ReSharper Ultimate 2018.3 Available

JetBrains work hard to make .NET coders happy - learn more about the latest and last 2018 update of popular tool
20 December 2018   1001

JetBrains released last 2018 update for its .NET tools. In particular, the ReSharper Ultimate  received automatic annotation of arguments and definition of the code format, as well as TypeScript 3.0 support and earlier - Visual Studio 2019.

When calling methods, the code editor now annotates the value of the argument with the parameter name. This allows you to better understand what it is responsible for.

The developers have configured automatic detection and "alignment" of the code format. In addition, there was an autodetection of the style of the names used. Typically, ReSharper follows the naming conventions proposed by Microsoft. However, now, if the developer deviates from them, the editor himself adapts to the new principles and does not display warnings about the mismatch of names.

To simplify unit testing, the JetBrains team added a set of code verification methods with quick edits and tips for further actions depending on the context. In order for ReSharper to comply with information processing standards (FIPS, USA), the developers abandoned the md5 hashing algorithm and eliminated all cases of its use in the editor code.

Other key features:

  • ReSharper C ++: improved code refactoring, support for C ++ / CLI, work of Go to Declaration and Search Everywhere commands, error detection in templates.
  • dotCover: improved filter system. Now they are divided into two groups - runtime filters and result filters.
  • dotTrace: added tool integration to JetBrains Rider. Now you can configure and run profiling sessions, take snapshots and analyze them in the built-in viewer.
  • dotMemory: added a new condition for snapshot - if the amount of memory used exceeds a certain number of megabytes.
  • dotPeek: added support for decompiling more C # 7.x functions and copying the fully qualified name (FQN) character to the clipboard.

Get more info at official blog

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1639

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.