Google Project Zero to Discover Ghostscript Vulnerability

Users of popular Linux distributers pre-installed apps are under the thread
23 August 2018   1467

Researchers from Google Project Zero reported a vulnerbility in the Ghostscript - open-source interpreter for PostScript and PDF files. An attacker can gain access to applications and servers that work with meentioned software. There is no patch for the vulnerability, therefore, experts recommend turning off all crypters for .PS, .EPS, .PDF and .XPS by default in the policy.xml file.

Employee of the Google Division Tavis Ormandy said that the security hole exploits ways to bypass the isolated environment -dSAFER, through which cybercriminals can send a victim a file with malicious code. When a vulnerable version of Ghostscript opens such a file, the code contained in it will be executed, which will give an opportunity to take control over the management of applications and servers.

The vulnerability has already been confirmed by the developers of the interpreter - Artifex Software, and it does not have its own CVE-identifier yet.

Users of the ImageMagick, Evince and GIMP are at risk. These set of apps are included in many Linux distributions: RedHat, SUSE, Ubuntu, Fedora, FreeBSD, Debian, CentOS. Tavis Ormandi on Twitter to disable Ghostscript encoders for files with .PS, .EPS, .PDF and .XPS extensions in the policy.xml document:

Binance X Devs' Plaform to be Laucnhed

Binance believe their new platform will allow developers to “learn”, “collaborate” and “grow”
30 August 2019   473

The largest (in terms of trading volume) exchange Binance launched the Binance X initiative, in which it intends to attract third-party developers to create open source projects based on its own ecosystem.

Binance offers developers to “learn”, “collaborate” and “grow”. For training, there are already libraries with technical documentation that are constantly updated and contain tips. It should be noted, that, for example, the exchange's "SDKs" are available in: C++, Golang, Java, .NET, Node, PHP and Python. The exchange will also provide the necessary channels for communication between third-party developers and members of the Binance team, not only online, but also in real life; at the same time, the company offers various programs under which projects will receive financial and expert support at various stages of development.

Binance Ecosystem
Binance Ecosystem

40 projects have already been involved in the Binance X Fellowship Program initiative, including Burner Wallet, GoBNB, OP_SECURETHEBAG and others.