The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Tag: Technology Page 2 of 4

What Is WinRAR Bug?

By

On January 29, 2020

In Security

WinRAR is a commonly used software for creating and extracting archives on Windows and other supported OS. The main reason for the popularity of the software is that it is capable of supporting different types of packing formats. Thus, the software has over 500 million users. However, the software was found to be corrupted by a bug which was named ‘WinRAR Bug’.

1. When Was WinRAR Bug Discovered?

The bug was discovered in early 2019; however, the bug itself was 19-years old at the time of discovery. The bug was discovered by security research run by ‘Check Point Research’.

2. What Is WinRAR Bug?

It is a code execution vulnerability (CVE 2018-20250). The code was used to extract the ACE archive format (which is now rarely used). The library that is responsible for the vulnerability is UNACEV2.DLL. The library had not been updated since 2005. Also, it was a third-party library so, WinRAR did not have access to the source code. This made it troublesome to amend the vulnerability.

3. What Does It Do?

  • The vulnerability can be exploited by pushing specially prepared archives to the user system.
  • The hackers can manipulate WinRAR by renaming an ACE file with a ‘rar’ extension.
  • The vulnerability now enables hackers to extract files to any folder instead of the default or user-selected folder.
    Hackers extract malware loaded files to the Windows start-up folder.
  • The malware is executed at the next start of the system.

4. What Are The Examples Of Cyber Attack Campaigns Launched To Exploit WinRAR Bug?

  • The vulnerability was exploited by hackers to launch more than 100 targetted attacks. Some of the examples are:
    One such attack uses a bootlegged copy of Ariana Grande’s hit album ‘Thank you, Next’ with a file name ‘Ariana_Grande-thank_u,_next(2019)_[320].rar’ which contains a hidden malware code. Whenever a compromised version of WinRAR is used to extract the files, a list of harmless MP3 files is downloaded to the user’s selected folder, while the malware payload is extracted in the Windows Startup folder in the background without the user’s knowledge. When the user starts his system next time, the payload is run to launch the malware code.
  • Apart from general attacks, the hackers also used this vulnerability to target government agencies by embedding technical documents, law documents and other such archives with malicious code.

5. How To Get Rid Of The Bug?

WinRAR has launched a new version ‘5.70 beta 1’ with patched vulnerability. Since WinRAR did not have access to the source code of the culprit directory, the team has completely deleted this directory from the new version. Thus, ACE format support has been dropped from WinRAR in order to protect the users.

Also, all the WinRAR versions that were launched prior to ‘5.70 beta 1’ are prone to the vulnerability and WinRAR does not have an auto-update feature. So, it is advised to manually download the new version to avoid being a victim of exploits based on WinRAR bug.

For more information on computer and network security for businesses, call Centex Technologies at (254) 213 – 4740.

Necurs Botnet

By

On January 25, 2020

In Security

PDF Version: Necurs-Botnet

All You Need To Know About DevOps

By

On January 21, 2020

In Tech Buzz

As a term, DevOps is derived by combining two different terms- Dev and Ops. “Dev” is a vast term that covers all kinds of software developers and “Ops” includes system engineers, system administrators, operations staff, release engineers, network engineers, system security professionals, and various other sub-disciplines.

DevOps is a practice rather than a set of tools. It can be defined as a setup where the development and operations engineers work together through all the stages of a service lifecycle including design, development, production support, deployment, testing, and continuous improvement.

DevOps is essentially based upon a CAMS structure:

  • Culture: This practice requires the organization to build a culture where people and processes are top priorities. It focuses on the overall service that is delivered to the customer instead of the ‘working software’ only.
  • Automation: In order to implement the DevOps practice to its complete capabilities, it is essential to build an automated fabric of tools. Common tools that should be a part of this fabric are the tools for release management, provisioning, configuration management, systems integration, monitoring, control, and orchestration.
  • Measurement: Successful implementation of DevOps requires a team to regularly measure some metrics such as performance metrics, product metrics, and people metrics. Regularly measuring these metrics helps the team to make improvements, where required.
  • Sharing: Sharing of ideas is an important part of DevOps implementation. It involves a thorough discussion of problems between the development and operations teams to find common solutions.

Challenges Solved By DevOps:

In the absence of DevOps application development, a general development scenario includes:

  • A development team that is responsible for gathering business requirements for software and writing code.
  • A QA team that is responsible for testing the software in an isolated development environment and releasing the code for deployment by the operations team, if requirements are met.
  • A deployment team that is further fragmented into independent groups such as networking and database teams.

Since the teams functioned independently, new challenges are added whenever software is pushed from one phase to another. Some of the challenges arising from this setup are:

  • The development team is unaware of the problems faced by the QA and Operations teams which may prevent the software from functioning as required.
  • QA and operations teams have little information about the business purpose and value that formed the basis of software development.
  • Each team has independent goals that may contradict each other leading to reduced efficiency.

DevOps application development helps in integrating the teams and thus, overcoming these challenges. It establishes cross-functional teams that run in collaboration to maintain the environment that runs the software.

For more information on DevOps, call Centex Technologies at (254) 213 – 4740.

A Comprehensive Guide To Continuous Deployment

By

On January 14, 2020

In Security

Continuous Deployment is the practice of releasing software on production servers continuously in an automated manner. Before a software is released, it needs to be thoroughly tested for ensuring that it is free from any bugs and errors. In the case of continuous deployment, the testing is done by using a testing software instead of manual testing. If the code is found to be free from errors, it is automatically deployed. The automation of the release of the software helps software development organizations in ensuring that the software updates reach the end-users as soon as possible with a minimum lag time.

One of the primary requirements for continuous deployment is to implement a series of other automated programs that can pull the software seamlessly through later stages of development into release. These stages of development include compiling and validation of source code, reviewing the code, unit testing, integration testing, packaging the application and user acceptance testing.

How Is Continuous Deployment Different From Continuous Integration And Continuous Delivery?

Continuous deployment takes continuous delivery a step further, which is generally perceived as furtherance of continuous integration. In order to understand the difference, it is important to understand the terms individually:

  • Continuous Integration: It is a technique that continually merges the source code from different developers into a shared mainline. This helps in avoiding cataclysmic merge conflicts as new source code is regularly added by various developers.
  • Continuous Delivery: This technique adds a step to continuous integration. It takes the merged code and conducts the necessary tests to ensure that the code is error-free. Thus, in this technique, the code is written, tested and pushed into a production-like environment. The software stays in the holding area until a developer manually pushes it for deployment.

Continuous Deployment reduces the hold time of continuous delivery by taking it a step further. Once the software code is created, tested and pushed into the production-like environment to see how it would perform in the real-time environment; the code is deployed automatically without any manual interference.

Stages Of Continuous Deployment Pipeline

  1. Deploy To Production: In this step, developers need to deploy the software in a production environment without releasing the functionality to end-users. Also, it is important to implement a system that allows you to toggle between the old & new versions.
  2. Verify: During this stage, various tests are performed including user acceptance, stress test, performance test, etc.
  3. Monitor: Monitor the deployed code as per your business metrics to gain insights for strategic business outcomes. Make sure that the code works as desired in the production environment and make the changes as required.
  4. Respond & Recover: After the software is released, it is important to keep a check for unforeseen issues. Manage a system for proactively detecting problems before they are detected by end-users and recover from these problems by providing fixes or patches.

For more information on continuous deployment, call Centex Technologies at (254) 213 – 4740.

Drones In Healthcare

By

On December 27, 2019

In Uncategorized

A drone can be defined as an unmanned aircraft that is guided either by remote control or by the computers mounted on it. Although drones have been used for years, there has been a sudden rise in their application. This can be owed to the invent of new technology and the accessibility of this technology to the public. Among other industries, drones have found applications in the healthcare sector as well.

In lieu of the newly found applications, there has been an increase in businesses investing in the production and marketing of drones for healthcare. Following are some of the common uses of drones in healthcare:

Public Health & Medical Investigation: Drones equipped with the specialty cameras and recorders pose as a low-cost mode of conducting surveillance of biological/chemical hazards, disease spread, number of patients in need of support due to an epidemic, etc. Drones have the ability to gather real-time data which helps in improving the efficiency of healthcare response teams in affected areas.

Telemedicine: It is an emerging branch of healthcare. The term is used for the remote diagnosis and treatment of patients by employing telecommunication technology. As the efficiency of telemedicine depends upon network availability, drones are being used to establish Instant Telecommunication Infrastructure (ITI). This helps in pre- and post-operative observation of patients, telementoring of surgeries in remote areas.

Medical Transport Systems: Drones are being used as efficient medical transport systems due to their ability to reduce the response time and travel across otherwise unpassable terrains.  The drones are used to carry medical aids such as poison antidotes, oxygen masks, transplant organs, medicines, etc. Drones also help in delivering blood samples to a fully equipped laboratory in a short period of time. This is particularly helpful in high traffic areas or rural areas, where human transportation may take time due to poor construction facility.

Ambulance Drones: Ambulance drones are used to tackle emergency situations such as cardiac arrest where chances of patients’ survival decrease with every passing minute. The emergency support teams send out these drones which are equipped with a cardiac defibrillator and 2-way communication (radio & video) channel. The drone is used to instruct the bystanders on how to use the automated defibrillator, steps to perform CPR and keep an eye on patients’ symptoms until the healthcare team reaches the physical location.

As technology is improving, the applications of drones in the healthcare industry are becoming more deep-rooted.

For more information on drones in the healthcare industry, call Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)