especially when you consider the silly little app was downloaded more than 50 million times over.
SlideShare, a site for posting, sharing, viewing, rating and commenting primarily on business presentations, has given a makeover to its homepage.
The changes, which include larger, more visually appealing thumbnails of presentations’ title pages, are designed to increase people’s usage and engagement on the site.
”We want to make it easy to discover, fun to share and beautiful to present on SlideShare,” said John Loof, an associate product manager at SlideShare.
Other new homepage features include the ability for users to like, save and share presentations by clicking on their title page thumbnail images. A small photo of the presentation’s author will also be part of the thumbnail title page.
SlideShare’s homepage features content picked by its editorial staff, and now those hand-selected presentations will be organized by topics including business, entertainment, technology, education and careers.
SlideShare also announced on Thursday that its members have now uploaded more than 15 million presentations and other documents to the site, and that the interface is now available in Portuguese.
Loof said the team is working on further integrating SlideShare with LinkedIn, which acquired SlideShare in March of 2012. It’s currently possible for SlideShare members to log into the site using their LinkedIn account credentials.
When security researcher Dragos Ruiu claimed malware dubbed “badBIOS” allowed infected machines to communicate using sound waves alone—no network connection needed—people said he was crazy. New research from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he’s all too sane.
As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!
The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio “mesh” network, similar to the way Wi-Fi repeaters work.
While the research doesn’t prove Ruiu’s badBIOS claims, it does show that the so-called “air gap” defense—that is, leaving computers with critical information disconnected from any networks—could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware.
Transmitting data via sound waves has one glaring drawback, however: It’s slow. Terribly slow. Hanspach and Goetz’s malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information.
“We use the keylogging software logkeys for our experiment,” they wrote. “The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.”
In another test, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the “attacker” via email.
Now for the good news: This advanced proof-of-concept prototype isn’t likely to work its way into everyday malware anytime soon, especially since badware that communicates via normal Net means should be all that’s needed to infect the PCs of most users. Nevertheless, it’s ominous to see the last-line “air gap” defense fall prey to attack—especially in an age of state-sponsored malware run rampant.
Lead microphone image: visual.dichotomy via Flickr/Creative Commons
Not all the best deals in tech happened last week. We’ve culled the Internet to find bargains for you this Cyber Monday on HDTVs, phones, cameras, tablets and more.
For instance, carriers are selling several top Android phones free or almost free (with two-year contracts), and at least one pro camera deal packs value with extra lenses and memory cards.
Let’s start with an HDTV deal.
A new zero day flaw in Windows XP and Server 2003 is being exploited in the wild to bypass the sandbox on unpatched versions of Adobe Reader, security firm FireEye has reported.
According to the firm’s analysis, the vulnerability allows for a standard user running XP SP3 to elevate privileges to admin level, allowing a targeted attack on users running Reader versions 9.5.4, 10.1.6, 11.0.02 and before using a malicious PDF.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights,” said Microsoft in a separate advisory (2914486).
In other words, attackers hitting this flaw can beat Adobe’s sandbox by routing their sneakiness via a lower-level call through the OS itself.
The issue has been designated CVE-2013-5065 and an out-of-band patch looks like a distinct possibility given its seriousness.
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs,” said Microsoft’s advisory, dropping a heavy hint that early action was likely.
In order to fix the problem, users are advised to update Adobe Reader to a later version or simply abandon Windows XP for Windows 7 or 8.
News of the issue will be taken as further confirmation that users need to get off XP although privilege elevation flaws can in principle affect any OS from time to time. They have become rarer in recent years, hence their importance when they surface.
A month ago Microsoft’s Q3 Security Intelligence Report (SIR) found that XP was not only more likely to encounter malware but significantly more likely to fall prey to it all things being equal. Later versions of Windows—especially Windows 8—are architected with a greater level of low-level security designed to beat off some attacks.
Microsoft is urging all Windows XP users to upgrade because it is retiring the operating system and on April 8, 2014 will no longer supply even security upgrades.