Browser Download Bomb Attack Returned

As reported, Firefox, Opera, Vivaldi and Brave and Chrome are under thread
05 July 2018   321

The release of the Chrome 67 browser has again opened a security hole that allows attackers to run so-called "downloa bombs" that was fixed in the Chrome 65. According to Bleeping Computer, vulnerabilities are also susceptible to the Firefox, Opera, Vivaldi and Brave.

What is the "download-bombs"?

Attackers use the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to force the browser to load one file at such a rate that the CPU load rises to 100% in 5-10 seconds. As a result, the program interface stops and the user can not close the browser or open another tab:

Download Bomb
Download Bomb

This attack is used by fake support sites that intimidate their victims with reports that data is being stolen from their computer, and to solve the problem it is necessary to report to the specified number.

Who is under threat?

After correcting the error in the version of Chrome 65.0.3325.70, it again appeared in the update on June 12, 2018 under the number 67.0.3396.87. And this time the threat is more serious: according to experts from Malwarebytes, Firefox is also at risk.

In addition, Bleeping Computer tested the proof-of-concept (PoC) code for Chrome and Firefox in other browsers and came to the conclusion that "download-bombs" also work in Vivaldi and Brave. Opera, unlike the others, did not freezed totally after the exploit and even allowed to switch the tab, but the working of PoC-page did not allow the interface to work properly, and the browser had to be closed through the "Task Manager".

According to the results of testing only Microsoft Edge and Internet Explorer were resistant to this attack.

AngularJS to Angular Migration Tools to be Released

New tools are called ngMigration Assistant and ngMigration Forum
17 August 2018   156

The JS-development team AngularJS has released two customers' "helper" - ngMigration Assistant and Forum. The tools show which migration from AngularJS to Angular is correct, how to simplify the process as much as possible and avoid mistakes.

ngMigration Assistant is a command-line tool that analyzes any AngularJS application, regardless of size, and recommends an optimal migration path. It provides statistics on the complexity, size, and patterns of an app. Based on this data, the program offers a list of clear recommendations that simplify the transition from AngularJS to Angular, taking into account the size and complexity of the code.

You can find an example of using the ngMigration Assistant for the AngularJS phone catalog application below. Using the ngma command, registered in the directory, analysis is performed and recommendations are written.

Displaying ngMigration Assitant statistics
Displaying ngMigration Assitant statistics

Initially, the tool shows statistics of the available data, and after - the stages of preparation for migration to Angular.

NgMigration Assitant Recommendations
NgMigration Assitant Recommendations

The new ngMigration Forum collects up-to-date information on migration paths and tools that provide the transition from AngularJS to Angular. ngMigration Forum is a place for sharing experiences, solving problems and asking questions.

The last update of Angular 6.1 was released in late July 2018. In Angular, support for TypeScript 2.8 and 2.9 was added, as well as the ability to configure the router to store and restore the scrolling position