JetBrains to Update ReSharper Ultimate

As reported, ReSharper and other .NET tools have just become even more 'Ultimate'
22 August 2018   1126

The JetBrains team announced the release of a new version of the .NET-tools family of add-ons - ReSharper Ultimate 2018.2. In particular, the update of ReSharper has been supported by C # 7.3, built-in spell checker and several new navigation features.

Main features of ReShaper Ultimate 2018.2:

  • Performance improvements: Developers made about 30 performance fixes in different parts of ReSharper, from speeding up EditorConfig support to decreasing solution loading times. 
  • C# 7.3 support: ReSharper finally supports all features from the latest C# 7.3. New inspections and appropriate quick-fixes are here to make your code C# 7.3 compatible.
  • JSLint, ESLint, and TSLint support: These three great static analysis tools have been integrated into JavaScript/TypeScript code analysis to provide additional inspections and corresponding quick-fixes.
  • Integrated spell checking with ReSpeller: 2018.2 comes with spell-checking functionality out of the box, enabled for most of the supported languages.

ReSpeller
ReSpeller

  • Initial Blazor support: Even though Blazor is declared experimental for now, team added initial support for this promising framework in ReSharper. For instance, code completion includes all the possible directives, e.g. page (routing), inject (service injection), and function (component members).
  • The Parameter Info popup and the Summary tooltip for IntelliSense: When using code completion in C# or VB.NET, ReSharper displays parameter types and method return types in a different color, making it easier to visually identify method overloads.
  • Navigation improvements: Now you can exclude files by mask from all Search & Navigation features, and find function signatures copied from dotTrace’s or Visual Studio’s call stack view in Search EverywhereFile StructureContaining Declaration, and Next/Previous Members now take local functions into account.
  • The formatter engine update: Comments in a code file that override formatter settings can be generated automatically. The presentation for formatting rules which come from a StyleCop configuration file has been improved.
  • Refactorings UI update: Several ReSharper refactorings have been moved to the new presentation framework, which will yield many benefits in the coming future thanks to a unified control behavior for ReSharper and Rider. As for visible UI changes, most noticeable ones are code completion available in Change Signature and a better presentation for Extract Method.
  • Other features: Fix-in-scope quick-fixes now have more granular fixing scopes; the code style for Built-in Type has been improved; there’s a new option to execute BeforeBuild and AfterBuild targets for skipped projects in ReSharper Build; and a new inspection was added to highlight misplaced text in XAML.

In addition to ReSharper, the tool family includes ReSharper C ++, dotMemory, dotTrace, dotCover, and dotPeek.

  • ReSharper C ++: Support for C ++ / CLI, C ++ 17 and C ++ 20.
  • dotCover: Integration with the JetBrains Rider IDE and the use of an internal tool to run from the command line as an extension for dotnet.exe.

dotCover
dotCover

  • dotTrace: Performance improvements and the .NET process filter.

dotTrace
dotTrace

  • dotMemory: profiling project launch configurations and an improved timeline for memory allocation.

dotMemory
dotMemory

  • dotPeek: Improved type support with methods without implementation.

Shortly before the release of ReSharper Ultimate 2018.2, the version of Microsoft Visual Studio 2017 15.8 was released. It had received a lot of new fuctions. 

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1559

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.