Technology
Inside the New WhatsApp Buffer Overflow Vulnerability
Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.
However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.
To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.
A Brief History of WhatsApp Security
The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.
This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.
This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.
The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.
The Newest WhatsApp Vulnerability
The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.
This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.
Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.
Protecting Against Buffer Overflow Vulnerabilities
Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.
The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.
Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.
Technology
How Virtual Fly Elevates the World of Flight Simulators
Flight simulation has soared in popularity in recent years, offering a thrilling and realistic experience for aspiring pilots, seasoned aviators, and anyone with a passion for the skies. At the forefront of this revolution stands Virtual Fly, a company dedicated to pushing the boundaries of flight simulation technology and providing unparalleled experiences for a global clientele.
Virtual Fly goes beyond simply manufacturing flight simulators. They are a comprehensive one-stop shop for everything aviation-related. Their affiliation with Aircatglobal Aeronautical Group allows them to leverage expertise across various sectors, from aircraft and UAV distribution to flight schools and cutting-edge research and development. This holistic approach ensures their flight simulators are informed by real-world knowledge and cutting-edge advancements.
Professional-Grade Precision
Virtual Fly core strength lies in their professional-grade flight simulators. These meticulously crafted machines are not your typical home video game setups. Designed with the needs of professional pilots and training institutions in mind, Virtual Fly’s simulators offer unparalleled realism and accuracy.
Their flagship product, the Solo Pro A, is a shining example. This FAA-approved Flight Training Device boasts an immersive, all-in-one analog cockpit panel. This translates to a realistic flying experience that closely mimics the controls and instruments found in actual aircraft. This level of fidelity is crucial for professional pilots to hone their skills and maintain proficiency, particularly during emergency scenarios or instrument training.
Beyond Professional Training
Virtual Fly’s reach extends far beyond the professional realm. Their flight simulation solutions cater to a diverse range of users, including aspiring pilots, aviation enthusiasts, and even those seeking a unique entertainment experience.
For those with dreams of taking to the skies, Virtual Fly’s simulators offer a safe and realistic environment to learn the fundamentals of flight. Beginners can grasp the complexities of cockpit procedures, understand instrument functionality, and gain valuable experience before ever setting foot in a real aircraft.
Unmatched Quality and Support
Virtual Fly doesn’t just create exceptional flight simulators; they stand behind their products with unwavering commitment. Their dedicated support team ensures a seamless experience, offering assistance with setup, troubleshooting, and any technical challenges that may arise. This level of customer service ensures their clients can focus on what truly matters – experiencing the exhilaration of flight simulation.
A World of Possibilities
Virtual Fly’s commitment to innovation extends beyond hardware. They recognize the importance of a robust software ecosystem to power their simulators. They ensure compatibility with popular flight simulation platforms like MSFS, P3D, and X-Plane, allowing users to explore a vast array of virtual landscapes and aircraft types. This flexibility caters to individual preferences and training needs.
The Future of Flight
Virtual Fly is a company on the rise, constantly pushing the boundaries of what’s possible in flight simulation technology. They are a driving force in the industry, dedicated to creating realistic, accessible, and educational experiences for a global audience. Whether you’re a seasoned pilot, an aspiring aviator, or simply someone with a passion for flight, Virtual Fly offers a gateway to the skies, allowing you to experience the thrill of flight simulation firsthand.
Health
The technological advances in physical and occupational physiotherapy that you should know about
Technology has reached all areas of human life to help us carry out various tasks and to make everyone’s lives easier in different ways. These advances are also in medicine and in the different therapeutic treatments that are used to improve various ailments. Learn what the most advanced methods are and how you can use them.
Health is the most precious thing for every person; extreme care must be taken to ensure the correct functioning of the body. There are many ways and procedures aimed at treating various conditions and helping to stay healthy, which have been significantly enhanced thanks to advances in technology.
The area of physiotherapy is one of those that has taken the best advantage of technological advances, and it has raised the quality and effectiveness of its therapies and procedures to levels never before experienced. Thanks to them, physical and occupational physiotherapy has improved substantially and is increasingly valued for the treatment of various health cases.
Physiotherapy programs for physical rehabilitation
Currently, there are various physical therapy software programs that help patients recover and improve their physical functionality quite efficiently. There is advanced software, with a wide range of physical exercises based on virtual reality, which are designed to promote the progressive and effective recovery of those who find themselves in the need to use them.
Digital physical rehabilitation software includes analytical and functional exercises, which can be used in the rehabilitation of neurological patients, in the recovery of musculoskeletal injuries, in the prevention of falls, in programs against premature ageing and even with children that suffer these types of ailments.
Advantages of using software in physiotherapy
Physiotherapy computer programs are health products, specially designed by professionals, specifically for clinical use. They offer many advantages, among which the following stand out:
- Enjoy the therapy sessions: the gamification that can be achieved with new technologies applied to physiotherapy turns the sessions into truly fun moments, which increases the patient’s motivation and their active participation in performing the corresponding exercises.
- Rehabilitation quantification: all kinematic parameters, such as joint ranges, measurement of the base of support, centre of gravity, number, and characteristics of steps, among others, can be consulted in detail at any time during the therapy. Additionally, they can generate detailed clinical reports on each patient, which can be printed or exported in PDF format.
- Remote sessions: technological advances have reached such high levels that they now open the possibility of applying remote sessions to the patient, thanks to the corresponding home exercise program software for physical therapy designed for this purpose. In this way, treatment can be reinforced with home sessions, which are also monitored and allow remote management, even from the centre itself. This has greatly benefited patients that have mobility problems.
Physical therapy home exercise programs are digital tools that help therapists and patients develop personalised exercise plans from the comfort of their homes. They provide a wide variety of benefits and features that improve rehabilitation and accelerate recovery.
Physiotherapists can decide with which patients and how to develop the digital physical rehabilitation exercises available to them, which can be personalised and adapted according to the needs of each patient.
Occupational therapy software programs
The occupational therapy software programs offer a multitude of resources and tools for therapists and patients, including simulations of everyday tasks, virtual activities to improve fine motor skills, time management strategies, and hand-eye coordination exercises, among others.
One of the main resources used is related to immersive virtual rehabilitation, which allows training various functions of the hand and different movements of the upper extremities that workers perform in their corresponding tasks. To do this, virtual reality and specialised programs are used that simulate environments similar to those they face on a daily basis in their jobs.
These occupational therapy software programs also include patient progress monitoring and assessment tools. They are digital solutions that improve the efficiency of occupational therapy by providing interactive virtual environments and resources tailored to the individual needs of each patient.
Personalization of rehabilitation programs
An important advantage offered by technological advances in this area is the possibility of having personalized rehabilitation programs, which therapists can use to adapt treatments to each patient’s purposes and abilities.
The personalization of rehabilitation programs substantially improves the effectiveness of treatments by addressing the unique needs of each patient. Additionally, this rehabilitation software provides useful resources to monitor and adjust as patients progress in their recovery.
This capacity for adaptation and personalization favours a firmer rehabilitation and speeds up the return to normal functionality of the treated people.
It is a feature that offers various benefits, such as the possibility of applying more individualised approaches, which guarantees that the exercises are safe, effective, and appropriate to promote recovery, and the optimization of results, as they are exercises designed specifically to meet each patient’s needs. .
They also generate greater motivation and adherence, by considering the interests, preferences, and goals of each individual treated, and help prevent additional injuries, since the exercises are adapted to the individual capabilities and limitations of each person.
In conclusion, physical and occupational therapy software has transformed the way rehabilitation is performed on people today. They are digital tools with a wide variety of features that improve the efficiency and personalization of treatments, tailoring the perfect exercise routine for each patient’s needs.
They cover various areas, from home exercise programs to creating personalized exercise plans, facilitating faster and more effective recovery for patients. But, these advances do not stop and aim to continue towards levels that cannot even be imagined, so we can count on an even more promising future in this important area of health.
Do not think about it anymore, if you are suffering from any ailment that could benefit from remote therapy, or know of someone that does, check this software today and see how your life can easily improve thanks to the help of the experts behind them. Your health will thank you.
Technology
What are spamtraps and how to get them off your mailing list for good?
There is a silent enemy that many companies face and that focuses directly on the contact list. It is spamtraps. These are emails that are meant to catch spammers, but negatively influence mass mailings. Today we are going to find out why, and we are going to assess some actions that are easy to do to get them out of the way.
Mailing lists are generally formed by people who are interested in using a product or service of a company and who subscribe voluntarily. However, it can happen that an email appears normal-looking, but it is a spammer detector. When an email is sent to these addresses, they block it, causing a negative impact on the reputation of the brand that sent it.
Spamtraps are traps for emails, in short. They do not belong to any real person, and their only function is to block the sender of the email and mark him or her as a spammer. In this way, the brand is affected, even if the content sent has nothing to do with spam. These exist on all existing email platforms, such as Gmail or Yahoo.
Characteristics of spam traps
Although there is no simple way to find out which of the emails on your list are spamtraps, you can assess some characteristics that lead to the most frequent spamtraps. Here we can see elements such as:
- No direct relation to a person: people generally put their names when creating their emails. Although this does not happen in 100% of cases, it could be an important factor to consider if you see some emails made up of meaningless letters and numbers, for example.
- Emails with generic names: Generic names are not a good sign, even though many companies use them as a means of communication. To separate those that are real from those that are not, it is possible to check the domain of which the emails are part. For example, there may be emails in a list that start with the word sales@XXXXXX. What completes the part of the X’s will tell us what the chances are that it is a spamtrap. In any case, be aware that it is very unlikely that a company will subscribe to a newsletter using this type of email.
- Abandoned emails: Technology has come a long way in recent times, and this has led to the use of new ways of communicating. Nowadays, it is very unlikely that there are people who subscribe to a list with a Hotmail email address. It is therefore essential to check, if you have one, that it is not an abandoned email that can be used with ISPs because they are no longer in use.
- Misspelled emails: This is a very common situation that occurs, especially when double confirmation is not used. In this case, it is possible that a person enters the mailing list with a misspelled entry and then the result is an email that ends, for example, in @gml.com. You have to be very careful with these. The recommendation is to always run the confirmation to ensure that it is a real and operational address.
Actions to take to verify spamtraps on the mailing list
Now that we have an idea of what we can look for in the list and target what looks the most suspicious, we can define a series of actions to take in order to detect whether the list is clean or whether there are any harmful elements present.
The first thing to do is to review your entire contact list. This can be a tedious task when you have a large number of subscribers, but it is worth the effort. If in this first step you got several suspicious emails, you should flag them to check their behaviour in the following points.
Then, it will be time to evaluate the results of the email marketing campaigns sent previously. In these campaigns, you will get a history of very interesting data that will tell you how many people generally open the emails, those who do not, etc. The important thing here is to assess whether the values shown in the history are more or less constant or have suffered a significant decrease in recent days. If this is the case, it could be due to spamtraps.
It is common for these problems to become apparent when a number of new users join the list. It is possible that among them there is an email that works as a spam trap. The simplest solution to recognize if this is the problem is to perform a segmentation and send an email to the members of this new list and verify the results.
Finally, you will need to check if the domain you are using is on the block list. This is an essential step to know if you really have a problem or not. Doing this on a regular basis is key to avoiding problems.
Segmentation as a working strategy
Working with email marketing software that allows the segmentation of the mailing list is a benefit that will remove problems later and, of course, spamtrap detection is one of them. Thanks to segmentation, it will be possible to create groups of users to whom certain campaigns are sent and evaluate the response they have.
Mailrelay is the best option in this regard because it offers the possibility to segment and also to validate the statistics. With the statistics you can measure the percentage of clicks that were made and that can give us an important guide, since this is an action that can only be performed by real people.
Nowadays, there are already robots capable of opening emails that arrive at your server, so the open rate is no longer a valuable statistic in this regard.
After you are clear about which contact segments are performing well, you can continue to work with them as normal and separate those that are not performing well to validate them later. It is better to keep fewer subscribers than to risk having your domain blocked and losing your entire list.
-
Business10 months ago
Learn English quickly and effectively with the Callan Method
-
Sports11 months ago
A-Champs Reaction Training Lights: Your Path to Soccer Excellence
-
Travel10 months ago
Discover the finest tours across Morocco: an adventure oasis
-
Travel11 months ago
Discovering Valencia and the Valencian Community: an unforgettable holiday experience
-
Sports10 months ago
Body Armor Plates – Essential Considerations for Selecting the Right Protection
-
Travel8 months ago
Immerse Yourself in Nature: Explore Forest Bathing with a New Guidebook
-
Europe8 months ago
Barcelona and Athens: cities that will leave an everlasting impression
-
Sports10 months ago
Elevate Your Game: Unlocking the Power of A-Champs Reaction Training Lights in Soccer Training